Responses interwoven below.
Quoting Tom Ha :
>
> Well, basically *everywhere* where it says "low" in the below code
> example:
>
> The "resulting" code...
> ==
> if @user.low == true
> @low = false
> elsif @user.low == false
> @low = true
> end
>
> [...
Patrick is 100% right. And he's not even being paranoid, it is almost
guaranteed that someone will try this.
This is how I would do it, and as Patrick suggests, put it in helper:
if (%w(low medium high).include? params[:id]
instance_variable_set("@#{params[:id]}", user.send(params[:id]))
else
On Feb 5, 11:11 am, Tom Ha wrote:
> Thanks. In this case, the "params[:id]" value is actually a
> system-generated one - so there's no user input involved and therefore
> it should be secure.
>
> Can you tell my how to get the syntax correct in the above example?
>
> ("params[:id]" could of cours
Well, basically *everywhere* where it says "low" in the below code
example:
The "resulting" code...
==
if @user.low == true
@low = false
elsif @user.low == false
@low = true
end
[...]
==
...is supposed to be "generated" by somethi
Thanks. In this case, the "params[:id]" value is actually a
system-generated one - so there's no user input involved and therefore
it should be secure.
Can you tell my how to get the syntax correct in the above example?
("params[:id]" could of course be replaced by any variable, such as
"@lev
Be careful here, depending on your user base of course.
What will you do if {params[:id]} (I know, incorrect syntax), evaluates to
"delete!" or something else.
If you have a completely trustworthy user base (such as only you, or only
your colleagues, whom you should trust implicitly, otherwise, w
Tom, where is it that you want to replace low with params[:id]?
On Feb 5, 11:22 am, Tom Ha wrote:
> Hi there,
>
> I have a n00b question regarding the correct code syntax:
>
> The aim is to have code that looks like this...
>
> ==
> if @user.low == true
> @low = fal
7 matches
Mail list logo
