[Rails] ArgumentError at Localhost

Ruby on Rails Tuesday, July 3, 2018

Trying to update an existing app from Rails 4.2 to 5.2 (currently in Rails 5.0)

Attempting to generate a URL from non-sanitized request parameters! An attacker can inject malicious data into the generated URL, such as changing the host. Whitelist and sanitize passed parameters to be secure.


issue inside index.html.erb

      <%= link_to_export("Films", params) %>

Anyone know of a solution to fix this. 

#application_helper.rb
    def link_to_export(text, params)
        if current_user.admin?
          link_to url_for(params.merge(format: "csv")), class: "btn btn-default" do
        content_tag(:i, nil, class: "fa fa-download") + " " + text
          end
        end
  end.   


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/20ea35b5-feb2-45ca-8428-6d9a8c58b4fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 6:02 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)