From 6b935d2c15a004e2d6f527e7bd7684e0dad96386 Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Fri, 13 Sep 2013 18:26:18 +0200 Subject: Updated with latest method [ci skip] --- guides/source/active_support_core_extensions.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index e6b849e4c9..c072330842 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -96,12 +96,13 @@ INFO: The predicate for strings uses the Unicode-aware character class `[:space: WARNING: Note that numbers are not mentioned. In particular, 0 and 0.0 are **not** blank. -For example, this method from `ActionDispatch::Session::AbstractStore` uses `blank?` for checking whether a session key is present: +For example, this method from `ActionController::HttpAuthentication::Token::ControllerMethods` uses `blank?` for checking whether a token is present: ```ruby -def ensure_session_key! - if @key.blank? - raise ArgumentError, 'A key is required...' +def authenticate(controller, &login_procedure) + token, options = token_and_options(controller.request) + unless token.blank? + login_procedure.call(token, options) end end ``` -- cgit v1.2.3 From ab5a4b59be903a5897eca69bb3fe49c79fc80806 Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Fri, 13 Sep 2013 18:44:14 +0200 Subject: Updated the file path [ci skip] --- guides/source/active_support_core_extensions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index c072330842..ec2928ee05 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -2000,7 +2000,7 @@ Produce a string representation of a number in human-readable words: 1234567890123456.to_s(:human) # => "1.23 Quadrillion" ``` -NOTE: Defined in `active_support/core_ext/numeric/formatting.rb`. +NOTE: Defined in `active_support/core_ext/numeric/conversions.rb`. Extensions to `Integer` ----------------------- @@ -2445,7 +2445,7 @@ dup[1][2] = 4 array[1][2] == nil # => true ``` -NOTE: Defined in `active_support/core_ext/array/deep_dup.rb`. +NOTE: Defined in `active_support/core_ext/object/deep_dup.rb`. ### Grouping @@ -2671,7 +2671,7 @@ hash[:b][:e] == nil # => true hash[:b][:d] == [3, 4] # => true ``` -NOTE: Defined in `active_support/core_ext/hash/deep_dup.rb`. +NOTE: Defined in `active_support/core_ext/object/deep_dup.rb`. ### Diffing @@ -3873,4 +3873,4 @@ rescue NameError => e end ``` -NOTE: Defined in `active_support/core_ext/load_error.rb`. +NOTE: Defined in `actionpack/lib/abstract_controller/helpers.rb`. -- cgit v1.2.3 From e4d6a61cd62911af2d85f8d899bb3cbaeeb38574 Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Wed, 24 Jul 2013 13:33:53 +0200 Subject: Updated guides with latest method [ci skip] --- guides/source/active_support_core_extensions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index ec2928ee05..08a95f3fd9 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -3844,13 +3844,13 @@ def default_helper_module! module_path = module_name.underscore helper module_path rescue MissingSourceFile => e - raise e unless e.is_missing? "#{module_path}_helper" + raise e unless e.is_missing? "helpers/#{module_path}_helper" rescue NameError => e raise e unless e.missing_name? "#{module_name}Helper" end ``` -NOTE: Defined in `active_support/core_ext/name_error.rb`. +NOTE: Defined in `actionpack/lib/abstract_controller/helpers.rb`. Extensions to `LoadError` ------------------------- -- cgit v1.2.3 From 361eea79999b5ad298be80a39766748b2a04258c Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Fri, 13 Sep 2013 19:09:10 +0200 Subject: Removed doc of diff method [ci skip] --- guides/source/active_support_core_extensions.md | 38 ------------------------- 1 file changed, 38 deletions(-) (limited to 'guides/source') diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index 08a95f3fd9..d3f49b19fa 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -2673,44 +2673,6 @@ hash[:b][:d] == [3, 4] # => true NOTE: Defined in `active_support/core_ext/object/deep_dup.rb`. -### Diffing - -The method `diff` returns a hash that represents a diff of the receiver and the argument with the following logic: - -* Pairs `key`, `value` that exist in both hashes do not belong to the diff hash. - -* If both hashes have `key`, but with different values, the pair in the receiver wins. - -* The rest is just merged. - -```ruby -{a: 1}.diff(a: 1) -# => {}, first rule - -{a: 1}.diff(a: 2) -# => {:a=>1}, second rule - -{a: 1}.diff(b: 2) -# => {:a=>1, :b=>2}, third rule - -{a: 1, b: 2, c: 3}.diff(b: 1, c: 3, d: 4) -# => {:a=>1, :b=>2, :d=>4}, all rules - -{}.diff({}) # => {} -{a: 1}.diff({}) # => {:a=>1} -{}.diff(a: 1) # => {:a=>1} -``` - -An important property of this diff hash is that you can retrieve the original hash by applying `diff` twice: - -```ruby -hash.diff(hash2).diff(hash2) == hash -``` - -Diffing hashes may be useful for error messages related to expected option hashes for example. - -NOTE: Defined in `active_support/core_ext/hash/diff.rb`. - ### Working with Keys #### `except` and `except!