From 1e550ccd0d5827bf7cf8de4c5b92938a9fabc96f Mon Sep 17 00:00:00 2001 From: Pratik Naik Date: Mon, 19 Jan 2009 02:17:38 +0000 Subject: Regen guides --- railties/doc/guides/html/form_helpers.html | 308 ++++++++++++++--------------- railties/doc/guides/html/security.html | 2 +- 2 files changed, 147 insertions(+), 163 deletions(-) (limited to 'railties/doc/guides/html') diff --git a/railties/doc/guides/html/form_helpers.html b/railties/doc/guides/html/form_helpers.html index 1054aa8ff5..6169574d35 100644 --- a/railties/doc/guides/html/form_helpers.html +++ b/railties/doc/guides/html/form_helpers.html @@ -31,35 +31,29 @@

Chapters

  1. - Basic forms + Dealing With Basic Forms
  2. - Different Families of helpers + Dealing With Model Objects -
    3. -
  3. - Forms that deal with model attributes -
  4. @@ -77,10 +71,10 @@
  5. - Date and time select boxes + Using Date and Time Form Helpers
  6. - Form builders - -
    7. -
  7. - File Uploads + Uploading Files -
    8. -
  8. - Parameter Names -
  9. - Complex forms + Building Complex forms
  10. Changelog @@ -165,7 +145,7 @@ Learn what makes a file upload form different; -

    1. Basic forms

    +

    1. Dealing With Basic Forms

    The most basic form helper is form_tag.

    @@ -196,7 +176,7 @@ Learn what makes a file upload form different;

    1.1. Generic search form

    Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of:

    -
      +

      1. a form element with "GET" method, @@ -294,7 +274,19 @@ a submit element. Do not delimit the second hash without doing so with the first hash, otherwise your method invocation will result in an expecting tASSOC syntax error.

      -

      1.3. Checkboxes, radio buttons and other controls

      +

      1.3. Helpers for generating form elements

      +

      Rails provides a series of helpers for generating form elements such as checkboxes, text fields, radio buttons and so. These basic helpers, with names ending in _tag such as text_field_tag, check_box_tag just generate a single <input> element. The first parameter to these is always the name of the input. This is the name under which value will appear in the params hash in the controller. For example if the form contains

      +
      +
      +
      <%= text_field_tag(:query) %>
      +
      +

      then the controller code should use

      +
      +
      +
      params[:query]
      +
      +

      to retrieve the value entered by the user. When naming inputs be aware that Rails uses certain conventions that control whether values appear at the top level of the params hash, inside an array or a nested hash and so on. You can read more about them in the parameter names section. For details on the precise usage of these helpers, please refer to the API documentation.

      +

      1.3.1. Checkboxes

      Checkboxes are form controls that give the user a set of options they can enable or disable:

      @@ -310,6 +302,8 @@ output: <input id="pet_cat" name="pet_cat" type="checkbox" value="1" /> <label for="pet_cat">I own a cat</label>
      +

      The second parameter to check_box_tag is the value of the input. This is the value that will be submitted by the browser if the checkbox is ticked (i.e. the value that will be present in the params hash). With the above form you would check the value of params[:pet_dog] and params[:pet_cat] to see which pets the user owns.

      +

      1.3.2. Radio buttons

      Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (user can only pick one):

      @@ -325,6 +319,7 @@ output: <input id="age_adult" name="age" type="radio" value="adult" /> <label for="age_adult">I'm over 21</label>
      +

      As with check_box_tag the second parameter to radio_button_tag is the value of the input. Because these two radio buttons share the same name (age) the user will only be able to select one and params[:age] will contain either child or adult.

      @@ -333,7 +328,8 @@ output: Always use labels for each checkbox and radio button. They associate text with a specific option and provide a larger clickable region.
      -

      Other form controls worth mentioning are the text area, password input and hidden input:

      +

      1.3.3. Other helpers of interest

      +

      Other form controls worth mentioning are the text area, password input and hidden input:

      <%= text_area_tag(:message, "Hi, nice site", :size => "24x6") %>
@@ -346,7 +342,7 @@ output:
 <input id="password" name="password" type="password" />
 <input id="parent_id" name="parent_id" type="hidden" value="5" />
      -

      Hidden inputs are not shown to the user, but they hold data same as any textual input. Values inside them can be changed with JavaScript.

      +

      Hidden inputs are not shown to the user, but they hold data like any textual input. Values inside them can be changed with JavaScript.

      @@ -355,42 +351,12 @@ output: If you’re using password input fields (for any purpose), you might want to prevent their values showing up in application logs by activating filter_parameter_logging(:password) in your ApplicationController.
      -

      1.4. How do forms with PUT or DELETE methods work?

      -

      Rails framework encourages RESTful design of your applications, which means you’ll be making a lot of "PUT" and "DELETE" requests (besides "GET" and "POST"). Still, most browsers don’t support methods other than "GET" and "POST" when it comes to submitting forms. How does this work, then?

