sprinkle some to_s paranoia on params where it matters

app/controllers/application_controller.rb

@@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
 
   def authenticate_user
     if session[:u]
-      @user = User.find_by_session_token(session[:u])
+      @user = User.find_by_session_token(session[:u].to_s)
     end
 
     true

app/controllers/comments_controller.rb

@@ -17,7 +17,7 @@ class CommentsController < ApplicationController
     comment.story_id = story.id
     comment.user_id = @user.id
 
-    if params[:parent_comment_short_id]
+    if params[:parent_comment_short_id].present?
       if pc = Comment.find_by_story_id_and_short_id(story.id,
       params[:parent_comment_short_id])
         comment.parent_comment_id = pc.id

app/controllers/login_controller.rb

@@ -15,8 +15,9 @@ class LoginController < ApplicationController
   end
 
   def login
-    if (user = User.where("email = ? OR username = ?", params[:email],
-    params[:email]).first) && user.try(:authenticate, params[:password])
+    if (user = User.where("email = ? OR username = ?", params[:email].to_s,
+    params[:email].to_s).first) &&
+    user.try(:authenticate, params[:password].to_s)
       session[:u] = user.session_token
       return redirect_to "/"
     end
@@ -31,8 +32,8 @@ class LoginController < ApplicationController
   end
 
   def reset_password
-    @found_user = User.where("email = ? OR username = ?", params[:email],
-      params[:email]).first
+    @found_user = User.where("email = ? OR username = ?", params[:email].to_s,
+      params[:email].to_s).first
 
     if !@found_user
       flash.now[:error] = "Invalid e-mail address or username."
@@ -50,13 +51,13 @@ class LoginController < ApplicationController
     @title = "Reset Password"
 
     if params[:token].blank? ||
-    !(@reset_user = User.find_by_password_reset_token(params[:token]))
+    !(@reset_user = User.find_by_password_reset_token(params[:token].to_s))
       flash[:error] = "Invalid reset token.  It may have already been " <<
         "used or you may have copied it incorrectly."
       return redirect_to forgot_password_url
     end
 
-    if !params[:password].blank?
+    if params[:password].present?
       @reset_user.password = params[:password]
       @reset_user.password_confirmation = params[:password_confirmation]
       @reset_user.password_reset_token = nil

app/controllers/messages_controller.rb

@@ -96,7 +96,7 @@ class MessagesController < ApplicationController
 
 private
   def find_message
-    if @message = Message.find_by_short_id(params[:message_id ] || params[:id])
+    if @message = Message.find_by_short_id(params[:message_id] || params[:id])
       if (@message.author_user_id == @user.id ||
       @message.recipient_user_id == @user.id)
         return true

app/controllers/search_controller.rb

@@ -5,12 +5,12 @@ class SearchController < ApplicationController
 
     @search = Search.new
 
-    if params[:q].present?
-      @search.q = params[:q]
+    if params[:q].to_s.present?
+      @search.q = params[:q].to_s
       @search.what = params[:what]
       @search.order = params[:order]
 
-      if params[:page]
+      if params[:page].present?
         @search.page = params[:page].to_i
       end
 

app/controllers/signup_controller.rb

@@ -14,7 +14,7 @@ class SignupController < ApplicationController
       return redirect_to "/"
     end
 
-    if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
+    if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
       flash[:error] = "Invalid or expired invitation"
       return redirect_to "/signup"
     end
@@ -28,7 +28,7 @@ class SignupController < ApplicationController
   end
 
   def signup
-    if !(@invitation = Invitation.find_by_code(params[:invitation_code]))
+    if !(@invitation = Invitation.find_by_code(params[:invitation_code].to_s))
       flash[:error] = "Invalid or expired invitation."
       return redirect_to "/signup"
     end

app/controllers/stories_controller.rb

@@ -83,10 +83,10 @@ class StoriesController < ApplicationController
 
     @story = Story.new
 
-    if !params[:url].blank?
+    if params[:url].present?
       @story.url = params[:url]
 
-      if !params[:title].blank?
+      if params[:title].present?
         @story.title = params[:title]
       end
     end