` -- cgit v1.2.3 From 6c83aaf4ae6cbb6ac457a1829ea8edddf5867619 Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Fri, 13 Sep 2013 19:19:28 +0200 Subject: asset_url => asset-url in sass-rails docs [ci skip] --- guides/source/upgrading_ruby_on_rails.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index 3daa10ea07..224213268e 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -339,7 +339,7 @@ config.assets.js_compressor = :uglifier ### sass-rails -* `asset_url` with two arguments is deprecated. For example: `asset-url("rails.png", image)` becomes `asset-url("rails.png")` +* `asset-url` with two arguments is deprecated. For example: `asset-url("rails.png", image)` becomes `asset-url("rails.png")` Upgrading from Rails 3.1 to Rails 3.2 ------------------------------------- -- cgit v1.2.3 From b827663e5f6646eb6aaceac1f04a09db993ec5bf Mon Sep 17 00:00:00 2001 From: Rashmi Yadav Date: Fri, 13 Sep 2013 19:54:56 +0200 Subject: EncryptedCookieStore => CookieStore [ci skip] --- guides/source/command_line.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/command_line.md b/guides/source/command_line.md index f11e08a0c1..805a62ad1e 100644 --- a/guides/source/command_line.md +++ b/guides/source/command_line.md @@ -387,7 +387,7 @@ Active Record version 4.0.0 Action Pack version 4.0.0 Action Mailer version 4.0.0 Active Support version 4.0.0 -Middleware Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::EncryptedCookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::Head, Rack::ConditionalGet, Rack::ETag +Middleware Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::Head, Rack::ConditionalGet, Rack::ETag Application root /home/foobar/commandsapp Environment development Database adapter sqlite3 -- cgit v1.2.3 From ebcd9d6c03fecc6946c794c19c544b5f1349b8f1 Mon Sep 17 00:00:00 2001 From: Sergio Date: Sun, 15 Sep 2013 23:51:31 +0200 Subject: surplus : in attachment_fu plugin surplus ':' character in url --- guides/source/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/security.md b/guides/source/security.md index 4aba39f55a..0c2d3caa4e 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -290,7 +290,7 @@ NOTE: _Make sure file uploads don't overwrite important files, and process media Many web applications allow users to upload files. _File names, which the user may choose (partly), should always be filtered_ as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like "../../../etc/passwd", it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so - one more reason to run web servers, database servers and other programs as a less privileged Unix user. -When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master:) +When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master) ```ruby def sanitize_filename(filename) -- cgit v1.2.3 From edb74a187b905240675317a263d3e8c705157024 Mon Sep 17 00:00:00 2001 From: Sergio Date: Mon, 16 Sep 2013 00:25:00 +0200 Subject: incorrect urls I've found two incorrects urls for adding ':' at the end of the url --- guides/source/security.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/security.md b/guides/source/security.md index 0c2d3caa4e..7d84681c13 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -290,7 +290,7 @@ NOTE: _Make sure file uploads don't overwrite important files, and process media Many web applications allow users to upload files. _File names, which the user may choose (partly), should always be filtered_ as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like "../../../etc/passwd", it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so - one more reason to run web servers, database servers and other programs as a less privileged Unix user. -When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master) +When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master): ```ruby def sanitize_filename(filename) @@ -447,7 +447,7 @@ Here are some ideas how to hide honeypot fields by JavaScript and/or CSS: The most simple negative CAPTCHA is one hidden honeypot field. On the server side, you will check the value of the field: If it contains any text, it must be a bot. Then, you can either ignore the post or return a positive result, but not saving the post to the database. This way the bot will be satisfied and moves on. You can do this with annoying users, too. -You can find more sophisticated negative CAPTCHAs in Ned Batchelder's [blog post](http://nedbatchelder.com/text/stopbots.html:) +You can find more sophisticated negative CAPTCHAs in Ned Batchelder's [blog post](http://nedbatchelder.com/text/stopbots.html): * Include a field with the current UTC time-stamp in it and check it on the