All geek questions in one place

How does Rails corrupt active record columns by default?

Question about Rails magic:

I played with IRB and spoiled? method, then I just did the following:

>> User.first.attributes.collect { |column, value| [column, value.tainted?] } => [["phone", true], ["state", false], ["persistence_token", true], ["last_login_ip", true], ["country", true], ["login_count", false], ["last_request_at", false], ["id", false], ["forname", true], ["current_login_at", false], ["name", true]]

Does anyone know why some of the parameters are corrupted and some are not? And if there is a way to choose which column should be corrupted?

EDIT :

Thanks for answers.

@sgtFloyd: I just tried to manually update the country. and here is what happens:

 >> u = User.first >> u.country = "USA" => "USA" >> u.country.tainted? => false >> u.save => true >> u.country.tainted? => false >> u.reload >> u.country.tainted? => true >> u.country.class => String # it also string in the database

EDIT 2 :

I deleted everything inside the User model, and some String columns did not look tarnished, while some of them ...

Thanks a lot!

+4
source share
3 answers

taint and tainted? are the methods of the Ruby Object class. If you want to find which objects have been changed in your Rails application, can you search for changed?

 @customer.email = ' new@email.com ' do_something if @customer.email_changed?
+2
source

AFAIK, Rails does not use taint, it tracks html_safe changes and conditions, but I have not seen mention of taint. The ruby ​​docs for taint say that it should be corrupted when it comes from external sources, I would suggest that it has something to do with the sql libraries used. But, without seeing this library, I can’t guess why some of them are corrupted and some are not.

Running this code in my projects causes all the false. This probably depends on which version of the rubies / rails, etc. You work, and since it is not defined by rails, it is probably not suitable for use.

+2
source

From Ruby Programming

Any Ruby object received from some external source (for example, a line read from a file or an environment variable) is automatically marked as corrupted. If your program uses a corrupted object to output a new object, then the new object will also be corrupted ...

In your example, columns like last_login_at , password_salt and created_at are created and processed exclusively within the country, without using any user input. phone , email , country , etc. are inferred from user input, so they are unreliable.

+2
source

Source: https://habr.com/ru/post/1401695/

More articles:


All Articles