module Padrino::ParamsProtection::InstanceMethods

Public Instance Methods

filter_params!(params, allowed_params) click to toggle source

Filters a hash of parameters leaving only allowed ones and possibly typecasting and processing the others.

@param [Hash] params

Parameters to filter.
Warning: this hash will be changed by deleting or replacing its values.

@param [Hash] allowed_params

A hash of allowed keys and value classes or processing procs. Supported
scalar classes are: Integer (empty string is cast to nil).

@example

filter_params!( { "a" => "1", "b" => "abc", "d" => "drop" },
                { "a" => Integer, "b" => true } )
# => { "a" => 1, "b" => "abc" }
filter_params!( { "id" => "", "child" => { "name" => "manny" } },
                { "id" => Integer, "child" => { "name" => proc{ |v| v.camelize } } } )
# => { "id" => nil, "child" => { "name" => "Manny" } }
filter_params!( { "a" => ["1", "2", "3"] },
                { "a" => true } )
# => { "a" => ["1", "2", "3"] }
filter_params!( { "persons" => {"p-1" => { "name" => "manny", "age" => "50" }, "p-2" => { "name" => "richard", "age" => "50" } } },
                { "persons" => { "name" => true } } )
# => { "persons" => {"p-1" => { "name" => "manny" }, "p-2" => { "name" => "richard" } } }
# File lib/padrino-core/application/params_protection.rb, line 91
def filter_params!(params, allowed_params)
  params.each do |key,value|
    type = allowed_params[key]
    next if value.kind_of?(Array) && type
    case
    when type.kind_of?(Hash) && value.kind_of?(Hash)
      if key == Inflections.pluralize(key) && value.values.first.kind_of?(Hash)
        value.each do |array_index,array_value|
          value[array_index] = filter_params!(array_value, type)
        end
      else
        params[key] = filter_params!(value, type)
      end
    when type == Integer
      params[key] = value.empty? ? nil : value.to_i
    when type.kind_of?(Proc)
      params[key] = type.call(value)
    when type == true
    else
      params.delete(key)
    end
  end
end
original_params() click to toggle source

Returns the original unfiltered query parameters hash.

# File lib/padrino-core/application/params_protection.rb, line 118
def original_params
  @original_params || params
end