On 25 September 2010 14:38, Jim Burgess wrote:
> def validate_presence(arg)
> string = "errors.add(:#{arg}, \"can't be blank\") if #{arg} == \"\""
> eval(string)
> end
>
> My question: does the method using eval pose any kind of security
> threat?
I'd say it's not a particular security threat (
You are ok if you are eval'ing on something which is not user provided. The
risk is if you are eval'ing something which is user input, which then would
subject you to risk. Below I am assuming your arg is a field name which is
something passed by your own code.
David
On Sat, Sep 25, 2010 at 8:38
Hi,
If I want to ensure that someone has filled out the email section of a
form I can write this in my model:
validates_presence_of :email
I can also achieve (more or less) the same thing by writing:
validate do |applicant|
applicant.validate_presence("email")
end
def validate_presence(arg)
3 matches
Mail list logo
