diff options
| author | Grant McLean <grant@mclean.net.nz> | 2012-03-10 20:58:40 +1300 |
|---|---|---|
| committer | Grant McLean <grant@mclean.net.nz> | 2012-03-10 20:58:40 +1300 |
| commit | 129ba87dc4d00cba7061111f6431531c4550aaca (patch) | |
| tree | 102da9d08286a7d56e2d3fe34f023e5dfb17dca1 /railties | |
| parent | 35a0521c3c2e8cea397accb648f15f7e8b3cf8a8 (diff) | |
| download | rails-129ba87dc4d00cba7061111f6431531c4550aaca.tar.gz rails-129ba87dc4d00cba7061111f6431531c4550aaca.tar.bz2 rails-129ba87dc4d00cba7061111f6431531c4550aaca.zip | |
fix fragment portion of some links
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/guides/source/2_2_release_notes.textile | 2 | ||||
| -rw-r--r-- | railties/guides/source/form_helpers.textile | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/railties/guides/source/2_2_release_notes.textile b/railties/guides/source/2_2_release_notes.textile index 8e2d528eee..3a0f2efbaf 100644 --- a/railties/guides/source/2_2_release_notes.textile +++ b/railties/guides/source/2_2_release_notes.textile @@ -229,7 +229,7 @@ This will enable recognition of (among others) these routes: * Lead Contributor: "S. Brent Faulkner":http://www.unwwwired.net/ * More information: -** "Rails Routing from the Outside In":http://guides.rubyonrails.org/routing.html#_nested_resources +** "Rails Routing from the Outside In":http://guides.rubyonrails.org/routing.html#nested-resources ** "What's New in Edge Rails: Shallow Routes":http://ryandaigle.com/articles/2008/9/7/what-s-new-in-edge-rails-shallow-routes h4. Method Arrays for Member or Collection Routes diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile index a696e4f8ae..9f91d12a54 100644 --- a/railties/guides/source/form_helpers.textile +++ b/railties/guides/source/form_helpers.textile @@ -39,7 +39,7 @@ When called without arguments like this, it creates a +<form>+ tag which, </form> </html> -Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#_cross_site_reference_forgery_csrf. +Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#cross-site-request-forgery-csrf. NOTE: Throughout this guide, the +div+ with the hidden input elements will be excluded from code samples for brevity. @@ -428,7 +428,7 @@ As with other helpers, if you were to use the +select+ helper on a form builder <%= f.select(:city_id, ...) %> </erb> -WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#_mass_assignment. +WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#mass-assignment. h4. Option Tags from a Collection of Arbitrary Objects |