Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

This branch is 13 commits ahead, 117 commits behind merb:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

..
Failed to load latest commit information.
lib
spec
LICENSE
README
Rakefile
TODO
merb-param-protection.gemspec

README

merb-param-protection
=================

This plugin exposes three new controller methods which allow us to simply and flexibly filter the parameters available within the controller.

Setup:
The request sets: 

  params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }

  Example 1: params_accessable
  MyController < Application
    params_accessible :post => [:title, :body]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it" } }

So we see that params_accessible removes everything except what is explictly specified.

  Example 2: params_protected
  MyOtherController < Application
    params_protected :post => [:status, :author_id]
  end

  params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }

We also see that params_protected removes ONLY those parameters explicitly specified.

Sometimes you have certain post parameters that are best left unlogged, we support that too.  Your
actions continue to receive the variable correctly, but the requested parameters are scrubbed
at log time.

  MySuperDuperController < Application
    log_params_filtered :password
  end
  
  params.inspect # => { :username => 'atmos', :password => '[FILTERED]' }
Something went wrong with that request. Please try again.