3012 #5239

homakov · Mar 2, 2012

Hey. Where is a suicide booth?

from 3012 with love

You should check it ... #5228
[CONTENT IS FOR SALE EITHER]

Good one ;)

drogus · Mar 2, 2012

Good one ;)

I'm closing it (again).
@drogus was close it, but it still open.
github bug?

kennyj · Mar 2, 2012

I'm closing it (again).
@drogus was close it, but it still open.
github bug?

geez. github y u SO open?

(if I append state=open it turns into open. w/o any 'activity' in the bottom. You are surely ones of those who should start using attr_accessible right away :) sorry for caused inconvinience)

@drogus dat was just naughty testing. please close ticket. (I can do it by myself though :))

I am going to provide pull request shortly. IMHO rails should get configuration option like

active_record.blacklist_attributes = %w{created_at updated_at}

and in typical rails project during development process it should turn into

active_record.blacklist_attributes = %w{created_at updated_at state user_id role_id *_id rating}

Github, sorry for exploring your small bugs, I'm just overviewing security issues of rails. Be safe

homakov · Mar 2, 2012

geez. github y u SO open?

(if I append state=open it turns into open. w/o any 'activity' in the bottom. You are surely ones of those who should start using attr_accessible right away :) sorry for caused inconvinience)

@drogus dat was just naughty testing. please close ticket. (I can do it by myself though :))

I am going to provide pull request shortly. IMHO rails should get configuration option like

active_record.blacklist_attributes = %w{created_at updated_at}

and in typical rails project during development process it should turn into

active_record.blacklist_attributes = %w{created_at updated_at state user_id role_id *_id rating}

Github, sorry for exploring your small bugs, I'm just overviewing security issues of rails. Be safe

ALL UR ISSUES ARE BELONG TO US
#5238

homakov · Mar 2, 2012

ALL UR ISSUES ARE BELONG TO US
#5238

Please report this bug to GitHub here: https://github.com/contact. I'm pretty sure that they're not checking Rails issue for their site's bug. Thanks.

sikachu · Mar 2, 2012

Please report this bug to GitHub here: https://github.com/contact. I'm pretty sure that they're not checking Rails issue for their site's bug. Thanks.

LOL! :) Bender from Future.... Makes my day! :) Please report the bugs to GitHub....

jasdeepsingh · Mar 4, 2012

LOL! :) Bender from Future.... Makes my day! :) Please report the bugs to GitHub....

Still shows up at the top of Closed Issues.

benatkin · Mar 4, 2012

Still shows up at the top of Closed Issues.

Nice, opened this issue 1001 years

lenage · Mar 5, 2012

Nice, opened this issue 1001 years

踩

hlxwell · Mar 5, 2012

踩

guy who made time travel possible: @homakov

ghost · Mar 5, 2012

guy who made time travel possible: @homakov

watson · Mar 5, 2012

Stands up and applause

levhita · Mar 5, 2012

Stands up and applause

:D

krolow · Mar 5, 2012

:D

omg! rofl.

henvic · Mar 5, 2012

omg! rofl.

That was classy!

thejh · Mar 5, 2012

That was classy!

lockie · Mar 5, 2012

Wow. Just wow. So it just blindly updates any fields specified by the user? Someone skipped security 101...

RenaKunisaki · Mar 6, 2012

Wow. Just wow. So it just blindly updates any fields specified by the user? Someone skipped security 101...

Bravo! ;-)

wrzasa · Mar 6, 2012

Bravo! ;-)

Kudos, m8.

lastknight · Mar 6, 2012

Kudos, m8.

like a bau5

benatkin · Mar 6, 2012

like a bau5

顶起

twksos · Mar 7, 2012

顶起

碉堡了～, security problems should be treated seriously, sometimes you can't count everything on programmers. They are not all that smart to consider the security issue when busy with finishing stories.....

iambowen · Mar 7, 2012

碉堡了～, security problems should be treated seriously, sometimes you can't count everything on programmers. They are not all that smart to consider the security issue when busy with finishing stories.....

levhita · Mar 7, 2012

too bad they don't acknowledge homakov proper behavior: report... no action? ... show it. White hat style.

Dfred · Mar 7, 2012

too bad they don't acknowledge homakov proper behavior: report... no action? ... show it. White hat style.

respect

ghost · Mar 7, 2012

respect

clap clap!

ellisonleao · Mar 7, 2012

clap clap!

If this doesn't deserve a defcon uberbadge (or at least a speaker slot), I don't know what does.

steakknife · Mar 7, 2012

If this doesn't deserve a defcon uberbadge (or at least a speaker slot), I don't know what does.

I want to put some awesome picture or comment here to acknowledge this awesomeness, but I'm not clever enough. Still, awesome! :D

SnoFox · Mar 7, 2012

I want to put some awesome picture or comment here to acknowledge this awesomeness, but I'm not clever enough. Still, awesome! :D

ali · Mar 7, 2012

@ali - perfect.

SnoFox · Mar 7, 2012

@ali - perfect.

Are there flying cars?

