fix for Rails CVE-2012-5664

tslocke · Jan 2, 2013 · 81e9f64 · 81e9f64
1 parent 422cef8
commit 81e9f64
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/hobo/lib/hobo/controller/user_base.rb b/hobo/lib/hobo/controller/user_base.rb
@@ -110,7 +110,7 @@ def hobo_logout(options={})
 
     def hobo_forgot_password
       if request.post?
-        user = model.find_by_email_address(params[:email_address])
+        user = model.find_by_email_address(params[:email_address].to_s)
         if user && (!block_given? || yield(user))
           user.lifecycle.request_password_reset!(:nobody)
         end