select with multiple option #5402

Closed
nashby opened this Issue Mar 13, 2012 · 8 comments

Comments

Projects
None yet
9 participants
@nashby
Contributor

nashby commented Mar 13, 2012

Now Rails generates hidden field before every multiple select. It's OK for updating data but I think it's not for getting data. Actually, we have to remove blank value from array before any search.

So if params[:user_ids] == ["", 1] and we trying to find these users:

User.find(params[:user_ids])

we'll get something like

ActiveRecord::RecordNotFound: Couldn't find all Users with IDs (, 1) (found 1 results, but was looking for 2)

My solution is to add some additional option like :include_hidden or something like that so we can choose between including and not including this hidden tag. WDYT?

@shiroginne

This comment has been minimized.

Show comment Hide comment
@shiroginne

shiroginne Mar 13, 2012

cool story, bro 👍

cool story, bro 👍

@josevalim

This comment has been minimized.

Show comment Hide comment
@josevalim

josevalim Mar 13, 2012

Contributor

@nashby :include_hidden with true by default 👍

Contributor

josevalim commented Mar 13, 2012

@nashby :include_hidden with true by default 👍

@nashby

This comment has been minimized.

Show comment Hide comment
@nashby

nashby Mar 13, 2012

Contributor

@josevalim ok, I'll make a PR tonight!

Contributor

nashby commented Mar 13, 2012

@josevalim ok, I'll make a PR tonight!

nashby added a commit to nashby/rails that referenced this issue Mar 13, 2012

@drogus drogus closed this in cb7d19b Mar 13, 2012

@vkeziah

This comment has been minimized.

Show comment Hide comment
@vkeziah

vkeziah Dec 16, 2014

@nashby its not working form me ,my code is like the following

= f.input :to, as: :check_boxes, collection: @debt, label: 'To debt', :input_html => { :name => 'to_debt[]' , :include_hidden => false }

still it includes hidden input in the form , can you please let me know how to fix this issue

vkeziah commented Dec 16, 2014

@nashby its not working form me ,my code is like the following

= f.input :to, as: :check_boxes, collection: @debt, label: 'To debt', :input_html => { :name => 'to_debt[]' , :include_hidden => false }

still it includes hidden input in the form , can you please let me know how to fix this issue

@recursive-madman

This comment has been minimized.

Show comment Hide comment
@recursive-madman

recursive-madman Dec 17, 2014

Contributor

@vkeziah you're using f.input, which is not part of rails (from the simple_form gem I assume?), so this is not related to this issue.

Contributor

recursive-madman commented Dec 17, 2014

@vkeziah you're using f.input, which is not part of rails (from the simple_form gem I assume?), so this is not related to this issue.

@oniofchaos

This comment has been minimized.

Show comment Hide comment
@oniofchaos

oniofchaos Mar 23, 2015

Contributor

@vkeziah I had luck adding include_hidden: false to the end of similar code.

For you, it would be
= f.input :to, as: :check_boxes, collection; @debt, label: 'To debt', :input_html => { :name => 'to_debt[]' }, include_hidden: false

Contributor

oniofchaos commented Mar 23, 2015

@vkeziah I had luck adding include_hidden: false to the end of similar code.

For you, it would be
= f.input :to, as: :check_boxes, collection; @debt, label: 'To debt', :input_html => { :name => 'to_debt[]' }, include_hidden: false

@a-barbieri a-barbieri referenced this issue in lacolonia/binda Aug 4, 2017

Closed

Checkbox 'allow null' not working properly #56

@vanboom

This comment has been minimized.

Show comment Hide comment
@vanboom

vanboom Jan 30, 2018

Just curious to why rails would add a blank item to a select by default?

vanboom commented Jan 30, 2018

Just curious to why rails would add a blank item to a select by default?

@a-barbieri

This comment has been minimized.

Show comment Hide comment
@a-barbieri

a-barbieri Feb 20, 2018

@vanboom apparently letting a nil parameter go through will cause a vulnerability. See https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI

To avoid it the only way is to pass a blank string as the only element of the array.

For example params[:user_ids] = [""] will remove all associated users, whereas params[:user_ids] = [] won't.

@vanboom apparently letting a nil parameter go through will cause a vulnerability. See https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI

To avoid it the only way is to pass a blank string as the only element of the array.

For example params[:user_ids] = [""] will remove all associated users, whereas params[:user_ids] = [] won't.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment