Vance Lucas’s profile

Co-Founder of @brightbit, Rails/PHP/JavaScript programmer, Husband, Father, Pragmatist, Realist, and Sarcastic. The stuff of dreams.

Latest Comments

1

I work with both PHP and Rails everyday, and I think the register_globals analogy is way off. This problem is NOT unique to Rails, and is in fact encouraged in many PHP frameworks as well.

The PHP equivalent would be something like this:

<?php
 
$post = Posts::get(42);
 
$post->data($_POST['post']);
 
$success = $post->save();
 
?>

So the issue is mass assignment of request data 1:1 to named fields in your database without manually specifying which fields should be updated via a whitelist or blacklist. It's not the same thing as global variables at all, and the comparison to it is rather disingenuous.

Posted in Hacking Rails (and GitHub).

Wed, 07 Mar 2012 at 22:03:07 GMT


About

  • Twitter: @vlucas
  • Location: Oklahoma, USA
  • Joined: March 2012
  • Comments: 1