Hacker News new | ask | show | jobs
by tptacek 5125 days ago
You're (respectfully) not terribly familiar with Rails, then, because the interpretation of foo[bar]=xxx as { :foo => { :bar => 'xxx' } } is one of the core patterns in the framework. Code all across the platform depends on that behavior.
2 comments
sim0n 5124 days ago
This is the same with PHP. Be aware anyone using something like MongoDB, if you don't sanitize/cast your inputs, your app could be vulnerable.

e.g. if you have the code:

  $collection->findOne( array( 'username' => $_POST['username'], 'password' => $_POST['password'] ) );
someone could POST something like username[$ne]='?'&password[$ne]='?' and login.
link
mseebach 5124 days ago
I get it now. I though there was interpretation of the right hand side of the =.
link