From ccbb729be6b3c1284cc7f74adb11f4ae91298d11 Mon Sep 17 00:00:00 2001
From: Valery Sizov <vsv2711@gmail.com>
Date: Wed, 13 May 2015 14:56:22 +0300
Subject: API vulnerability with MySQL

---
 lib/api/helpers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index d09af26..50df91a 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -14,7 +14,7 @@ module API
     end
 
     def current_runner
-      @runner ||= Runner.find_by_token(params[:token])
+      @runner ||= Runner.find_by_token(params[:token].to_s)
     end
 
     def authenticate!
-- 
cgit v1.2.1