9902345291
chore(rubocop): giganto rubocop commit.
...
muahahahah
2017-12-05 18:46:21 -06:00
f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
ca9ddb6a14
bug(rails): fix incompatibility with Rails 5
2017-09-18 20:08:02 -05:00
c310273606
upgrade(rails 5): change before_filter to before_action
2017-01-19 13:59:14 -06:00
7f5af27478
removed comments and Fixed Issue #184
2016-04-19 08:43:18 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
b5c202ef40
Resolves issue #138
2014-07-11 06:38:36 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
77fcf26abd
working on a tutorial for the scope injection / sql injection
2014-04-17 20:51:16 -04:00
5bb9c75f06
Added fix for Analytics SQLi
2014-04-17 20:05:07 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
53dcc75f74
I think there was a subtle bug in the intentional security bypass within the admin controller
2013-11-14 15:05:00 -05:00
235b6418d0
A7 adding before filter to see if admin or admin_id is 1
2013-11-13 19:35:12 -05:00
4be667b606
working
2013-11-13 19:02:37 -05:00
91e6797b40
adding broken functionality for A7
2013-11-13 18:23:38 -05:00
089e9540ac
finished admin filter and write-up for issue #6
2013-06-04 11:49:59 -04:00
06dce1f8b2
I believe this has resolved the dependent destruction and we can close issue #18
2013-06-02 13:08:56 -04:00
0319cc4768
added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this
2013-06-01 00:19:07 -04:00
6199beb780
we are going to fix this by automatically generating data for ppl that register HOWEVER, just in case that fails for some reason, I have applied a filter that ensures if some data is not associated with a person they cannot navigate to all aspects of the application. This is a preventive measure
2013-05-31 19:02:00 -04:00
0d841124f5
assigned a user id, does not "appear" to have screwed anything up
2013-05-24 15:25:06 -04:00
31ce6ab1b5
test
2013-05-24 13:19:44 -04:00
b2e2a1b4b0
moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users
2013-05-21 00:42:56 -04:00
bd95958f17
added delete button
2013-05-20 22:21:00 -04:00
4337cb9a46
made sure the table refreshes after an update
2013-05-20 17:35:24 -04:00
5fd72fcd6f
update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring
2013-05-20 16:31:59 -04:00
f7dbc482bb
added a table to manage users
2013-05-17 14:08:18 -04:00
a279d06b4c
created admin controller
2013-05-17 10:25:56 -04:00
Joseph Mastey