Skip to content

Commit

Permalink
Add sql injection
Browse files Browse the repository at this point in the history
  • Loading branch information
@machadoit
machadoit committed Sep 15, 2015
1 parent 159ab80 commit 0edca15
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions app/controllers/sessions_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ def new
end

def create
User.first(:conditions => "username = '#{params[:username]}'")
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
log_in user
Expand Down

0 comments on commit 0edca15

Please sign in to comment.