but ultimately due to developer not performing due diligence checks on the input fields.

UPDATE: http://dev.rubyonrails.org/ticket/8371