On Jan 15, 3:39 am, Jack Christensen <[email protected]> wrote: > > This just picks the specified keys from the hash, ignoring the > > protected attributes, but to me seems just as safe? Update_attributes > > itself could easily be modified too instead of adding another method. > > > Anyone else do similar? > > > Regards, > > Andrew > > http://api.rubyonrails.org/classes/ActiveSupport/CoreExtensions/Hash/...
Thanks, I'm aware of the slice method but I would have to unprotect the attributes in order to use it and use slice/reject in every place to prevent malicious values being set. Although of course I could have model.force_update_attributes(params[:user].slice(:blah, :blah)) but I don't that's quite as neat. Regards, Andrew
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
