堆栈内存溢出
  简体   繁体   English

我可以在Ruby on Rails中将attr_accessible用于PayPal IPN吗?

[英]Can I use attr_accessible for PayPal IPN in Ruby on Rails?

 原文  2013-01-23 21:52:45       ruby-on-rails/ paypal

问题描述

I used this RailsCast to create part of a shopping cart system, http://railscasts.com/episodes/142-paypal-notifications 我使用此RailsCast创建了购物车系统的一部分, http: //railscasts.com/episodes/142-paypal-notifications

There is a piece of code there that is called by PayPal for notification. 贝宝(PayPal)调用了一段代码以进行通知。 

def create
  PaymentNotification.create!(:params => params, :cart_id => params[:invoice], :status => params[:payment_status], :transaction_id => params[:txn_id])
  render :nothing => true
end

I tried it on Heroku, and there were no warnings and no errors. 我在Heroku上尝试过,没有警告也没有错误。 The PaymentNotification object was created successfully in the database - but everything was nil except for the id! PaymentNotification对象已在数据库中成功创建-但除ID之外,其他所有内容均为零! I opened the heroku console and tried: 我打开了heroku控制台并尝试: 

irb(main):002:0> PaymentNotification.create!(:cart_id => "2", :status => "Complete", :transaction_id => "XYZXYZXYZXYZXYZ")
< => "2", :status => "Complete", :transaction_id => "XYZXYZXYZXYZXYZ")

Which gave me this, 这给了我, 

WARNING: Can't mass-assign protected attributes: cart_id, status, transaction_id

Why didn't this warning come up in the Heroku logs? 为什么在Heroku日志中没有出现此警告? Why was it created successfully anyway (is it because it's just a warning, and not an error?) 为什么无论如何都成功创建了它(是因为这只是一个警告,而不是一个错误?)

Can I just use attr_accessible for these things? 我可以只将attr_accessible用于这些东西吗? The notification has to be validated anyway ( https://www.paypal.com/cgi-bin/webscr?cmd=p/acc/ipn-info-outside ) 无论如何,该通知都必须经过验证( https://www.paypal.com/cgi-bin/webscr?cmd=p/acc/ipn-info-outside

1 个解决方案

解决方案1
 1  2013-01-23 22:05:28

For app security, you must add attr_accessible to your attributes. 为了确保应用程序安全,必须将attr_accessible添加到属性中。

On rails 4 is added this gem https://github.com/rails/strong_parameters . 在Rails 4上添加了这个gem https://github.com/rails/strong_parameters Also

I recomend to you use adaptive payments. 我建议您使用适应性付款。 You can take a look to this post: 您可以看一下这篇文章:

Paypal Adaptive Payment for Ruby Paypal Ruby自适应付款

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Ruby on Rails 4的attr_accessible - Ruby on rails 4 attr_accessible 我如何设置&#39;attr_accessible&#39;以便不允许使用Ruby on Rails访问任何模型的字段? - How I can set 'attr_accessible' in order to NOT allow access to ANY of the fields FOR a model using Ruby on Rails? Ruby on Rails attr_accessible和脚手架 - Ruby on Rails attr_accessible and scaffolding 用于 Rails 4 的 attr_accessible - attr_accessible for Rails 4 rails 4中的attr_accessible - attr_accessible in rails 4 为什么在没有attr_accessible的情况下仍可以在Rails控制台中使用访问属性? - Why can I still use access an attribute in rails console without attr_accessible? 我可以在rails中的非数据库支持字段上使用attr_accessible吗? - Can I use attr_accessible on non database backed fields in rails? Rails和attr_accessible +安全性 - Rails and attr_accessible + security Rails 4 - 邮箱attr_accessible - Rails 4 - mailboxer attr_accessible Rails中的动态attr_accessible - Dynamic attr_accessible in rails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM