Session handling with pagination

Having managed to improved the alphabetic pagination in my applications is due to better handling of the session tokens in the controller, but while going through Railscast 228 (more on tabular sorting to follow – using many:many associations if I can figure it out) Ryan mentioned the need for some basic security around the submitted data and I realised that I was assigning session vars directly from params.

But it’s easy enough to tidy up.

session.delete :letter if params[:q]
session[:letter] ||= ('a'..'z').include?(params[:q]) ? params[:q] : ''

Remove the session value if a query string param has been passed. Then if the session value doesn’t exist assign it from the params only if the patam value is in the range a-z; otherwise assign and empty string.

This works out well for me as the empty string is the cue to display all values by virtue of it being the value passed to the search scope.

But going back to the Railscast, I was really taken with this construct,

%w[asc desc].include?(params[:direction]) ?  params[:direction] : "asc"

for input sanitsation and realising while some of my recent stuff has been okay, I’ve still got a fair way to go.

Now, back to this column sorting…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s