team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Undid my find/first fix

Browse Source
This commit is contained in:
Al Snow
2014-09-17 14:11:01 -04:00
parent 1d3540dbb2
commit d6a6864f73
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/users_controller.rb
+1 -2
View File
@@ -31,8 +31,7 @@ class UsersController < ApplicationController
# Still an Insecure DoR vulnerability # Still an Insecure DoR vulnerability
#user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"]) #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
#user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'") user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
user = User.where("user_id == '#{params[:user][:user_id]}'").first
if user if user
user.skip_user_id_assign = true user.skip_user_id_assign = true
user.skip_hash_password = true user.skip_hash_password = true