Commit
- Loading branch information
There are no files selected for viewing
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,3 @@ | |||
| another showcase of rails apps vunlerability. | |||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong. 
dreamfall
Contributor
|
|||
| Github pwned. again :( | |||
| will you pay me for security audit? | |||
265 comments
on commit b839657
There was a problem hiding this comment.
Bravo!
There was a problem hiding this comment.
good job mate :)
you did the right thing in my opinion. no harm done but great way to get attention for a critical issue
There was a problem hiding this comment.
@oreoshake awesome tool +1
There was a problem hiding this comment.
There was a problem hiding this comment.
@Petah what were you thinking?
There was a problem hiding this comment.
LOL
There was a problem hiding this comment.
What an interesting discussion. Point of the matter is - the guy pointed out a vulnerability, some people decided it should be ignored (being a security issue that's a pretty big problem), so he made it even more obvious to the entire community and some people are putting him down for it. Absolute joke.
There was a problem hiding this comment.
Wow, now really, how much will it take to have also a register_globals -like functionality? =)
Seriously rails? :|
There was a problem hiding this comment.
@rishta you don't say? :D
There was a problem hiding this comment.
@rishta
Your comment lacks a certain level of understanding the joke.
Of course they are deprecated, because PHP - by design - is no more vulnerable to this sort of attacks. That was the whole point.
By not fixing these holes in a default installation, RoR now scores even lower than PHP of 5 years ago.
There was a problem hiding this comment.
@github, pretty please is there some way to turn off notifications from this thread without turning off all commit comment notifications?
There was a problem hiding this comment.
If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.
There was a problem hiding this comment.
If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.
But I like magic! David Blaine is soo cool
There was a problem hiding this comment.
@jberger I use Firebug: $('.del a').click() on notification page to get rid of approx 10 messages per hour from this thread :))
There was a problem hiding this comment.
wow
There was a problem hiding this comment.
Welcome to Rails :) If you aren't using attr_accessible Santa kills 3 kittens for every vulnerable model.
There was a problem hiding this comment.
wow
There was a problem hiding this comment.
There was a problem hiding this comment.
holy crap
There was a problem hiding this comment.
@larzconwell okay
There was a problem hiding this comment.
Pagination for the win..
There was a problem hiding this comment.
@larzconwell
1 there is 'mark all as read' button on notif. tab
2 Why you think clearing messages should help. I am 100% sure they have table for participating users and you will be there FOR EVERS
There was a problem hiding this comment.
Damnit, can't I go one day without having to see Michael Jackson?
There was a problem hiding this comment.
There was a problem hiding this comment.
Epic commit is epic!
There was a problem hiding this comment.
Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properply off? :/
There was a problem hiding this comment.
Рейлз розробник: секюріті? нє, не слихал!
(ukrainian)
There was a problem hiding this comment.
Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properly off? :/
Check the «Comments after me on commits» setting in your Notification Center.
There was a problem hiding this comment.
@Mithgol thanks!
There was a problem hiding this comment.
Wow, all these animated gifs make me feel like I'm on a 1996 Geocities page.
There was a problem hiding this comment.
@jfahrenkrug that's exactly what they're meant for... We're commenting on 1996's web applications' security issues :D
There was a problem hiding this comment.
Хомяков Ты крут )
There was a problem hiding this comment.
有意思
There was a problem hiding this comment.
好欢乐呀
There was a problem hiding this comment.
Egor Letov live!
There was a problem hiding this comment.
万火留= =
There was a problem hiding this comment.
已火留。。。
There was a problem hiding this comment.
😷
There was a problem hiding this comment.
What if someone introduced very hard to detect vulnerabilties in popular software packages and libraries by altering commits long ago in the history of the projects?
We'd never know.
What if this has already happened?
There was a problem hiding this comment.
Git is not centralized, everybody will notice that once he/she try to push to the repo since the SHA will not match.
There was a problem hiding this comment.
:-)
There was a problem hiding this comment.
Well, Egor deserves a cookie. Give it to him! Medium
There was a problem hiding this comment.
Egor for president!!!
There was a problem hiding this comment.
vulnerability
There was a problem hiding this comment.
Over four years now.. 😃
There was a problem hiding this comment.
💃
There was a problem hiding this comment.
2017, comment for every year so far.
There was a problem hiding this comment.
2018
There was a problem hiding this comment.
2019, and no, I'm not sorry for sending a notification to thousands of people about this.
There was a problem hiding this comment.
- Sorry not sorry.
There was a problem hiding this comment.
- lol.
There was a problem hiding this comment.
?
There was a problem hiding this comment.
2022!
There was a problem hiding this comment.
2022!
why the necro post? 🤣
There was a problem hiding this comment.
why the necro post? rofl
because too many things in programming don't get old.
There was a problem hiding this comment.
🥠
There was a problem hiding this comment.
Hey what up
There was a problem hiding this comment.
still goated from 2024
He can hack...but can he spell?