Skip to content
Browse files

Prevent eval things from happening

  • Loading branch information...
1 parent f7a0b08 commit 024f8944fcdf892ee718509efca39950ff9e957c @KlausTrainer KlausTrainer committed Mar 26, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/generators/letsrate/templates/rater_controller.rb
View
2 lib/generators/letsrate/templates/rater_controller.rb
@@ -2,7 +2,7 @@ class RaterController < ApplicationController
def create
if current_user.present?
- obj = eval "#{params[:klass]}.find(#{params[:id]})"
+ obj = params[:klass].classify.constantize.find(params[:id])
if params[:dimension].present?
obj.rate params[:score].to_i, current_user.id, "#{params[:dimension]}"
else

0 comments on commit 024f894

Please sign in to comment.
Something went wrong with that request. Please try again.