Class: ActionController::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/core_ext/controller_extensions.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.local_ipObject 



5
6
7
8
9
10
11
12
13
14
 
# File 'lib/core_ext/controller_extensions.rb', line 5

def self.local_ip
  orig, Socket.do_not_reverse_lookup = Socket.do_not_reverse_lookup, true  # turn off reverse DNS resolution temporarily

  UDPSocket.open do |s|
    s.connect '64.233.187.99', 1
    s.addr.last
  end
ensure
  Socket.do_not_reverse_lookup = orig
end

Instance Method Details

#sanitize_by_param(allowed = [], default = 'id') ⇒ Object

Returns a sanitized column parameter suitable for SQL order-by clauses.



17
18
19
 
# File 'lib/core_ext/controller_extensions.rb', line 17

def sanitize_by_param(allowed=[], default='id')
  sanitize_params params && params[:by], allowed, default
end

#sanitize_dir_paramObject

Returns a sanitized direction parameter suitable for SQL order-by clauses.



22
23
24
 
# File 'lib/core_ext/controller_extensions.rb', line 22

def sanitize_dir_param
  sanitize_params params && params[:dir], ['ASC', 'DESC'], 'ASC'
end

#sanitize_params(supplied = '', allowed = [], default = nil) ⇒ Object

Use this method to prevent SQL injection vulnerabilities by verifying that a user-provided parameter is on a whitelist of allowed values.

Accepts a value, a list of allowed values, and a default value. Returns the value if allowed, otherwise the default.

Raises:

  • (ArgumentError) 


31
32
33
34
35
 
# File 'lib/core_ext/controller_extensions.rb', line 31

def sanitize_params(supplied='', allowed=[], default=nil)
  raise ArgumentError, "A default value is required." unless default
  return default if supplied.blank? || allowed.blank? || ! allowed.include?(supplied)
  return supplied
end