wycats / merb-plugins

Branches (3)
- extlib
- master
- sprint
Tags (12)
- v0.9.8
- v0.9.7
- v0.9.6
- v0.9.5
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.9.0
- 0.9.12
- 0.9.11
- 0.9.10

Merb Plugins: Even more modules to hook up your Merb installation — Read more

http://www.merbivore.com

This URL has Read+Write access

Prep 0.9.2

ivey (author)

Mon Mar 24 20:52:05 -0700 2008

commit 65c1ccb8a2a02a7c3c36720244b560d728daa3a6
tree fbc383e2cfe0ceea261151cec4c2806be869a857
parent 969f44bd2efd5c8af26aa7a93a24e63711073d0b

merb-plugins / merb_param_protection

	name	age	history message
	..
	LICENSE		Loading commit data...
	README
	Rakefile
	TODO
	lib/
	log/
	script/
	spec/

merb_param_protection/README

merb_param_protection
=================

This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available 
within the controller.

Setup:
The request sets: 

  params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

  Example 1: params_accessable
  MyController < Application
    params_accessible :post => [:title, :body]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it" } }

So we see that params_accessible removes everything except what is explictly specified.

  Example 2: params_protected
  MyOtherController < Application
    params_protected :post => [:status, :author_id]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }

We also see that params_protected removes ONLY those parameters explicitly specified.

wycats / merb-plugins

Pledgie Donations