kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Fix typo "can exploited" with "can be exploited"

Browse source
This commit is contained in:
Leo Gallucci 2013-05-01 16:56:33 -03:00
parent b014b4e8cf
commit 0960716d38
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
guides/source/security.md
View file

@ -268,7 +268,7 @@ def legacy
end end
``` ```
This will redirect the user to the main action if he tried to access a legacy action. The intention was to preserve the URL parameters to the legacy action and pass them to the main action. However, it can exploited by an attacker if he includes a host key in the URL: This will redirect the user to the main action if he tried to access a legacy action. The intention was to preserve the URL parameters to the legacy action and pass them to the main action. However, it can be exploited by an attacker if he includes a host key in the URL:
``` ```
http://www.example.com/site/legacy?param1=xy&param2=23&host=www.attacker.com http://www.example.com/site/legacy?param1=xy&param2=23&host=www.attacker.com