Aelthien · Mar 7, 2012

Are there flying cars?

看来protected attributes还真不好设置啊. github都中招了.

dazuiba · Mar 8, 2012

看来protected attributes还真不好设置啊. github都中招了.

This is awesome.

mseymour · Mar 9, 2012

This is awesome.

Wow..

Braunson · Mar 30, 2012

Wow..

Great one.

tkaw220 · Mar 30, 2012

Great one.

Glad to see that the date is still intact. Way to be a good sport GitHub!

benatkin · Mar 30, 2012

Glad to see that the date is still intact. Way to be a good sport GitHub!

hahahaha

mhr · Apr 7, 2012

hahahaha

love it

pmq20 · Jun 24, 2012

love it

❤️

benatkin · Jun 24, 2012

❤️

good example to be aware of attr_accessible

nishanthan144 · Jan 10, 2013

good example to be aware of attr_accessible

A year after this exploit (or is it a 1000 thousand years before? 😄 ) I still find this interesting and important. May it serve as a warning and a lesson to all developers.

Congratulations on your great year @homakov!

guilhermesimoes · Mar 4, 2013

A year after this exploit (or is it a 1000 thousand years before? 😄 ) I still find this interesting and important. May it serve as a warning and a lesson to all developers.

Congratulations on your great year @homakov!

is github still on rails 2? or have they upgraded to rails 3?

benatkin · Mar 4, 2013

is github still on rails 2? or have they upgraded to rails 3?

Nyccc....:)

aditya-kapoor · Jun 3, 2013

Nyccc....:)

Title for sale, bros! It's gonna be there for next 999 years...

homakov · Jun 3, 2013

Title for sale, bros! It's gonna be there for next 999 years...

OK, let's start placing bids. Mine will be $0.99/month

killthekitten · Jun 20, 2013

OK, let's start placing bids. Mine will be $0.99/month

Jajajajaja

briandiaz · Oct 1, 2013

Jajajajaja

respect. another great year @homakov

remoharsono · Nov 9, 2013

respect. another great year @homakov

Seems like the date got fixed.....

Xethron · Jun 19, 2014

Seems like the date got fixed.....

drogus closed this Mar 2, 2012

kennyj closed this Mar 2, 2012

jasonmp85 referenced this issue Jul 27, 2012
Closed
Invert escape on templates #394

amacneil referenced this issue Mar 24, 2013
Closed
Guard all attributes by default #665

rails locked and limited conversation to collaborators Jun 19, 2014

rails/rails

Join GitHub today

3012 #5239

Comments

homakov commented Mar 2, 2012

This comment has been minimized.

drogus commented Mar 2, 2012

drogus closed this Mar 2, 2012

This comment has been minimized.

kennyj commented Mar 2, 2012

kennyj closed this Mar 2, 2012

This comment has been minimized.

geez. github y u SO open?

homakov commented Mar 2, 2012

geez. github y u SO open?

This comment has been minimized.

homakov commented Mar 2, 2012

This comment has been minimized.

sikachu commented Mar 2, 2012

This comment has been minimized.

jasdeepsingh commented Mar 4, 2012

This comment has been minimized.

benatkin commented Mar 4, 2012

This comment has been minimized.

lenage commented Mar 5, 2012

This comment has been minimized.

hlxwell commented Mar 5, 2012

This comment has been minimized.

ghost commented Mar 5, 2012

This comment has been minimized.

watson commented Mar 5, 2012

This comment has been minimized.

levhita commented Mar 5, 2012

This comment has been minimized.

krolow commented Mar 5, 2012

This comment has been minimized.

henvic commented Mar 5, 2012

This comment has been minimized.

thejh commented Mar 5, 2012

This comment has been minimized.

lockie commented Mar 5, 2012

This comment has been minimized.

RenaKunisaki commented Mar 6, 2012

This comment has been minimized.

wrzasa commented Mar 6, 2012

This comment has been minimized.

lastknight commented Mar 6, 2012

This comment has been minimized.

benatkin commented Mar 6, 2012

This comment has been minimized.

twksos commented Mar 7, 2012

This comment has been minimized.

iambowen commented Mar 7, 2012

This comment has been minimized.

levhita commented Mar 7, 2012

This comment has been minimized.

Dfred commented Mar 7, 2012

This comment has been minimized.

ghost commented Mar 7, 2012

This comment has been minimized.

ellisonleao commented Mar 7, 2012

This comment has been minimized.

steakknife commented Mar 7, 2012

This comment has been minimized.

SnoFox commented Mar 7, 2012

This comment has been minimized.

ali commented Mar 7, 2012

This comment has been minimized.

SnoFox commented Mar 7, 2012

This comment has been minimized.

Aelthien commented Mar 7, 2012

This comment has been minimized.

dazuiba commented Mar 8, 2012

This comment has been minimized.

mseymour commented Mar 9, 2012

This comment has been minimized.

Braunson commented Mar 30, 2012

This comment has been minimized.

tkaw220 commented Mar 30, 2012

This comment has been minimized.