I was just looking over some code I wrote last year, and found this in one of
my mailers:
@item = eval(params[:item].classify).send(:find, params[:item_id])
The idea here is that I can have the mailer respond to a polymorphic link
helper, and respond with an object reference of the referenced object,
regardless which it was -- a Project, Campaign, Asset, Lightbox -- whatever.
Inside the mailer erb, any links to that object would be as simple as
link_to @item.label, polymorphic_url(@item)
...so my mailer messages don't have to care what sort of object they are
sending a link to. This year, seeing send in the same line as params is giving
me the willies. Hence my question here.
Besides adding some guards around which classes I want to allow this for (which
just occurred to me as I was typing this out) can you recommend any other
techniques to make this less risky? Is there anything built into the framework
that I am overlooking?
Thanks in advance,
Walter
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/919EEEAB-D4F1-4661-8C7D-EACF5343EC9D%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.
