Question

如何检测到我在Rails中有<form action="volunteer.php" method="post" name="volunteer_form" id="plumb_form"> <input type="text" name="first_name" value="" class="field" id="first_name" required> <input type="text" name="last_name" value="" class="field" id="last_name" required> <input type="text" name="email" value="" class="field" id="email" required> <div id="seat_field"> <select name="seats" id="seats" class="field" required> <option value="" disabled selected>select</option> <option value="0">None</option> <option value="1">1</option> <option value="2">2</option> </select> </div> <?php $servername = "localhost"; $username = "***"; $password = "***"; $dbname = "***"; $conn = new mysqli($servername, $username, $password, $dbname); $query = mysqli_query($conn, "SELECT SUM(seats) AS total_seats FROM event"); $row = mysqli_fetch_assoc($query); $total_seats = $row['total_seats']; $available_seats = 44-$total_seats; echo "<div><div id='available_seats' class='seats'>$available_seats</div><div id='seats_remaining' class='seats'>&nbspseats remaining</div></div>"; ?> <input type="submit" name="submit" value="Submit" id="submit"></p> </form> <script> $(document).ready(function() { var available_seats = document.getElementById("available_seats").innerHTML; //THIS IS THE PART THAT'S CAUSING ME TROUBLE... if (available_seats == 0){ $("#seat").hide(); $("#seats").prop('required', false); $("#seat_field").prepend("<strong>Check to add your party to the bus waiting list</strong>&nbsp&nbsp<input type='checkbox' name='waitlist' value='1' /> "); }; $("#plumb_form").submit(function() { var first_name = document.forms["plumb_form"]["first_name"].value; var last_name = document.forms["plumb_form"]["last_name"].value; var email = document.forms["plumb_form"]["email"].value; var seats = document.forms["plumb_form"]["seats"].value; if(first_name == "" || last_name == "" || email == "" || phone == "" || number == "" || seats == ""){ return false; } else if (seats > available_seats) { alert("There are not enough seats remaining for your party. Please reduce the number of seats needed or email Darren at dklein@nycaudubon.org to place your party on a waiting list."); return false; } else{ $("#submit").hide(); //YOU CAN IGNORE THIS LAST LINE, JUST A LITTLE ANIMATION THING, NOT RELEVANT HERE $("#thing").append('<div id="submitting" class="buttonText animated flash">Submitting...</br><div class="againStop" id="stop">Please wait</div></div>'); }; }); }); </script>个不存在的操作？

before_filter

Answer 1

这是一个直接的黑客攻击，但我能想到检查一个前置过滤器的唯一方法就是初始化。以下检查控制器是否具有使用不存在的操作的前/后过滤器，如果存在则引发异常消息

# config/initializers/before_filters.rb

# require all controllers
Dir['app/controllers/*'].each do |path|
  require path.split('/').last if path.include? '.rb'
end

# get array of all controllers
controllers = ApplicationController.descendants

controllers.each do |controller|
  # get all filters for this controller
  filters = controller._process_action_callbacks

  # get all actions under this controller
  actions = controller.action_methods.to_a

  filters.each do |filter|
    # get all action_conditions for this filter
    action_conditions = filter.instance_variable_get(:@if)

    # raise error message if action used in filter not in available controller actions
    action_conditions.each do |action_condition|
      if actions.none? {|action| action_condition.include? action }
        message = "#{controller.name} has a #{filter.kind.to_s} filter with a non-existant action (#{action_condition.scan(/'([^']*)'/)[0][0]})"
        raise message
      end
    end
  end
end

Answer 2

你做不到。

这就是为什么你需要测试用例。在这种情况下，当authorize_user由于拼写错误而将其应用于不存在的操作时，它们会抓住它而不会触发它。

检测Rails中不存在的操作的before_filter

2 个答案: