lost password?

home
•  xaraya
•  rails +
•  django
•  webdev
•  xamp
•  musings

rss
Tag this page
   

ยป Blogs that link here
last modified: Jun 14, 2007
(first posted: Jun 13, 2007)
(1936 Reads)
Permalink

acts as ruby

A quick and dirty, dangerous and dumb, funny and very unsecure debugging idea for Rails controllers.

Lets say you want to be able to arbitrarily see the value of a variable in your controller action without going into the debugger or changing your templates. What if you just passed some ruby code in the url?

asdfs_controller.rb

 def show
    @asdf = Asdf.find(params[:id])
    if (params[:ruby])
      return( render :text => eval(params[:ruby]) )
    end
    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @asdf }
    end
  end

Then you could put in your url things like:

http://0.0.0.0:3000/asdfs/1?ruby=@asdf.name
http://0.0.0.0:3000/asdfs/1?ruby=@asdf.class
http://0.0.0.0:3000/asdfs/1?ruby=self.inspect
http://0.0.0.0:3000/asdfs/1?ruby=Asdf.find(:all).size.to_s

 

< prev  next>

acts as ruby

Posted by: robinhoode on September 21, 2007 02:44 AM
Omg.. *faints* What's wrong with plain old IRB?

#

Post a new comment

How many days in a week?

Name :