From c312bd5ebda8ec4d5fea1449d7615bb662bd90fa Mon Sep 17 00:00:00 2001
From: Patrick Gansterer <paroga@paroga.com>
Date: Sat, 8 Jul 2017 00:07:38 +0200
Subject: [PATCH] Fall back to default_scope if an invalid foodcoop is provided

Before this change foodsoft redirect to the last active foodcoop, when
an invalid foodcoop is provided. After this change the default_scope
will be used all the time to avoid data disclosure.
---
 app/controllers/application_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 55fd7fda..8323da7d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -172,6 +172,7 @@ class ApplicationController < ActionController::Base
           # Set Config and database connection
           FoodsoftConfig.select_foodcoop params[:foodcoop]
         rescue => error
+          FoodsoftConfig.select_foodcoop FoodsoftConfig.config[:default_scope]
           redirect_to root_url, alert: error.message
         end
       else