From 5d3d3a68e72fa371b17ee48d2f1539ae15cb7e18 Mon Sep 17 00:00:00 2001
From: Yuki <aaron.ahmed.eve@gmail.com>
Date: Tue, 1 Sep 2015 18:44:31 +0530
Subject: [PATCH 1/4] Fix remote code execution exploit

---
 app/controllers/ajax/report_controller.rb | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/controllers/ajax/report_controller.rb b/app/controllers/ajax/report_controller.rb
index 7a8c53e2..e5d5fa9c 100644
--- a/app/controllers/ajax/report_controller.rb
+++ b/app/controllers/ajax/report_controller.rb
@@ -5,7 +5,7 @@ class Ajax::ReportController < ApplicationController
     @success = false
     render partial: "ajax/shared/status"
   end
-  
+
   def create
     params.require :id
     params.require :type
@@ -23,11 +23,20 @@ class Ajax::ReportController < ApplicationController
       return
     end
 
-    object = if params[:type] == 'user'
-               User.find_by_screen_name params[:id]
-             else
-               params[:type].strip.capitalize.constantize.find params[:id]
-             end
+    obj = params[:type].strip.capitalize
+
+    object = case params[:type].strip.capitalize
+      when 'User'
+        User.find_by_screen_name params[:id]
+      when 'Question'
+        Question
+      when 'Answer'
+        Answer
+      when 'Comment'
+        Comment
+      else
+        Answer
+      end
 
     if object.nil?
       @message = I18n.t('messages.report.create.not_found', parameter: params[:type])

From 4b891b3f70d9ef8bb223aad92273caf721098884 Mon Sep 17 00:00:00 2001
From: Yuki <aaron.ahmed.eve@gmail.com>
Date: Tue, 1 Sep 2015 18:44:50 +0530
Subject: [PATCH 2/4] Fix dangerous send exploit

---
 app/controllers/ajax/moderation_controller.rb | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/controllers/ajax/moderation_controller.rb b/app/controllers/ajax/moderation_controller.rb
index 636c1650..81576bf4 100644
--- a/app/controllers/ajax/moderation_controller.rb
+++ b/app/controllers/ajax/moderation_controller.rb
@@ -5,7 +5,7 @@ class Ajax::ModerationController < ApplicationController
     @success = false
     render partial: "ajax/shared/status"
   end
-  
+
   def vote
     params.require :id
     params.require :upvote
@@ -174,7 +174,19 @@ class Ajax::ModerationController < ApplicationController
     end
 
     @checked = status
-    target_user.send("#{params[:type]}=", status)
+    case params[:type].downcase
+      when 'blogger'
+        target_user.blogger = status
+      when 'contributor'
+        target_user.contributor = status
+      when 'translator'
+        target_user.translator = status
+      when 'supporter'
+        target_user.translator = status
+      when 'moderator'
+        target_user.translator = status
+      when 'admin'
+        target_user.translator = status
     target_user.save!
 
     @message = I18n.t('messages.moderation.privilege.checked', privilege: params[:type])

From becfced2d903a96ca0b78e3a56a87f84c09f3473 Mon Sep 17 00:00:00 2001
From: Yuki <aaron.ahmed.eve@gmail.com>
Date: Tue, 1 Sep 2015 18:45:45 +0530
Subject: [PATCH 3/4] CVE-2015-3226 + CVE-2015-3227 Fix Cross Site Execution in
 JSON keys and A possible XML Parsing DoS by updating to Rails 4.2.2

---
 Gemfile      |  2 +-
 Gemfile.lock | 82 ++++++++++++++++++++++++++--------------------------
 2 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/Gemfile b/Gemfile
index a5e5fed0..e19e6187 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 source 'https://rails-assets.org'
 
