Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed a security problem that would allow a user to navigate past aut…
…hentication process.
  • Loading branch information
lykaios committed May 2, 2012
1 parent d79045e commit b354109
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 32 deletions.
5 changes: 0 additions & 5 deletions app/assets/stylesheets/sqlcons.css.scss

This file was deleted.

9 changes: 9 additions & 0 deletions app/controllers/application_controller.rb
@@ -1,3 +1,12 @@
class ApplicationController < ActionController::Base
protect_from_forgery

private
#Check if user isn't signed in.
def validate_user
if user_signed_in?
else
redirect_to root_path
end
end
end
2 changes: 2 additions & 0 deletions app/controllers/sqlcons_controller.rb
@@ -1,5 +1,7 @@
class SqlconsController < ApplicationController
#qvarname means it has to do with query
#Make sure user is signed in before they can access application
before_filter :validate_user

# GET /sqlcons
# GET /sqlcons.json
Expand Down
27 changes: 8 additions & 19 deletions app/helpers/sqlcons_helper.rb
@@ -1,22 +1,11 @@
module SqlconsHelper

def incsection
if session[:tutsec] < session[:maxsec]
session[:tutsec] += 1
end
@qstring = "empty"
@qresults = nil

end

def incch
session[:tutch] += 1 if session[:tutch] < 2
session[:tutsec] = 1
end

def resetlesson
session[:tutsec] = 1
end


# def incsection
# if session[:tutsec] < session[:maxsec]
# session[:tutsec] += 1
# end
# @qstring = "empty"
# @qresults = nil
#
# end
end
3 changes: 0 additions & 3 deletions app/models/sqlcons.rb
@@ -1,6 +1,5 @@
class Sqlcons < ActiveRecord::Base
#This model contains the regexp for each individual lesson we go through.

def checkquery
#create a regexp object based on string we recieve from controller
#true makes for case insensitive matching
Expand All @@ -11,6 +10,4 @@ def checkquery
#Check if regexp was valid for lesson, and not a sqlinject attempt
return (qtext =~ reg && !(qtext =~ reg2))
end


end
5 changes: 0 additions & 5 deletions app/models/userlesson.rb
@@ -1,7 +1,2 @@
class Userlesson < ActiveRecord::Base

def self.update_lesson(user_id, chapter_completed)
#put update stmt here.

end
end

0 comments on commit b354109

Please sign in to comment.