]> projects.mako.cc - selectricity/blobdiff - app/models/token.rb
fix security issue
[selectricity] / app / models / token.rb
index aa432d659de0ca723569c22e2a9fab3e7a167310..8bfecc40770854a111c3b3b10091e7f35cd85e9b 100644 (file)
@@ -23,7 +23,8 @@ class Token < ActiveRecord::Base
     super
 
     token_generator = UniqueTokenGenerator.new( 16 )
-    until not token.empty? and Token.find(:all, :conditions => [ "token = ?", token ]).empty?
+    until token and not token.empty? \
+      and Token.find(:all, :conditions => [ "token = ?", token ]).empty? and token[0..3] != "open"
       self.token = token_generator.token
     end
 

Benjamin Mako Hill || Want to submit a patch?