You would modify the hidden form values (or add parameters that didn't exist) de... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

thecoffman on March 5, 2012 | parent | context | favorite | on: How Homakov hacked GitHub & the line of code that ...

You would modify the hidden form values (or add parameters that didn't exist) depending on the situation. These new/modified parameters would appear in Rails' params hash which would then be passed to the update function which, by default, will update any fields you hand it.

SpoonMeiser on March 5, 2012 [–]

This really doesn't sound like a problem with the update function, this just sounds like web applications 101 - don't trust user data.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact