Hi Michael, Thanks for the reply. >> "dd-mm-yyyy" (including hyphens). > Why? IMHO, the best you can do is have a look at how date_select works, > you'll notice that it already does what you're trying to do.
But isn't date_select really feeble? For example it is very easy to make the whole application crash by giving date_select false input (eg. enetering 31st February with no year. http://www.ruby-forum.com/topic/183310) > Careful! It may not be possible to enter anything exceeding the max > length in the average browser, but that doesn't stop anyone to submit > requests to your app with other tools. Good point. > %x{echo gotcha} is another way of writing `echo gotcha`. Each of these > executes the given command(s) with the right of the current user. It's > like that you wouldn't enter cd $HOME; rm -rf by yourself, so you'd > better not give someone else an opportunity to enter %x{cd $HOME, rm - > rf} for you. Even better point. > Passing arbitrary, user-provided strings to eval or class_eval *is* a > huge security hole. You're right. I did have everything working without using eval. The method with eval was just intended to make everything that bit neater. Would it then be sufficient to check the user generated input for numericality (ie. enduse that the user has only entered numbers as they are supposed to) and only carry out eval in this case, or would that make no difference? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
