From 78e085b12cbd10c249df03a42014ad6fd257bc25 Mon Sep 17 00:00:00 2001
From: dmathieu <42@dmathieu.com>
Date: Mon, 8 Nov 2010 10:14:15 +0100
Subject: Use Rails.logger, not ActiveRecord::Base.logger
Because everybody is not using ActiveRecord. And the logger is not specific to it.
---
railties/guides/source/debugging_rails_applications.textile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/railties/guides/source/debugging_rails_applications.textile b/railties/guides/source/debugging_rails_applications.textile
index 6eec18b8b9..adf427147b 100644
--- a/railties/guides/source/debugging_rails_applications.textile
+++ b/railties/guides/source/debugging_rails_applications.textile
@@ -127,8 +127,8 @@ Rails makes use of Ruby's standard +logger+ to write log information. You can al
You can specify an alternative logger in your +environment.rb+ or any environment file:
-ActiveRecord::Base.logger = Logger.new(STDOUT)
-ActiveRecord::Base.logger = Log4r::Logger.new("Application Log")
+Rails.logger = Logger.new(STDOUT)
+Rails.logger = Log4r::Logger.new("Application Log")
Or in the +Initializer+ section, add _any_ of the following
@@ -142,13 +142,13 @@ TIP: By default, each log is created under +Rails.root/log/+ and the log file na
h4. Log Levels
-When something is logged it's printed into the corresponding log if the log level of the message is equal or higher than the configured log level. If you want to know the current log level you can call the +ActiveRecord::Base.logger.level+ method.
+When something is logged it's printed into the corresponding log if the log level of the message is equal or higher than the configured log level. If you want to know the current log level you can call the +Rails.logger.level+ method.
The available log levels are: +:debug+, +:info+, +:warn+, +:error+, and +:fatal+, corresponding to the log level numbers from 0 up to 4 respectively. To change the default log level, use
config.log_level = Logger::WARN # In any environment initializer, or
-ActiveRecord::Base.logger.level = 0 # at any time
+Rails.logger.level = 0 # at any time
This is useful when you want to log under development or staging, but you don't want to flood your production log with unnecessary information.
--
cgit v1.2.3
From 645f5158432b541948bcb3e3745cce18ab257df2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?=
Date: Mon, 8 Nov 2010 01:47:49 -0800
Subject: Add a note to TextHelpers making explicit their default behavior of
not escaping but sanitizing.
---
actionpack/lib/action_view/helpers/text_helper.rb | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index 7c877a0f57..3d276000a1 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -9,6 +9,24 @@ module ActionView
# and transforming strings, which can reduce the amount of inline Ruby code in
# your views. These helper methods extend Action View making them callable
# within your template files.
+ #
+ # ==== Sanitization
+ #
+ # Most text helpers by default sanitize the given content, but do not escape it.
+ # This means HTML tags will appear in the page but all malicious code will be removed.
+ # Let's look at some examples using the +simple_format+ method:
+ #
+ # simple_format('Example')
+ # # => "Example
"
+ #
+ # simple_format('Example')
+ # # => "Example
"
+ #
+ # If you want to escape all content, you should invoke the +h+ method before
+ # calling the text helper.
+ #
+ # simple_format h('Example')
+ # # => "<a href=\"http://example.com/\">Example</a>
"
module TextHelper
extend ActiveSupport::Concern
--
cgit v1.2.3