IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Possible SQL injection.

Browse Source
This commit is contained in:
Guo Xiang Tan
2016-07-18 15:35:12 +08:00
parent e99a73e16d
commit da21fad10b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/screened_ip_address.rb
View File

@@ -56,7 +56,7 @@ class ScreenedIpAddress < ActiveRecord::Base
# #
# http://www.postgresql.org/docs/9.1/static/datatype-net-types.html # http://www.postgresql.org/docs/9.1/static/datatype-net-types.html
# http://www.postgresql.org/docs/9.1/static/functions-net.html # http://www.postgresql.org/docs/9.1/static/functions-net.html
find_by("'#{ip_address.to_s}' <<= ip_address") find_by("? <<= ip_address", ip_address.to_s)
end end
def self.should_block?(ip_address) def self.should_block?(ip_address)