Skip to content

Commit

Permalink
don't use dynamic render path, fixes brakeman security vuln
Browse files Browse the repository at this point in the history
  • Loading branch information
@orischwartz-gov
orischwartz-gov committed Mar 10, 2016
1 parent fef7b26 commit 86a8779
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion app/controllers/errors_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 1,7 @@
class ErrorsController < ApplicationController
def show
status_code = params[:status_code]
render template: "errors/#{status_code}", status: status_code
template_name = status_code == "404" ? "errors/404" : "errors/500"
render template: template_name, status: status_code
end
end

0 comments on commit 86a8779

Please sign in to comment.