This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
merb-plugins / merb_param_protection
| name | age | message | |
|---|---|---|---|
| .. | |||
 |
LICENSE | Wed Jan 09 11:25:39 -0800 2008 | [lancecarlson@gmail.com] |
| |
README | Thu Jan 10 17:29:25 -0800 2008 | [lancecarlson@gmail.com] |
| |
Rakefile | Fri Feb 29 20:20:48 -0800 2008 | [ivey] |
| |
TODO | Thu Jan 10 17:32:40 -0800 2008 | [lancecarlson@gmail.com] |
 |
lib/ | Thu Jan 10 09:43:35 -0800 2008 | [lancecarlson@gmail.com] |
| |
log/ | Wed Jan 09 11:25:39 -0800 2008 | [lancecarlson@gmail.com] |
| |
script/ | Wed Jan 09 11:25:39 -0800 2008 | [lancecarlson@gmail.com] |
| |
spec/ | Wed Jan 09 22:33:53 -0800 2008 | [lancecarlson@gmail.com] |
README
merb_param_protection
=================
This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available
within the controller.
Setup:
The request sets:
params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }
Example 1: params_accessable
MyController < Application
params_accessible :post => [:title, :body]
end
params.inspect # => { :post => { :title => "ello", :body => "Want it" } }
So we see that params_accessible removes everything except what is explictly specified.
Example 2: params_protected
MyOtherController < Application
params_protected :post => [:status, :author_id]
end
params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }
We also see that params_protected removes ONLY those parameters explicitly specified.
