param_protected 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +3 -0
- data/LICENSE +20 -0
- data/README.rdoc +1 -1
- data/Rakefile +2 -0
- data/VERSION +1 -1
- data/lib/param_protected/protector.rb +1 -1
- data/param_protected.gemspec +7 -5
- data/test/users_controller_test.rb +2 -2
- metadata +11 -4
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
1.3.1
|
|
2
|
+
- Bugfix: hashes nested in regexp params could get through unfiltered
|
|
3
|
+
|
|
1
4
|
09/12/2009
|
|
2
5
|
----------
|
|
3
6
|
* Restructured and reorganized. Now the majority of the work is done in the Protector class. This minimizes the amount of methods / instance variables that clutter the controllers.
|
data/LICENSE
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
Copyright (c) 2009 Christopher J. Bottaro
|
|
2
|
+
|
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
4
|
+
a copy of this software and associated documentation files (the
|
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
9
|
+
the following conditions:
|
|
10
|
+
|
|
11
|
+
The above copyright notice and this permission notice shall be
|
|
12
|
+
included in all copies or substantial portions of the Software.
|
|
13
|
+
|
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
CHANGED
|
@@ -5,7 +5,7 @@ This plugin provides two class methods on <tt>ActiveController::Base</tt> that f
|
|
|
5
5
|
|
|
6
6
|
Put in your <tt>environment.rb</tt> file...
|
|
7
7
|
|
|
8
|
-
config.gem "
|
|
8
|
+
config.gem "param_protected"
|
|
9
9
|
|
|
10
10
|
Alternatively, just install the gem from the command line and <tt>require "param_protected"</tt> somewhere in your project.
|
|
11
11
|
|
data/Rakefile
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require 'rubygems'
|
|
1
2
|
require 'rake'
|
|
2
3
|
require 'rake/testtask'
|
|
3
4
|
require 'rake/rdoctask'
|
|
@@ -12,6 +13,7 @@ begin
|
|
|
12
13
|
gemspec.homepage = "http://github.com/cjbottaro/param_protected"
|
|
13
14
|
gemspec.authors = ["Christopher J. Bottaro"]
|
|
14
15
|
end
|
|
16
|
+
Jeweler::GemcutterTasks.new
|
|
15
17
|
rescue LoadError
|
|
16
18
|
puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
|
|
17
19
|
end
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.3.
|
|
1
|
+
1.3.1
|
|
@@ -186,7 +186,7 @@ module ParamProtected
|
|
|
186
186
|
else
|
|
187
187
|
raise ArgumentError, "unexpected exclusivity: #{exclusivity}"
|
|
188
188
|
end
|
|
189
|
-
params.each{ |k, v| filter_params(protected_params
|
|
189
|
+
params.each{ |k, v| filter_params(find_by_key(protected_params, k), v, exclusivity) }
|
|
190
190
|
params
|
|
191
191
|
end
|
|
192
192
|
|
data/param_protected.gemspec
CHANGED
|
@@ -5,18 +5,20 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{param_protected}
|
|
8
|
-
s.version = "1.3.
|
|
8
|
+
s.version = "1.3.1"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Christopher J. Bottaro"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-10-03}
|
|
13
13
|
s.description = %q{Provides two class methods on ActiveController::Base that filter the params hash for that controller's actions. You can think of them as the controller analog of attr_protected and attr_accessible.}
|
|
14
14
|
s.email = %q{cjbottaro@alumni.cs.utexas.edu}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
16
|
-
"
|
|
16
|
+
"LICENSE",
|
|
17
|
+
"README.rdoc"
|
|
17
18
|
]
|
|
18
19
|
s.files = [
|
|
19
20
|
"CHANGELOG",
|
|
21
|
+
"LICENSE",
|
|
20
22
|
"README.rdoc",
|
|
21
23
|
"Rakefile",
|
|
22
24
|
"VERSION",
|
|
@@ -61,7 +63,7 @@ Gem::Specification.new do |s|
|
|
|
61
63
|
s.homepage = %q{http://github.com/cjbottaro/param_protected}
|
|
62
64
|
s.rdoc_options = ["--charset=UTF-8"]
|
|
63
65
|
s.require_paths = ["lib"]
|
|
64
|
-
s.rubygems_version = %q{1.3.
