Removed unnecessary verbosity (PR #886)

Hello guys, I removed some unnecessary verbosity in topics controller and post model, because active record takes care of converting parameters to integer and explicit to_i is not needed. Added more shorter versions of map method.

Have a nice day :slight_smile:

GitHub

Thanks for contributing this pull request! Could you please sign our CLA so we can review it? http://www.discourse.org/cla

I am not that comfortable with this change, the right thing to do is to introduce strong parameters then I would feel safe that these things can only be scalars and not hashes and a potential security hole.

https://github.com/rails/strong_parameters

If you would like to try introducing strong params for this class I would prefer that, it gives us a way forward wrt rails 4 as well

Ok, I can do that. Are there any other controllers that need strong params to be implemented?

Yeah, all of them :slight_smile:

We agreed today to move to the new system, but have not had a chance to migrate to it, recommend you work in small chunks, one pr per controller or 2 to start with

On Thursday, 23 May 2013 at 6:58 PM, Jānis Miezītis wrote:

Ok, I can do that, are there any other controllers that need strong params to be implemented?

— Reply to this email directly or view it on GitHub (https://github.com/discourse/discourse/pull/886#issuecomment-18331263).

Thanks for the effort but sadly I am not OK with this either - there have been so many security holes in the past that were cleared up by .to_i

Strong parameters is a great solution. Closing this.