This project is archived and is in readonly mode.
filter_parameter_logging creates a public controller method
Reported by José Valim | May 14th, 2008 @ 06:54 PM | in 2.1.1
filter_parameter_logging creates a public method in the controllers called :filter_parameters.
This is really not nice, cause if someone use the default routes:
map.connect ':controller/:action/:id'
The www.railsapp.com/controller/filt... is exposed (and will raise a 500 error)!
Then I just added at the end of filter_parameters_logging:
self.class_eval{ protected :filter_parameters }
I don't know if it's the best work out (ideas?).
I added some tests also. =)
Comments and changes to this ticket
-
josh May 14th, 2008 @ 07:01 PM
- Milestone set to “2.1.1”
- State changed from “new” to “open”
- Assigned user set to “josh”
- Title changed from “[BUG] [PATCH] filter_parameter_logging creates a public controller method” to “filter_parameter_logging creates a public controller method”
If you use git format patch, I can get your name and email from it so you show up as the patch author.
-
Repository May 14th, 2008 @ 07:01 PM
- State changed from “open” to “resolved”
(from [8d37bd08eeac6d0e94f76ac6640e288bf64595b2]) Protect #filter_parameters created by filter_parameter_logging [José Valim] [#196 state:resolved]
-
José Valim May 14th, 2008 @ 07:15 PM
- no changes were found...
-
José Valim May 14th, 2008 @ 07:32 PM
Whoops, my additional tests were passing even if filter_parameters is not protected. =P
I rewrote the tests.
ps: for some strange reason, git format-patch doesn't work here.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Hugo Barauna
José Valim
josh