server. If it is too far in the past, or if it is in the future, the form is invalid. * Randomize the field names -- cgit v1.2.3 From f91ea5101725e87d28e6045795ae52d2394a2c60 Mon Sep 17 00:00:00 2001 From: Sergio Date: Mon, 16 Sep 2013 01:09:56 +0200 Subject: incorrect url incorrect url --- guides/source/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/security.md b/guides/source/security.md index 7d84681c13..d7a41497f8 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -760,7 +760,7 @@ The following is an excerpt from the [Js.Yamanner@m](http://www.symantec.com/sec The worms exploits a hole in Yahoo's HTML/JavaScript filter, which usually filters all target and onload attributes from tags (because there can be JavaScript). The filter is applied only once, however, so the onload attribute with the worm code stays in place. This is a good example why blacklist filters are never complete and why it is hard to allow HTML/JavaScript in a web application. -Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details on [Rosario Valotta's paper](http://www.xssed.com/article/9/Paper_A_PoC_of_a_cross_webmail_worm_XWW_called_Njuda_connection/). Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with. +Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details on [Rosario Valotta's paper](http://www.xssed.com/news/37/Nduja_Connection_A_cross_webmail_worm_XWW/). Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with. In December 2006, 34,000 actual user names and passwords were stolen in a [MySpace phishing attack](http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html). The idea of the attack was to create a profile page named "login_home_index_html", so the URL looked very convincing. Specially-crafted HTML and CSS was used to hide the genuine MySpace content from the page and instead display its own login form. -- cgit v1.2.3 From 3c23cacb6fe8d1ed235ad5350bdc049183942833 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Tue, 17 Sep 2013 09:31:10 +0530 Subject: Fix Show link on resource --- guides/source/getting_started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index e5bc5ef038..3e2fd2a845 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -1132,7 +1132,7 @@ appear next to the "Show" link: <%= post.title %> <%= post.text %> - <%= link_to 'Show', post %> + <%= link_to 'Show', post_path(post) %> <%= link_to 'Edit', edit_post_path(post) %> <% end %> -- cgit v1.2.3 From 7fe1f0f4ea2c9e82b4b19ecb07a3c9f4dca96821 Mon Sep 17 00:00:00 2001 From: Weston Platter Date: Sun, 22 Sep 2013 12:07:23 -0600 Subject: use active voice and use more descriptive terms --- guides/source/active_record_querying.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'guides/source') diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md index 28013beeae..731c223285 100644 --- a/guides/source/active_record_querying.md +++ b/guides/source/active_record_querying.md @@ -1189,7 +1189,7 @@ class Post < ActiveRecord::Base end ``` -This may then be called using this: +Call the scope as if it were a class method: ```ruby Post.created_before(Time.zone.now) -- cgit v1.2.3 From e2a7dbfe30e18cedb26a872ba0e1de4b95b513c4 Mon Sep 17 00:00:00 2001 From: wangjohn Date: Wed, 25 Sep 2013 01:20:25 -0500 Subject: Added missing active record configurations. --- guides/source/configuring.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'guides/source') diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 3cf5cdd71f..e683e7c31c 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -273,6 +273,12 @@ config.middleware.delete "Rack::MethodOverride" * `config.active_record.cache_timestamp_format` controls the format of the timestamp value in the cache key. Default is `:number`. +* `config.active_record.record_timestamps` is a boolean value which controls whether or not timestamping of `create` and `update` operations on a model occur. The default value is `true`. + +* `config.active_record.partial_writes` is a boolean value and controls whether or not partial writes are used (i.e. whether updates only set attributes that are dirty). Note that when using partial writes, you should also use optimistic locking `config.active_record.lock_optimistically` since concurrent updates may write attributes based on a possibly stale read state. The default value is `true`. + +* `config.active_record.attribute_types_cached_by_default` sets the attribute types that `ActiveRecord::AttributeMethods` will cache by default on reads. The default is `[:datetime, :timestamp, :time, :date]`. + The MySQL adapter adds one additional configuration option: * `ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans` controls whether Active Record will consider all `tinyint(1)` columns in a MySQL database to be booleans and is true by default. -- cgit v1.2.3