merb-param-protection at 3e5171265f2cf3e4495fe5824b63e8a3cae79e3c from wycats's merb

3e5171265f2cf3e4495fe5824b63e8a3cae79e3c
all branches
- 1.0.x
- master
all tags
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.9.0
- 1.0.12
- 1.0.10
- 1.0.9
- 1.0.8.1
- 1.0.8
- 1.0.7.1
- 1.0.7
- 1.0.6.1
- 1.0.6
- 1.0.5
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0
- 0.9.13
- 0.9.12
- 0.9.11
- 0.9.10
- 0.9.9

wycats / merb

102

488

Description:	master merb branch edit
Homepage:	http://www.merbivore.com edit
Public Clone URL:	git://github.com/wycats/merb.git Give this clone URL to anyone. `git clone git://github.com/wycats/merb.git`
Your Clone URL:	git@github.com:wycats/merb.git Use this clone URL yourself. `git clone git@github.com:wycats/merb.git`

Merge branch 'active' of git@github.com:wycats/merb into active

wycats (author)

Wed Oct 29 14:31:13 -0700 2008

commit 3e5171265f2cf3e4495fe5824b63e8a3cae79e3c
tree 082b3455504721d7894ed07ada9f0e18ac09007f
parent 063c2574a7ffa41473f802effa92b1a41089593f parent a319ad0c8480bc10225909d7f97898dfd3989e4f

merb / merb-param-protection

name	age	history message
..
LICENSE	Thu Oct 09 10:44:13 -0700 2008	Moves merb-param-protection to -more [wycats]
README	Thu Oct 09 17:35:38 -0700 2008	updated merb-more rakefile [mattetti]
Rakefile		Loading commit data...
TODO	Thu Oct 09 10:44:13 -0700 2008	Moves merb-param-protection to -more [wycats]
lib/
script/	Thu Oct 09 10:44:13 -0700 2008	Moves merb-param-protection to -more [wycats]
spec/

merb-param-protection/README

merb-param-protection
=================

This plugin exposes three new controller methods which allow us to simply and flexibly filter the parameters available 
within the controller.

Setup:
The request sets: 

  params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

  Example 1: params_accessable
  MyController < Application
    params_accessible :post => [:title, :body]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it" } }

So we see that params_accessible removes everything except what is explictly specified.

  Example 2: params_protected
  MyOtherController < Application
    params_protected :post => [:status, :author_id]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }

We also see that params_protected removes ONLY those parameters explicitly specified.

Sometimes you have certain post parameters that are best left unlogged, we support that too.  Your
actions continue to receive the variable correctly, but the requested parameters are scrubbed
at log time.

  MySuperDuperController < Application
    log_params_filtered :password
  end
  
  params.inspect # => { :username => 'atmos', :password => '[FILTERED]' }