search for: _csrf_token

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

...the one redirected to), accessing the flash returns an empty hash, but the flash is stored and visible in the session. (rdb:21) session {:user_credentials=>"...", :session_id=>"...", :user_credentials_id=>1, :flash=>{:notice=>"Twitter status updated"}, :_csrf_token=>"..."} (rdb:21) session[:flash] {:notice=>"Twitter status updated"} (rdb:21) flash {} Looking at the source for flash in actionpack-2.3.8/lib/ action_controller/flash.rb, the difference is that the key is stored as a string and not a symbol. How could that disparity occu...

...;{"login"=>"some-login-id", "password"=>"some-password"}}) >> app.get ''/some_other_path_that_only_works_if_logged_in'' >> pp app.response.body I''ve been able to get session info: >> app.session => {"_csrf_token"=>"1yAn0jI4VWzUH84PNTH0lVhjpY98e9echQGS4=", "session_id"=>"89984667d30d0fec71f2a5cbb9017e24"} I''ve tried everything I can think of to try to get to current_user via app and app.session, but no luck. How can I access current_user? -- You receiv...

Greetings all, newbie to CentOS here. Also newbie to 64 bit installs. Package Manager problem: I found a yumex, which is not part of the 64 bit install, but it wants a way older version of python-2.4 whereas we have 2.6.6-something after the post install upgrade. 1st Question: Is there anything that can be done about this? Or is there something better, like a 64 bit synaptic to replace