Rails parameter whitelisting for controllers to increase security
License
nateware/accept_params
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
AcceptParams ============ This plugin adds parameter whitelisting, type checking, and validation at the controller level to a Rails application. While model-level validations are good for some situations, in most cases there are input parameters which are either not part or a model, or which you want to verify before executing lots of (potentially unsafe) code just to have your model raise an error. Examples include: * page numbers for pagination * search strings In addition, this plugin provides several extended capabilities which come in handy: * type checking of parameters (eg, integers vs strings) * automatic type casting of parameters (helps with plugins such as +will_paginate+) Example ======= # GET /channels # GET /channels.xml def index accept_params do |p| p.integer :page, :default => 1, :minvalue => 1 p.integer :per_page, :default => 50, :minvalue => 1 end end # POST /rating # POST /rating.xml def create accept_params do |p| p.namespace :rating do |p| p.integer :user_id, :required => true, :minvalue => 1 p.integer :rating, :required => true p.string :comments, :process => Proc.new(value){ my_value_cleaner(value) } end end @rating = Rating.new(params[:rating]) @rating.save # format/response code end # GET /players/1 # GET /players/1.xml def show accept_only_id @player = Player.find(params[:id]) respond_to do |format| format.html # show.html.erb format.xml { render :xml => @player } end end Copyright (c) 2008 Nate Wiger, http://drunkgenius.com. All Rights Reserved. This code is released under the Artistic License.
About
Rails parameter whitelisting for controllers to increase security
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published