|
|
66
|
+
s.rubygems_version = %q{1.3.7}
|
|
65
67
|
s.summary = %q{Filter unwanted parameters in your controllers and actions.}
|
|
66
68
|
s.test_files = [
|
|
67
69
|
"test/accessible_except_test.rb",
|
|
@@ -96,7 +98,7 @@ Gem::Specification.new do |s|
|
|
|
96
98
|
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
97
99
|
s.specification_version = 3
|
|
98
100
|
|
|
99
|
-
if Gem::Version.new(Gem::
|
|
101
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
100
102
|
else
|
|
101
103
|
end
|
|
102
104
|
else
|
|
@@ -2,7 +2,7 @@ require "test_helper"
|
|
|
2
2
|
|
|
3
3
|
class UsersControllerTest < ActionController::TestCase
|
|
4
4
|
PARAMS = { :user => { :id => 123,
|
|
5
|
-
'33' =>
|
|
5
|
+
'33' => { :ok => 'yes', :not_ok => 'no' },
|
|
6
6
|
'123' => 'ok',
|
|
7
7
|
:x21 => 'ok',
|
|
8
8
|
:name => { :first => "chris", :middle => "james", :last => "bottaro"},
|
|
@@ -10,7 +10,7 @@ class UsersControllerTest < ActionController::TestCase
|
|
|
10
10
|
:something => "something" }
|
|
11
11
|
|
|
12
12
|
EXPECTED_PARAMS = { "user" => { "name" => {"first" => "chris", "last" => "bottaro"},
|
|
13
|
-
'33' => 'ok', '123' => 'ok',
|
|
13
|
+
'33' => { 'ok' => 'yes' }, '123' => 'ok',
|
|
14
14
|
"email" => "cjbottaro@blah.com" } }
|
|
15
15
|
|
|
16
16
|
def test_create
|
metadata
CHANGED
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: param_protected
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
+
hash: 25
|
|
4
5
|
prerelease: false
|
|
5
6
|
segments:
|
|
6
7
|
- 1
|
|
7
8
|
- 3
|
|
8
|
-
-
|
|
9
|
-
version: 1.3.
|
|
9
|
+
- 1
|
|
10
|
+
version: 1.3.1
|
|
10
11
|
platform: ruby
|
|
11
12
|
authors:
|
|
12
13
|
- Christopher J. Bottaro
|
|
@@ -14,7 +15,7 @@ autorequire:
|
|
|
14
15
|
bindir: bin
|
|
15
16
|
cert_chain: []
|
|
16
17
|
|
|
17
|
-
date: 2010-
|
|
18
|
+
date: 2010-10-03 00:00:00 -05:00
|
|
18
19
|
default_executable:
|
|
19
20
|
dependencies: []
|
|
20
21
|
|
|
@@ -25,9 +26,11 @@ executables: []
|
|
|
25
26
|
extensions: []
|
|
26
27
|
|
|
27
28
|
extra_rdoc_files:
|
|
29
|
+
- LICENSE
|
|
28
30
|
- README.rdoc
|
|
29
31
|
files:
|
|
30
32
|
- CHANGELOG
|
|
33
|
+
- LICENSE
|
|
31
34
|
- README.rdoc
|
|
32
35
|
- Rakefile
|
|
33
36
|
- VERSION
|
|
@@ -78,23 +81,27 @@ rdoc_options:
|
|
|
78
81
|
require_paths:
|
|
79
82
|
- lib
|
|
80
83
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
84
|
+
none: false
|
|
81
85
|
requirements:
|
|
82
86
|
- - ">="
|
|
83
87
|
- !ruby/object:Gem::Version
|
|
88
|
+
hash: 3
|
|
84
89
|
segments:
|
|
85
90
|
- 0
|
|
86
91
|
version: "0"
|
|
87
92
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
93
|
+
none: false
|
|
88
94
|
requirements:
|
|
89
95
|
- - ">="
|
|
90
96
|
- !ruby/object:Gem::Version
|
|
97
|
+
hash: 3
|
|
91
98
|
segments:
|
|
92
99
|
- 0
|
|
93
100
|
version: "0"
|
|
94
101
|
requirements: []
|
|
95
102
|
|
|
96
103
|
rubyforge_project:
|
|
97
|
-
rubygems_version: 1.3.
|
|
104
|
+
rubygems_version: 1.3.7
|
|
98
105
|
signing_key:
|
|
99
106
|
specification_version: 3
|
|
100
107
|
summary: Filter unwanted parameters in your controllers and actions.
|