Skip to content
Permalink
Browse files

Fix CVE-2015-9284

  • Loading branch information...
sigmike committed Aug 24, 2019
1 parent 425f90c commit e56ce72b63b2d2a065fc6111e19bd586472e2ae2
Showing with 6 additions and 1 deletion.
  1. +1 −0 Gemfile
  2. +4 −0 Gemfile.lock
  3. +1 −1 app/views/devise/sessions/new.html.haml
@@ -43,6 +43,7 @@ end
gem 'devise'
gem 'test_after_commit', :group => :test # https://github.com/plataformatec/devise/blob/master/CHANGELOG.md#410
gem 'omniauth'
gem 'omniauth-rails_csrf_protection', '~> 0.1'
gem 'omniauth-github', git: 'https://github.com/alexandrz/omniauth-github.git', branch: 'provide_emails'
gem 'cancancan'
gem 'twitter_bootstrap_form_for', git: 'https://github.com/stouset/twitter_bootstrap_form_for.git'
@@ -271,6 +271,9 @@ GEM
omniauth-oauth2 (1.4.0)
oauth2 (~> 1.0)
omniauth (~> 1.2)
omniauth-rails_csrf_protection (0.1.2)
actionpack (>= 4.2)
omniauth (>= 1.3.1)
orm_adapter (0.5.0)
pg (0.20.0)
poltergeist (1.15.0)
@@ -440,6 +443,7 @@ DEPENDENCIES
octokit
omniauth
omniauth-github!
omniauth-rails_csrf_protection (~> 0.1)
pg
poltergeist
quiet_assets
@@ -14,7 +14,7 @@
- if devise_mapping.omniauthable?
%h4 Sign in with a provider
- resource_class.omniauth_providers.each do |provider|
= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider, origin: params[:return_url]), class: "btn btn-primary btn-block"
= link_to "Sign in with #{provider.to_s.titleize}", omniauth_authorize_path(resource_name, provider, origin: params[:return_url]), class: "btn btn-primary btn-block", method: :post
.col-md-4
%h4 Other options
= render "devise/shared/links"

0 comments on commit e56ce72

Please sign in to comment.
You can’t perform that action at this time.