ruby on rails - Mass Assignment Vulnerability -
i have model a such :
class < activerecord::base validates_uniqueness_of :name attr_accessible :name end i want remove mass assignment vulnerability on attribute :name. deleted line attr_accessible :name model. model has no controller, didn't write strong parameters. model used in helper b.rb follows :
num_users = a.where(:name => "new").count
do need change line in way or line still work after have deleted attr_attributed :name model?
first , foremost, line num_users = a.where(:name => "new").count works fine or without using mass-assignment. because where method not assign data model record.
on other hand, rare see question ruby-on-rails-4 , mass-assignment tags (there 7 both).
this because rails 4 remove mass_assignment , replace strong_parameters, can find @ rails guides upgrade 4.0.
if line attr_accessible :name working fine on rails 4 app. must have protected_attributes gem @ gemfile.
there must reason add protected_attributes gem rails 4 app. if not, can remove gemfile bundle install , remove attr_accessible ... lines model. , remove :without_protection => true parameter model's actions (new, create, create!, update_attributes , update_attributes!, assign_attributes).
if keep gem protected_attributes @ gemfile. when need update field not attr_accessible must add parameter without_protection: true action. way:
a.create({name: 'new'}, without_protection: true) and record stored @ db. otherwise not work.
Comments
Post a Comment