From d5b877f1d1287e9bf6781b17729ebe36b69d695c Mon Sep 17 00:00:00 2001
From: lykaios <nateallen89@hotmail.com>
Date: Sat, 28 Apr 2012 13:16:45 -0700
Subject: [PATCH] Minor bug fixes, graphical touch ups.

---
 app/controllers/home_controller.rb      | 2 +-
 app/controllers/sqlcons_controller.rb   | 3 +--
 app/models/sqlcons.rb                   | 2 +-
 app/views/sqlcons/show.html.erb         | 3 +--
 app/views/sqlcons/tutorials/qerror.html | 2 +-
 5 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index 525133a..10c643b 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -26,6 +26,6 @@ def jump_to_lesson
   #For use if users mess up their data, and want to reset it
   def reset_data
   	Dbq.db_reset(current_user.id)
-	render :index
+	redirect_to root_path	
   end
 end
diff --git a/app/controllers/sqlcons_controller.rb b/app/controllers/sqlcons_controller.rb
index 24498f0..3ac6f87 100644
--- a/app/controllers/sqlcons_controller.rb
+++ b/app/controllers/sqlcons_controller.rb
@@ -25,7 +25,6 @@ def fetchquery
   	sectionregex = Sqlcons.select(:regtext).where(:ch => session[:tutch], :sec => session[:tutsec]).first.regtext
   	@qmodel      = Sqlcons.new(:id => 1, :qtext=> @qstring, :regtext => sectionregex)
 
-
   	#Validate whether the query is valid
   	if @qmodel.checkquery
   	  #Call method to execute query
@@ -92,7 +91,7 @@ def append_query(p_qstring)
 	  #We have to modify where we place 'where_clause' based on the incoming 
 	  # SQL statment. Otherwise we create a syntax error
 	  if p_qstring =~ /(insert)/
-		ret_string = p_qstring.gsub /\)( )*([^)])/, ', ' + uid + ') \2'
+		ret_string = p_qstring.gsub /\)/, ', ' + uid + ') \2'
 	  else
 		tabname  = p_qstring[/(from)( )+([_a-z]+)( )*([_a-z]*)/, 3]
 		tabalias = p_qstring[/(from)( )+([_a-z]+)( )+([_a-z]*)/, 5]
diff --git a/app/models/sqlcons.rb b/app/models/sqlcons.rb
index 64963c8..ebf6bb1 100644
--- a/app/models/sqlcons.rb
+++ b/app/models/sqlcons.rb
@@ -5,7 +5,7 @@ def checkquery
 	#create a regexp object based on string we recieve from controller
 	reg = Regexp.new(regtext.to_s)
 	#regexp to make validate against common sqlinjection
-	reg2 = Regexp.new('(alter|drop|create|index|truncate|show|sqlcons|dbq|schema_migrations|;)')
+	reg2 = Regexp.new('(alter|drop|create|index|truncate|show|sqlcons|dbq|schema_migrations|;|union)')
 	
 	#Check if regexp was valid for lesson, and not a sqlinject attempt	
 	return (qtext =~ reg && !(qtext =~ reg2)) 
diff --git a/app/views/sqlcons/show.html.erb b/app/views/sqlcons/show.html.erb
index 4be3d5a..8b96a3f 100644
--- a/app/views/sqlcons/show.html.erb
+++ b/app/views/sqlcons/show.html.erb
@@ -1,6 +1,5 @@
-<!--
+<!-- -->
 Regtext = <%= @qmodel.regtext.to_s if @qmodel%> | Qtext = <%= @qstring if @qstring%> 
--->
 <!--Prints to screen the current tutorial view or error message-->
 <div class="span6">
 	<%= render :file => @lesson_name%>
diff --git a/app/views/sqlcons/tutorials/qerror.html b/app/views/sqlcons/tutorials/qerror.html
index 2d4a421..3f3974f 100644
--- a/app/views/sqlcons/tutorials/qerror.html
+++ b/app/views/sqlcons/tutorials/qerror.html
@@ -1,2 +1,2 @@
 <h3 class="error"> Your query didn't match this lessons statement. </h3>
-<h4 class="error"> Check the spelling of your query, or stop trying SQL injection </h4>
+<h4 class="error"> Check the spelling of your query or stop trying SQL injection </h4>