Grails

Refactor bindData to remove 3 param form with "excludes" list and replace with 3 param form that takes Map as 3rd param with "includes" and "excludes" support

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Critical Critical
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 0.5.6
  • Component/s: None
  • Labels:
    None

Description

This change needs to be made because the "excludes" behaviour is insecure as domain classes change over time, but even more annoying, is that it is much harder to work out what to exclude than what to include, as you can look at the form and easily tell what to include!

Hey, I wrote the original so I can complain about it too

Issue Links

This issue is related to:
GRAILS-3591 bindData has the option to explictly "include" and "exlude" fields from binding, however this not documeted Minor Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Lee Butts added a comment -

Hi Marc,

made the changes you suggested along with matching tests.

cheers

Lee

Show
Lee Butts added a comment - Hi Marc, made the changes you suggested along with matching tests. cheers Lee
Hide
Permalink
Marcel Overdijk added a comment -

Note that the parameters are named "include" and "exclude"

Example usage:

def user = User.get(params.id)
bindData(user, params, [include: "firstName", "lastName", "email"]])

In this case it can be avaoided that a password is updated by hacking submitted form data..

Show
Marcel Overdijk added a comment - Note that the parameters are named "include" and "exclude" Example usage: def user = User.get(params.id) bindData(user, params, [include: "firstName", "lastName", "email"]]) In this case it can be avaoided that a password is updated by hacking submitted form data..
Hide
Permalink
Graeme Rocher added a comment -

Bulk closing bunch of resolved issues

Show
Graeme Rocher added a comment - Bulk closing bunch of resolved issues

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.1#660-r161644) | Report a problem
Powered by a free Atlassian JIRA open source license for Grails project. Try JIRA - bug tracking software for your team.