Rails 5中的质量分配 [英] Mass assignment in Rails 5
问题描述
我尝试将 Mindapp 宝石从Rails 4升级到Rails5.有很多代码像下面这样需要修复,因为Rails 5.1不再支持直接将质量分配给to_bson.
I tried to upgrade Mindapp Gem from Rails 4 to Rails 5. There are a lots of codes like below need to be fixed because Rails 5.1 no longer support mass assignment to_bson directly.
Mindapp::Xmain.create :service=>service,
:start=>Time.now,
:name=>service.name,
:ip=> get_ip,
:status=>'I', # init
:user=>current_user,
:xvars=> {
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
}
然后出现错误:
DEPRECATION WARNING: Method to_bson is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.2/classes/ActionController/Parameters.html
要遵守Rails 5.1 ,请注意以下警告:我将参数(实际上不了解)放在:
To comply with Rails 5.1 from this WARNING: I put params (without understand really) to:
Mindapp::Xmain.create(xmain_params)
def xmain_params
params.permit(
:service=>service,
:start=>Time.now,
:name=>service.name,
:ip=> get_ip,
:status=>'I', # init
:user=>current_user,
:xvars=> {
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
}
)
end
问题:它没有按照预期的方式创建. 这段代码(在修改之前)可以在Rails 4中使用,但在5.0和Warning中现在可以使用Ruby 2.2.1在Rails 5.1中使用. 我该怎么办/谢谢
Problem: It's not create as supposed to do. This code (before modified) work in rails 4 but Warning in 5.0 and Now not work in Rails 5.1 all using Ruby 2.4.1. What should I do/Thanks
当尝试
Mindapp::Xmain.create :service=>params.permit(service),
:start=>params.permit(Time.now),
:name=>params.permit(service.name),
:ip=>params.permit(get_ip),
:status=>params.permit('I'), # init
:user=>params.permit(current_user),
:xvars=> params.permit({
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
})
错误:
Mongoid::Errors::InvalidValue -
message:
Value of type ActionController::Parameters cannot be written to a field of type Hash
summary:
Tried to set a value of type ActionController::Parameters to a field of type Hash
resolution:
Verify if the value to be set correspond to field definition:
并尝试使用参数.
Mindapp::Xmain.create :service=>params.service,
:start=>params.Time.now,
:name=>params.service.name,
:ip=> params.get_ip,
:status=>params('I'), # init
:user=>params.current_user,
:xvars=> {
:service_id=>params.service.id, :p=>params,
:id=>params[:id],
:user_id=>params.current_user.try(:id),
:custom_controller=>params.custom_controller,
:host=>params.request.host,
:referer=>params.request.env['HTTP_REFERER']
}
错误:
NoMethodError - undefined method `service' for #<ActionController::Parameters:0x007ff6b07158f0>:
actionpack (5.0.2) lib/action_controller/metal/strong_parameters.rb:646:in `method_missing'
app/controllers/mindapp_controller.rb:384:in `create_xmain'
推荐答案
问题是:p=>params
.我假设params
是请求中的params对象.在Rails 5.1下,它将不再支持标准的哈希函数,例如to_bson
,mindapp库似乎正在使用该哈希函数(或者可能是其依赖库之一在使用它).
The issue is :p=>params
. I'm assuming params
is a params object from the request. Under Rails 5.1, it will no longer support standard hash functions such as to_bson
, which mindapp library appears to be using (or maybe one of its dependent libraries is using it).
一个简单的解决方法可能是将其替换为:p=>params.to_unsafe_hash
或更安全的解决方案:p=>params.permit(:foo, :bar)
(无论使用哪种参数,都应首先检查/清除).
A simple fix is probably to replace it with :p=>params.to_unsafe_hash
or for a safer solution, :p=>params.permit(:foo, :bar)
(whatever params should be used, these should possibly be checked/cleansed first).
这篇关于Rails 5中的质量分配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!