Workaround for CVE-2010-3933

Hi,

First look this vulnerability issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933

My application models: http://pastie.org/1709174

On my departments form, when user selects a health unit, I copy all health unit attributes including address and street.

The parameters hash looks like this: http://pastie.org/1709217

But this was considered a vunerability issue, the CVE-2010-3933.

How I can do that on newer versions of rails? I need to set the address for the new department but I should be able to edit this attributes (nested form).

Suggestions?

Hi,

First look this vulnerability issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3933

My application models: http://pastie.org/1709174

On my departments form, when user selects a health unit, I copy all health unit attributes including address and street.

The parameters hash looks like this: http://pastie.org/1709217

But this was considered a vunerability issue, the CVE-2010-3933.

How I can do that on newer versions of rails? I need to set the address for the new department but I should be able to edit this attributes (nested form).

Suggestions?

You received this message because you are subscribed to the Google Groups “Ruby on Rails: Talk” group.

To post to this group, send email to rubyonrails-talk@googlegroups.com.

To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.