2 Replies - 881 Views - Last Post: 13 October 2013 - 12:23 PM Rate Topic: -----

#1 cmwise  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 169
  • Joined: 14-February 09

Date handling in Controller .permit function

Posted 12 October 2013 - 09:30 AM

Hi everyone,

I'm pretty new to ruby and rails, and this is the only snag I've run into where endlessly searching the internet has yielded nothing in terms of a solution. Some background:

All I'm trying to do is have a user register an account successfully. It throws an error saying that "birthdate(2i), birthdate(1i) and birthdate(3i) are unpermitted parameters." This is the view where the user enters their information.

<h1> Create an Account </h1>

<h3 align="right"><%= link_to "Home", root_path %></h3>

<%= form_tag({controller: "users", action: "create"}, action: "/users", method: "post") do %>
  <%= label_tag(:username, "Username") %>
  <%= text_field(:user, :username) %>
  <br />

  <%= label_tag(:password, "Password") %>
  <%= password_field(:user, :password) %>
  <br />

  <%= label_tag(:birthdate, "Date of Birth") %>
  <%= date_select(:user, :birthdate, start_year: 1900, use_two_digit_numbers: true, order: [:month, :day, :year]) %>
  <br />

  <%= label_tag(:gender, "Gender") %>
  <%= radio_button(:user, :gender, "M") %>
  <%= label_tag(:genderM, "M") %>
  <%= radio_button(:user, :gender, "F") %>
  <%= label_tag(:genderF, "F") %>
  <br />

  <%= label_tag(:email, "E-mail Address") %>
  <%= email_field(:user, :email) %>
  <br />

  <%= submit_tag("Register") %>
<% end %>



Next, the controller:
def create
  #puts :birthdate[:year].to_i 

 # @clean_dob = params[:user]['birthdate(1i)'] + params[:user]['birthdate(2i)'] + params[:user]['birthdate(3i)']

  puts params[:user]

  @user = User.new(params[:user].permit(:username, :password, :gender, :email, :birthdate => []))

  puts @user.birthdate

  if @user.save
    redirect_to users_path
  else
    render 'register'
  end
end



I've tried a few different things attempting to get .permit to accept the birthdate values, but to no avail. Any guidance at all would be greatly appreciated!

Thanks :)/>

Is This A Good Question/Topic? 0
  • +

Replies To: Date handling in Controller .permit function

#2 Lemur  Icon User is offline

  • Pragmatism over Dogma
  • member icon


Reputation: 1352
  • View blog
  • Posts: 3,417
  • Joined: 28-November 09

Re: Date handling in Controller .permit function

Posted 12 October 2013 - 09:41 PM

http://stackoverflow...tted-parameters

That link does a good job of explaining what's going on in another case. The thing to realize is that if you can't find your _exact_ case, look for things that are close, and keep widening your net as you go. The newer the software, the wider your initial net should be.

This is primarily because of strong parameters which got merged into Rails 4. It's a good idea, and it prevents arbitrary mass assignment attacks that can do some nasty stuff, such as a user adding an is_admin box and trying to get that in your params to upload.
Was This Post Helpful? 0
  • +
  • -

#3 cmwise  Icon User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 169
  • Joined: 14-February 09

Re: Date handling in Controller .permit function

Posted 13 October 2013 - 12:23 PM

Thanks for the response Lemur :)

I had actually seen this stack overflow thread before, but tried it again anyway. It still gives me the "Unpermitted parameters: birthdate(2i), birthdate(3i), birthdate(1i)". Although, I added a line in my users controller that assigned the correct birthdate value to the user entry.


def create

  @clean_dob = params[:user]['birthdate(1i)'] + params[:user]['birthdate(2i)'] + params[:user]['birthdate(3i)']

  @user = User.new(params[:user].permit(:username, :password, :gender, :email, birthdate: [:year, :month, :day]))

  ###### This is the line I added. ######
  @user.birthdate = @clean_dob
  #######################################

  if @user.save
    redirect_to users_path
  else
    render 'register'
  end
end



It seems like a potential security vulnerability to me, in the case of someone injecting values into the birthdate field, but for now it works. Still would like to try to figure out why the three aspects of birthdate are unpermitted parameters.

Thanks again :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1