A very useful plugin by Scott A. Woods.
validate_request plugin allows us to check the request method and parameters that are used to call your action.
For Example consider an add_to_cart action as:
def add_to_cart
@product = Product.find(params[:id])
@cart.add_product(@product)
end
The link to add an item to our cart should like store/add_to_cart/nnn, where nnn is an integer. There will be an error if some one intentionaly enter store/add_to_cart/some_string_here.
ValidateRequest allows us to double check these things, and act appropriately. For instance, we could solve the above problem by adding one line to our action:
def add_to_cart
validate_request(:get, :id => :integer) or return
@product = Product.find(params[:id])
@cart.add_product(@product)
endThe validate_request method will now verify that incoming requests are via the GET method, and that they contain one argument called ‘id’ whose value is an integer. If any of these conditions aren’t true, the requester is redirected to the site’s home page (configurable, of course), and flash[:error] is set with a polite message (also configurable).
Install the plugin by running the following commands from your rails application’s directory:
./script/plugin source svn://rubyforge.org//var/svn/validaterequest/plugins ./script/plugin install validate_request
For more details visit http://rubyforge.org/projects/validaterequest/