fixed SQL injection vulnerability

prodigasistemas · Aug 13, 2015 · 93a9a77 · 93a9a77
1 parent 9afbf9e
commit 93a9a77
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/curupira/passwords_controller.rb b/app/controllers/curupira/passwords_controller.rb
@@ -6,7 +6,7 @@ def new
   end
 
   def create
-    @user = User.find_by(params[:user])
+    @user = User.find_by(email: params[:user][:email])
     if @user.present?
       @user.deliver_reset_password_instructions!
       redirect_to new_session_path, notice: "Verifique seu email para receber instruções de recuperação de senha"