Javier Sanz

Joined

70 Experience
0 Lessons Completed
0 Questions Solved

Activity

Posted in SQL injection attempts, any advice?

Thanks Chris! No more evidences in Rollbar of the issue again. A security checklist episode could be great!

Posted in SQL injection attempts, any advice?

Thanks Chris, two newbie questions:

  • (...) 'you should include it to the bottom of your controller': within the private methods or out of them?
  • (...) 'just replace all the params[:page] references with this method page' > Can you confirm if what I got here

@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => params[:page], per_page: 5)
should I replace it with this other string?
@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => page, per_page: 5)

Posted in SQL injection attempts, any advice?

Hi there,

In the logs of Rollbar for my app petithacks.com, I have seen in the past 2 days attempts like the ones in the image

I'm using 'will_paginate' gem for pagination of several records in the app, and also a gem to 'like' elements. Also I found this thread in a google groups but no idea how to include the suggested in my code. Within my hacks_controller.rb these are the 2 methods that include paginate:


def index
@hacks = Hack.friendly.order('id desc').paginate(:page => params[:page], per_page: 5)
end

def tagged
if params[:tag].present?
@hacks = Hack.friendly.tagged_with(params[:tag]).paginate(:page => params[:page], per_page: 5)
else
@hacks = redirect_to hacks_path
end
end

Any help & advice on how to avoid these kind of attempts?

logo Created with Sketch.

Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

© 2020 GoRails, LLC. All rights reserved.