fixed security issue

2025-09-06 05:04:35 +08:00 · 2016-09-13 13:57:31 +02:00 · 2016-09-13 13:57:31 +02:00 · 7c363d5ade
commit 7c363d5ade
parent 3d5a42cc27
1 changed files with 1 additions and 0 deletions
--- a/app/controllers/results_controller.rb
+++ b/app/controllers/results_controller.rb
@ -34,6 +34,7 @@ class ResultsController < ApplicationController

  def load_vars
    @result = Result.find_by_id(params[:id])
+    return render_403 unless @result
    @my_module = @result.my_module
  end