New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3012 #5239
Comments
Good one ;) |
I'm closing it (again). |
geez. github y u SO open?(if I append state=open it turns into open. w/o any 'activity' in the bottom. You are surely ones of those who should start using attr_accessible right away :) sorry for caused inconvinience) @drogus dat was just naughty testing. please close ticket. (I can do it by myself though :)) I am going to provide pull request shortly. IMHO rails should get configuration option like active_record.blacklist_attributes = %w{created_at updated_at} and in typical rails project during development process it should turn into active_record.blacklist_attributes = %w{created_at updated_at state user_id role_id *_id rating} Github, sorry for exploring your small bugs, I'm just overviewing security issues of rails. Be safe |
ALL UR ISSUES ARE BELONG TO US |
Please report this bug to GitHub here: https://github.com/contact. I'm pretty sure that they're not checking Rails issue for their site's bug. Thanks. |
LOL! :) Bender from Future.... Makes my day! :) Please report the bugs to GitHub.... |
Still shows up at the top of Closed Issues. |
Nice, opened this issue 1001 years |
踩 |
guy who made time travel possible: @homakov |
|
:D |
omg! rofl. |
That was classy! |
Wow. Just wow. So it just blindly updates any fields specified by the user? Someone skipped security 101... |
Bravo! ;-) |
Kudos, m8. |
like a bau5 |
顶起 |
碉堡了~, security problems should be treated seriously, sometimes you can't count everything on programmers. They are not all that smart to consider the security issue when busy with finishing stories..... |
too bad they don't acknowledge homakov proper behavior: report... no action? ... show it. White hat style. |
respect |
clap clap! |
If this doesn't deserve a defcon uberbadge (or at least a speaker slot), I don't know what does. |
I want to put some awesome picture or comment here to acknowledge this awesomeness, but I'm not clever enough. Still, awesome! :D |
@ali - perfect. |
Are there flying cars? |
看来protected attributes还真不好设置啊. github都中招了. |
This is awesome. |
Wow.. |
Great one. |
Glad to see that the date is still intact. Way to be a good sport GitHub! |
hahahaha |
love it |
|
good example to be aware of attr_accessible |
A year after this exploit (or is it a 1000 thousand years before? Congratulations on your great year @homakov! |
is github still on rails 2? or have they upgraded to rails 3? |
Nyccc....:) |
Title for sale, bros! It's gonna be there for next 999 years... |
OK, let's start placing bids. Mine will be $0.99/month |
Jajajajaja |
respect. another great year @homakov |
Seems like the date got fixed..... |
from 3012 with love
You should check it ... #5228
[CONTENT IS FOR SALE EITHER]
The text was updated successfully, but these errors were encountered: