[#GRAILS-998] Refactor bindData to remove 3 param form with "excludes" list and replace with 3 param form that takes Map as 3rd param with "includes" and "excludes" support

Grails

Refactor bindData to remove 3 param form with "excludes" list and replace with 3 param form that takes Map as 3rd param with "includes" and "excludes" support

Created: 29/Mar/07 09:05 AM Updated: 17/Nov/08 02:56 AM

Component/s:

None

Affects Version/s:

None

Fix Version/s:

0.5.6

Time Tracking:

Not Specified

Issue Links:

Related

This issue is related to:

GRAILS-3591 bindData has the option to explictly "include" and "exlude" fields from binding, however this not documeted

Description

« Hide

This change needs to be made because the "excludes" behaviour is insecure as domain classes change over time, but even more annoying, is that it is much harder to work out what to exclude than what to include, as you can look at the form and easily tell what to include!

Hey, I wrote the original so I can complain about it too

All

Comments

Work Log

Change History

Sort Order:

[ Permalink | « Hide ]

Lee Butts added a comment - 17/Jun/07 03:04 AM

Hi Marc,

made the changes you suggested along with matching tests.

cheers

Lee

[ Permalink | « Hide ]

Marcel Overdijk added a comment - 17/Nov/08 02:47 AM

Note that the parameters are named "include" and "exclude"

Example usage:

def user = User.get(params.id)
bindData(user, params, [include: "firstName", "lastName", "email"]])

In this case it can be avaoided that a password is updated by hacking submitted form data..