Switch branches/tags
Nothing to show
Find file History
Pull request Compare This branch is 358 commits behind wycats:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
lib
log
script
spec
LICENSE
README
Rakefile
TODO

README

merb_param_protection
=================

This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller.

Setup:
The request sets: 

  params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

  Example 1: params_accessable
  MyController < Application
    params_accessible :post => [:title, :body]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it" } }

So we see that params_accessible removes everything except what is explictly specified.

  Example 2: params_protected
  MyOtherController < Application
    params_protected :post => [:status, :author_id]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }

We also see that params_protected removes ONLY those parameters explicitly specified.