Module: Searchgasm::Search::Protection
- Included in:
- Base
- Defined in:
- lib/searchgasm/search/protection.rb
Overview
Searchgasm Protection
This adds protection during mass asignments only. This allows you to pass a params object when doing mass assignments and not have to worry about Billy 13 year old adding in SQL injections. There is a section in the readme that covers protection but to reiterate:
Protected
User.new_search(params[:search])
User.new_conditions(params[:search])
search. = params[:search]
conditions.conditions = params[:conditions]
NOT Protected
User.new_search!(params[:search])
User.new_conditions!(params[:search])
User.find(:all, params[:search])
User.first(params[:search])
User.all(params[:search])
Constant Summary collapse
- SAFE_OPTIONS =
Options that are allowed when protecting against SQL injections (still checked though)
Base::SPECIAL_FIND_OPTIONS + [:conditions, :limit, :offset]
- VULNERABLE_OPTIONS =
Options that are not allowed, at all, when protecting against SQL injections
Base::VALID_FIND_OPTIONS - SAFE_OPTIONS
Class Method Summary collapse
Instance Method Summary collapse
-
#limit_with_protection ⇒ Object
:nodoc:.
-
#limit_with_protection=(value) ⇒ Object
:nodoc:.
-
#options_with_protection=(values) ⇒ Object
:nodoc:.
-
#protect=(value) ⇒ Object
Accepts a boolean.
-
#protect? ⇒ Boolean
(also: #protected?)
Convenience methof for determing if the search is protected or not.
Class Method Details
.included(klass) ⇒ Object
30 31 32 33 34 35 36 37 |
# File 'lib/searchgasm/search/protection.rb', line 30 def self.included(klass) klass.class_eval do attr_reader :protect alias_method_chain :limit, :protection alias_method_chain :limit=, :protection alias_method_chain :options=, :protection end end |
Instance Method Details
#limit_with_protection ⇒ Object
:nodoc:
39 40 41 42 |
# File 'lib/searchgasm/search/protection.rb', line 39 def limit_with_protection # :nodoc: return Config.per_page if protected? && !@set_limit limit_without_protection end |
#limit_with_protection=(value) ⇒ Object
:nodoc:
44 45 46 47 |
# File 'lib/searchgasm/search/protection.rb', line 44 def limit_with_protection=(value) # :nodoc: @set_limit = true self.limit_without_protection = value end |
#options_with_protection=(values) ⇒ Object
:nodoc:
49 50 51 52 53 54 |
# File 'lib/searchgasm/search/protection.rb', line 49 def (values) # :nodoc: return unless values.is_a?(Hash) self.protect = values.delete(:protect) if values.has_key?(:protect) # make sure we do this first frisk!(values) if protect? self. = values end |
#protect=(value) ⇒ Object
Accepts a boolean. Will protect mass assignemnts if set to true, and unprotect mass assignments if set to false
57 58 59 60 |
# File 'lib/searchgasm/search/protection.rb', line 57 def protect=(value) conditions.protect = value @protect = value end |
#protect? ⇒ Boolean Also known as: protected?
Convenience methof for determing if the search is protected or not.
63 64 65 |
# File 'lib/searchgasm/search/protection.rb', line 63 def protect? protect == true end |