Hi,
Thanks very much for the replies.
I will follow Michael's advice and stick it in a module.
> I hope you know what you're doing.
Probably nowhere near as much as I should
> What if one of the strings is
> %x{echo gotcha}
> or worse?
It's a date input which is mapped.
In the model the field is :dob and is a string.
In the form this is split into :dob_day, :dob_month, :dob_year
Using the method I wrote (currently) in my model I can them write:
map_three_fields :dob_day, :dob_month, :dob_year
and they are returned as a string containing a date in the form of
"dd-mm-yyyy" (including hyphens).
In the form the maximum length of dob_day and dob_year are 2 characters.
The maximum length of dob_year is 4 characters.
Therefore (I hope) it is not possible to enter "%x{echo gotcha}".
Now the question to make you slap your hand on your head and look at the
ceiling:
What would this do, anyway?
Do you have any comments, ideas, criticism about doing things this way?
I found relatively little on the inputing of dates in forms using Rails
online (date select is genuinely rubbish) and the form should also run
without javascript. Therefore I put this method together myself and
would be very grateful if anyone could point out if there are any
massive security exploits that I have overlooked.
If it would help I can post the full code of what I have done.
Thanks very much in advance.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
