Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Mass Assignment"
From NetSec
Line 1: | Line 1: | ||
+ | |||
+ | == [[Ruby]] == | ||
Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry: | Typically used in [[Ruby on Rails]], sometimes people will use the following code to create an ActiveRecord object to add a [[database]] entry: | ||
− | <syntaxhighlight lang=ruby> | + | {{code|text=<syntaxhighlight lang=ruby> |
@user=User.new(params[:user]) | @user=User.new(params[:user]) | ||
− | </syntaxhighlight> | + | </syntaxhighlight>}} |
There have been [[RoR_Patching#Params_Injection_.26_Mass_Assignment_Abuse|problems]] with RoR in the past with [[RoR_Patching#Params_Injection_.26_Mass_Assignment_Abuse|mass assignment]]. | There have been [[RoR_Patching#Params_Injection_.26_Mass_Assignment_Abuse|problems]] with RoR in the past with [[RoR_Patching#Params_Injection_.26_Mass_Assignment_Abuse|mass assignment]]. | ||
+ | |||
+ | == [[PHP]] == | ||
+ | |||
+ | |||
+ | {{code|text=<source lang="php"> | ||
+ | <?php | ||
+ | $object = new object(); | ||
+ | foreach ($_REQUEST as $property => $value) { | ||
+ | $object->$property = $value; | ||
+ | } | ||
+ | ?> | ||
+ | </source>}} | ||
{{expand}} | {{expand}} |
Revision as of 03:33, 22 October 2012
Ruby
Typically used in Ruby on Rails, sometimes people will use the following code to create an ActiveRecord object to add a database entry:
<syntaxhighlight lang=ruby> @user=User.new(params[:user]) </syntaxhighlight> |
There have been problems with RoR in the past with mass assignment.
PHP
<?php $object = new object(); foreach ($_REQUEST as $property => $value) { $object->$property = $value; } ?> |
This article contains too little information, it should be expanded or updated. |
---|
Things you can do to help:
|