-gem 'rails', '4.2.1'
+gem 'rails', '4.2.2'
 gem 'rails-i18n'
 gem 'i18n-js'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index dd36bb00..b1a43dd8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -9,43 +9,43 @@ GEM
   remote: https://rails-assets.org/
   specs:
     CFPropertyList (2.3.1)
-    actionmailer (4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
+    actionmailer (4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.1)
-      actionview (= 4.2.1)
-      activesupport (= 4.2.1)
+    actionpack (4.2.2)
+      actionview (= 4.2.2)
+      activesupport (= 4.2.2)
       rack (~> 1.6)
       rack-test (~> 0.6.2)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    actionview (4.2.1)
-      activesupport (= 4.2.1)
+    actionview (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
       rails-html-sanitizer (~> 1.0, >= 1.0.1)
-    activejob (4.2.1)
-      activesupport (= 4.2.1)
+    activejob (4.2.2)
+      activesupport (= 4.2.2)
       globalid (>= 0.3.0)
-    activemodel (4.2.1)
-      activesupport (= 4.2.1)
+    activemodel (4.2.2)
+      activesupport (= 4.2.2)
       builder (~> 3.1)
-    activerecord (4.2.1)
-      activemodel (= 4.2.1)
-      activesupport (= 4.2.1)
+    activerecord (4.2.2)
+      activemodel (= 4.2.2)
+      activesupport (= 4.2.2)
       arel (~> 6.0)
-    activesupport (4.2.1)
+    activesupport (4.2.2)
       i18n (~> 0.7)
       json (~> 1.7, >= 1.7.7)
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     addressable (2.3.8)
-    arel (6.0.0)
+    arel (6.0.3)
     bcrypt (3.1.10)
     better_errors (2.1.1)
       coderay (>= 1.0.0)
@@ -213,7 +213,7 @@ GEM
     foreman (0.78.0)
       thor (~> 0.19.1)
     formatador (0.2.5)
-    globalid (0.3.5)
+    globalid (0.3.6)
       activesupport (>= 4.1.0)
     haml (4.0.6)
       tilt
@@ -243,7 +243,7 @@ GEM
       turbolinks
     jquery-ui-rails (5.0.3)
       railties (>= 3.2.16)
-    json (1.8.2)
+    json (1.8.3)
     kaminari (0.16.3)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -252,18 +252,18 @@ GEM
       addressable (~> 2.3)
     letter_opener (1.4.1)
       launchy (~> 2.2)
-    loofah (2.0.1)
+    loofah (2.0.3)
       nokogiri (>= 1.5.9)
     mail (2.6.3)
       mime-types (>= 1.16, < 3)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
-    mime-types (2.4.3)
+    mime-types (2.6.1)
     mini_portile (0.6.2)
-    minitest (5.6.0)
+    minitest (5.8.0)
     momentjs-rails (2.9.0)
       railties (>= 3.1)
-    multi_json (1.11.0)
+    multi_json (1.11.2)
     multipart-post (2.0.0)
     mysql2 (0.3.18)
     naught (1.0.0)
@@ -302,7 +302,7 @@ GEM
       cliver (~> 0.3.1)
       multi_json (~> 1.0)
       websocket-driver (>= 0.2.0)
-    rack (1.6.0)
+    rack (1.6.4)
     rack-pjax (0.8.0)
       nokogiri (~> 1.5)
       rack (~> 1.1)
@@ -310,23 +310,23 @@ GEM
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.1)
-      actionmailer (= 4.2.1)
-      actionpack (= 4.2.1)
-      actionview (= 4.2.1)
-      activejob (= 4.2.1)
-      activemodel (= 4.2.1)
-      activerecord (= 4.2.1)
-      activesupport (= 4.2.1)
+    rails (4.2.2)
+      actionmailer (= 4.2.2)
+      actionpack (= 4.2.2)
+      actionview (= 4.2.2)
+      activejob (= 4.2.2)
+      activemodel (= 4.2.2)
+      activerecord (= 4.2.2)
+      activesupport (= 4.2.2)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.1)
+      railties (= 4.2.2)
       sprockets-rails
     rails-assets-growl (1.2.5)
       rails-assets-jquery
     rails-assets-jquery (2.1.3)
     rails-deprecated_sanitizer (1.0.3)
       activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.6)
+    rails-dom-testing (1.0.7)
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
@@ -349,9 +349,9 @@ GEM
       remotipart (~> 1.0)
       safe_yaml (~> 1.0)
       sass-rails (>= 4.0, < 6)
-    railties (4.2.1)
-      actionpack (= 4.2.1)
-      activesupport (= 4.2.1)
+    railties (4.2.2)
+      actionpack (= 4.2.2)
+      activesupport (= 4.2.2)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     raindrops (0.13.0)
@@ -420,12 +420,12 @@ GEM
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
     spring (1.3.5)
-    sprockets (2.12.3)
+    sprockets (2.12.4)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.2.4)
+    sprockets-rails (2.3.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (>= 2.8, < 4.0)
@@ -533,7 +533,7 @@ DEPENDENCIES
   pghero
   poltergeist
   questiongenerator!
-  rails (= 4.2.1)
+  rails (= 4.2.2)
   rails-assets-growl
   rails-i18n
   rails_admin

From 8cbd85a89cd81f2f6aabacff0bfaeda07e97e2c9 Mon Sep 17 00:00:00 2001
From: Yuki <aaron.ahmed.eve@gmail.com>
Date: Tue, 1 Sep 2015 18:48:56 +0530
Subject: [PATCH 4/4] the copy paste is strong

---
 app/controllers/ajax/moderation_controller.rb | 25 ++++++++++---------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/app/controllers/ajax/moderation_controller.rb b/app/controllers/ajax/moderation_controller.rb
index 81576bf4..26889361 100644
--- a/app/controllers/ajax/moderation_controller.rb
+++ b/app/controllers/ajax/moderation_controller.rb
@@ -175,18 +175,19 @@ class Ajax::ModerationController < ApplicationController
 
     @checked = status
     case params[:type].downcase
-      when 'blogger'
-        target_user.blogger = status
-      when 'contributor'
-        target_user.contributor = status
-      when 'translator'
-        target_user.translator = status
-      when 'supporter'
-        target_user.translator = status
-      when 'moderator'
-        target_user.translator = status
-      when 'admin'
-        target_user.translator = status
+    when 'blogger'
+      target_user.blogger = status
+    when 'contributor'
+      target_user.contributor = status
+    when 'translator'
+      target_user.translator = status
+    when 'supporter'
+      target_user.supporter = status
+    when 'moderator'
+      target_user.moderator = status
+    when 'admin'
+      target_user.admin = status
+    end
     target_user.save!
 
     @message = I18n.t('messages.moderation.privilege.checked', privilege: params[:type])