Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: Display additional fields when attaching a record to another #3048
Feature: Display additional fields when attaching a record to another #3048
Changes from 41 commits
670ba0a
f79177e
689d72a
c7ae36c
fd1f441
f6cfb9e
a60de9f
abdd39d
37f9c60
b6b0e85
31dd758
77e2988
cfd4090
ec2f378
109e0f7
30f37cb
950a88e
78bbb18
7e909a1
73d8829
1993546
1a1ec9e
6751d8a
a748541
8d057bf
4412710
edc6f5a
76a01ff
90a64f9
19d5da0
c2aed1b
76a7cc2
12c96e8
981ecee
c1a463a
a40e604
83ffa20
0a8a670
8ce929d
4763aac
e16142b
a00b433
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adrianthedev We use
fill_record
which permits and assigns only those values whose key match the fields declared by the user in their resources file. I think this mitigates the chances of such attacks, no?avo/lib/avo/resources/base.rb
Line 448 in 90a64f9
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but let's apply the
permit
directly inside theadditional_params
method to increase readability.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okayy. Got it 😄