I''m working on a project (Active Admin) that needs to be able to build
links on the page (e.g. pagination) that include arbitrary query parameters
that the user has entered.
Since `url_for` symbolizes any keys passed to it, for obvious memory
concerns you can''t just pass the entire params hash.
In Rails 3.2, however, you can do this:
include Rails.application.routes.url_helpersurl_for action:
''index'', controller: ''employees'', host:
''foo.bar'', params: {''eee'' => 3}# =>
"http://foo.bar/employees?eee=3"Symbol.all_symbols.map(&:to_s).include?
''eee''# => false
In other words, you can pass `params: request.query_parameters` to
`url_for` to avoid the potential DOS issue.
However we still support Rails 3.0 and 3.1, and they completely ignore
`:params`.
Save for monkeypatching, has anyone found a way to safely provide this
functionality?
Thanks,
Sean Linsley
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/7r7n5_gT6dkJ.
For more options, visit https://groups.google.com/groups/opt_out.
