Added new vulnerabilites, removed old comments.
This commit is contained in:
parent
e586386904
commit
0c3307d3ad
|
@ -1,3 +1,14 @@
|
|||
# Place all the behaviors and hooks related to the matching controller here.
|
||||
# All this logic will automatically be available in application.js.
|
||||
# You can use CoffeeScript in this file: http://coffeescript.org/
|
||||
|
||||
match = undefined
|
||||
pl = /\+/g # Regex for replacing addition symbol with a space
|
||||
search = /([^&=]+)=?([^&]*)/g
|
||||
decode = (s) -> decodeURIComponent(s.replace(pl, " "))
|
||||
query = window.location.search.substring(1)
|
||||
|
||||
window.urlParams = {}
|
||||
while (match = search.exec(query))
|
||||
urlParams[decode(match[1])] = decode(match[2])
|
||||
$ -> $("p[data-search-info]").html("You searched for lecturer: " + window.urlParams["lecturer"])
|
||||
|
|
|
@ -4,8 +4,7 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
private
|
||||
def kick_out
|
||||
flash[:error] = "You do not have access to this site."
|
||||
redirect_to root_url
|
||||
raise ActionController::RoutingError.new('Not Found')
|
||||
end
|
||||
|
||||
def logged_in_as_student
|
||||
|
|
|
@ -19,7 +19,6 @@ class GradesController < ApplicationController
|
|||
render :index_lecturer
|
||||
elsif logged_in_as_student
|
||||
if params[:lecturer]
|
||||
#FIX: @grades = Grade.joins(lecture: :lecturer).where("grades.student_id = #{current_user.id.to_s} AND users.login LIKE ?", "%#{params[:lecturer]}%")
|
||||
@grades = Grade.joins(lecture: :lecturer).where("grades.student_id = #{current_user.id.to_s} AND users.login LIKE '%#{params[:lecturer]}%'")
|
||||
else
|
||||
@grades = Grade.where(:student_id => current_user.id)
|
||||
|
|
|
@ -32,9 +32,6 @@ class UsersController < ApplicationController
|
|||
end
|
||||
elsif logged_in_as_lecturer
|
||||
@user = User.new(users_params)
|
||||
# FIX: do not allow creation of lecturers or admins
|
||||
# FIX: if not params[:role] == "student"
|
||||
# FIX: kick_out
|
||||
if @user.save
|
||||
flash[:success] = "Account registered!"
|
||||
redirect_to root_path
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
<td><%= grade.student.login %></td>
|
||||
<td><%= grade.grade %></td>
|
||||
<td>
|
||||
<!-- FIX: remove html_safe -->
|
||||
<% if grade.comment %>
|
||||
<%= grade.comment.html_safe %>
|
||||
<% end %>
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
<td><%= grade.student.login %></td>
|
||||
<td><%= grade.grade %></td>
|
||||
<td>
|
||||
<!-- FIX: remove html_safe -->
|
||||
<% if grade.comment %>
|
||||
<%= grade.comment.html_safe %>
|
||||
<% end %>
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
<p data-search-info></p>
|
||||
|
||||
<table class="w3-table w3-striped w3-bordered" style="margin: auto">
|
||||
<tr>
|
||||
<th>Lecturer</th>
|
||||
|
@ -12,7 +14,6 @@
|
|||
<td><%= grade.lecture.name %></td>
|
||||
<td><%= grade.grade %></td>
|
||||
<td>
|
||||
<!-- FIX: remove html_safe -->
|
||||
<% if grade.comment %>
|
||||
<%= grade.comment.html_safe %>
|
||||
<% end %>
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
Rails.application.config.action_dispatch.default_headers.clear
|
Loading…
Reference in New Issue