You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I can see that my previous XSS issue has been more or less ignored, so I don't know why I post this. Anyway, drafts are accessible by everyone which I do not think is what users of the script expect - here's a quick and dirty patch
diff --git a/app/controllers/blog_posts_controller.rb b/app/controllers/blog_posts_controller.rb
index 9b7a55c..7ccfdd6 100644
--- a/app/controllers/blog_posts_controller.rb
+++ b/app/controllers/blog_posts_controller.rb
@@ -32,6 +32,10 @@ class BlogPostsController < ApplicationController
def show
@blog_post = BlogPost.find(params[:id])
unless @blog_post.published == 1
require_admin
return
end
@blog_comment = @blog_post.blog_comments.new
The text was updated successfully, but these errors were encountered:
I can see that my previous XSS issue has been more or less ignored, so I don't know why I post this. Anyway, drafts are accessible by everyone which I do not think is what users of the script expect - here's a quick and dirty patch
diff --git a/app/controllers/blog_posts_controller.rb b/app/controllers/blog_posts_controller.rb
index 9b7a55c..7ccfdd6 100644
--- a/app/controllers/blog_posts_controller.rb
+++ b/app/controllers/blog_posts_controller.rb
@@ -32,6 +32,10 @@ class BlogPostsController < ApplicationController
def show
@blog_post = BlogPost.find(params[:id])
@blog_comment = @blog_post.blog_comments.new
The text was updated successfully, but these errors were encountered: