Devin Mullins
10/31/2006 11:37:00 PM
I'm too lazy ATM to read the whole thing and make a design
recommendation, but Danger, Will Robinson!
> eval("@#{params[:thing_to_search_for]}") =
> (eval(params[:thing_to_search_for].capitalize)).find_by_contents @term
Major Ruby-injection problem here. NEVER eval something you get from an
untrusted user. Use, instead, instance_variable_get and Object.const_get.
Devin