Luiz E.
Reputation: 7249
nil class when searching tags
I had a method with the following line
@noticias = Noticia.where(:tags.all => array).paginate(:page => params[:page])
it happens that brakeman says that it has a possible sql injection.
I tried the following instead:
array = params[:query].split(' ')
array.each_with_index do |query, index|
array[index] = array[index].gsub(/<\/?[^>]*>/, "").downcase
end
array.each do |tag|
@noticias << Noticia.where(:tags => tag)
end
but i got something like `undefined << for nil:NilClass
what am i missing?
Upvotes: 0
Views: 43
Answers (1)
Roxas Shadow
Reputation: 380
If you're using Mongodb, you can sure that your code is SQL Injection free.
Although MongoDB isn't vulnerable to anything like SQL-injection, it may be worth checking the search string for anything malicious. mongodb tutorial
Upvotes: 1
Related Questions
- Mongoid finders not working?
- NoMethodError, undefined method in my controller Ruby on Rails
- NoMethodError in Mongoid
- uninitialized constant Mongoid::Taggable::Mongo
- Mongoid Undefined method [] for nil:nilClass
- Rails 3: Controller returns class method nil
- Problems with mongoid querying
- mongoid_taggable not working
- Mongoid causing error whenever I use gem command
- mongoid with rails - Database should be a Mongo::DB, not NilClass"