Minor bug fixes, graphical touch ups.

lykaios · Apr 28, 2012 · d5b877f · d5b877f
1 parent 4388f6c
commit d5b877f
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 7 deletions.
diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
@@ -26,6 +26,6 @@ def jump_to_lesson
   #For use if users mess up their data, and want to reset it
   def reset_data
   	Dbq.db_reset(current_user.id)
-	render :index
+	redirect_to root_path	
   end
 end
diff --git a/app/controllers/sqlcons_controller.rb b/app/controllers/sqlcons_controller.rb
@@ -25,7 +25,6 @@ def fetchquery
   	sectionregex = Sqlcons.select(:regtext).where(:ch => session[:tutch], :sec => session[:tutsec]).first.regtext
   	@qmodel      = Sqlcons.new(:id => 1, :qtext=> @qstring, :regtext => sectionregex)
 
-
   	#Validate whether the query is valid
   	if @qmodel.checkquery
   	  #Call method to execute query
@@ -92,7 +91,7 @@ def append_query(p_qstring)
 	  #We have to modify where we place 'where_clause' based on the incoming 
 	  # SQL statment. Otherwise we create a syntax error
 	  if p_qstring =~ /(insert)/
-		ret_string = p_qstring.gsub /\)( )*([^)])/, ', ' + uid + ') \2'
+		ret_string = p_qstring.gsub /\)/, ', ' + uid + ') \2'
 	  else
 		tabname  = p_qstring[/(from)( )+([_a-z]+)( )*([_a-z]*)/, 3]
 		tabalias = p_qstring[/(from)( )+([_a-z]+)( )+([_a-z]*)/, 5]

diff --git a/app/models/sqlcons.rb b/app/models/sqlcons.rb
@@ -5,7 +5,7 @@ def checkquery
 	#create a regexp object based on string we recieve from controller
 	reg = Regexp.new(regtext.to_s)
 	#regexp to make validate against common sqlinjection
-	reg2 = Regexp.new('(alter|drop|create|index|truncate|show|sqlcons|dbq|schema_migrations|;)')
+	reg2 = Regexp.new('(alter|drop|create|index|truncate|show|sqlcons|dbq|schema_migrations|;|union)')
 
 	#Check if regexp was valid for lesson, and not a sqlinject attempt	
 	return (qtext =~ reg && !(qtext =~ reg2)) 

diff --git a/app/views/sqlcons/show.html.erb b/app/views/sqlcons/show.html.erb
@@ -1,6 +1,5 @@
-<!--
+<!-- -->
 Regtext = <%= @qmodel.regtext.to_s if @qmodel%> | Qtext = <%= @qstring if @qstring%> 
--->
 <!--Prints to screen the current tutorial view or error message-->
 <div class="span6">
 	<%= render :file => @lesson_name%>

diff --git a/app/views/sqlcons/tutorials/qerror.html b/app/views/sqlcons/tutorials/qerror.html
@@ -1,2 +1,2 @@
 <h3 class="error"> Your query didn't match this lessons statement. </h3>
-<h4 class="error"> Check the spelling of your query, or stop trying SQL injection </h4>
+<h4 class="error"> Check the spelling of your query or stop trying SQL injection </h4>