      -

      Rails works around this issue by emulating other methods over POST with a hidden input named "_method" that is set to reflect the desired method:

      -
      -
      -
      form_tag(search_path, :method => "put")
-
-output:
-
-<form action="/search" method="post">
-  <div style="margin:0;padding:0">
-    <input name="_method" type="hidden" value="put" />
-    <input name="authenticity_token" type="hidden" value="f755bb0ed134b76c432144748a6d4b7a7ddf2b71" />
-  </div>
-  ...
      -
      -

      When parsing POSTed data, Rails will take into account the special _method parameter and act as if the HTTP method was the one specified inside it ("PUT" in this example).

    -

    2. Different Families of helpers

    +

    2. Dealing With Model Objects

    -

    Most of Rails' form helpers are available in two forms.

    -

    2.1. Barebones helpers

    -

    These just generate the appropriate markup. These have names ending in _tag such as text_field_tag, check_box_tag. The first parameter to these is always the name of the input. This is the name under which value will appear in the params hash in the controller. For example if the form contains

    -
    -
    -
    <%= text_field_tag(:query) %>
    -
    -

    then the controller code should use

    -
    -
    -
    params[:query]
    -
    -

    to retrieve the value entered by the user. When naming inputs be aware that Rails uses certain conventions that control whether values appear at the top level of the params hash, inside an array or a nested hash and so on. You can read more about them in the parameter names section. For details on the precise usage of these helpers, please refer to the API documentation.

    -

    2.2. Model object helpers

    -

    These are designed to work with a model object (commonly an Active Record object but this need not be the case). These lack the _tag suffix, for example text_field, text_area.

    -

    For these helpers the first arguement is the name of an instance variable and the second is the name a method (usually an attribute) to call on that object. Rails will set the value of the input control to the return value of that method for the object and set an appropriate input name. If your controller has defined @person and that person’s name is Henry then a form containing:

    +

    2.1. Model object helpers

    +

    A particularly common task for a form is editing or creating a model object. While the *_tag helpers could certainly be used for this task they are somewhat verbose as for each tag you would have to ensure the correct parameter name is used and set the default value of the input appropriately. Rails provides helpers tailored to this task. These helpers lack the _tag suffix, for example text_field, text_area.

    +

    For these helpers the first argument is the name of an instance variable and the second is the name of a method (usually an attribute) to call on that object. Rails will set the value of the input control to the return value of that method for the object and set an appropriate input name. If your controller has defined @person and that person’s name is Henry then a form containing:

    <%= text_field(:person, :name) %>
    @@ -411,10 +377,10 @@ output:
    -
    -

    3. Forms that deal with model attributes

    -
    -

    While the helpers seen so far are handy Rails can save you some work. For example typically a form is used to edit multiple attributes of a single object, so having to repeat the name of the object being edited is clumsy. The following examples will handle an Article model. First, have the controller create one:

    +

    Rails provides helpers for displaying the validation errors associated with a model object. These are covered in detail by the Active Record Validations and Callbacks guide.

    +

    2.2. Binding a form to an object

    +

    While this is an increase in comfort it is far from perfect. If Person has many attributes to edit then we would be repeating the name of the edited object many times. What we want to do is somehow bind a form to a model object which is exactly what form_for does.

    +

    Assume we have a controller for dealing with articles:

    articles_controller.rb
    @@ -422,7 +388,7 @@ output: @article = Article.new end
    -

    Now switch to the view. The first thing to remember is to use the form_for helper instead of form_tag, and that you should pass the model name and object as arguments:

    +

    The corresponding view using form_for looks like this

    articles/new.html.erb
    @@ -433,10 +399,10 @@ end <% end %>

    There are a few things to note here:

    -
      +

      1. -:article is the name of the model and @article is the record. +:article is the name of the model and @article is the actual object being edited.

      2. @@ -446,7 +412,7 @@ There is a single hash of options. Routing options are passed inside :url

      3. -The form_for method yields a form builder object (the f variable). +The form_for method yields a form builder object (the f variable).

      4. @@ -466,8 +432,27 @@ Methods to create form controls are called on the form builder

    The name passed to form_for controls where in the params hash the form values will appear. Here the name is article and so all the inputs have names of the form article[attribute_name]. Accordingly, in the create action params[:article] will be a hash with keys :title and :body. You can read more about the significance of input names in the parameter names section.

    The helper methods called on the form builder are identical to the model object helpers except that it is not necessary to specify which object is being edited since this is already managed by the form builder.

    -

    3.1. Relying on record identification

    -

    In the previous chapter you handled the Article model. This model is directly available to users of our application, so — following the best practices for developing with Rails — you should declare it a resource.

    +

    You can create a similar binding without actually creating <form> tags with the fields_for helper. This is useful for editing additional model objects with the same form. For example if you had a Person model with an associated ContactDetail model you could create a form for editing both like so:

    +
    +
    +
    <% form_for @person do |person_form| %>
+  <%= person_form.text_field :name %>
+  <% fields_for @person.contact_detail do |contact_details_form| %>
+    <%= contact_details_form.text_field :phone_number %>
+  <% end %>
+<% end %>
    +
    +

    which produces the following output:

    +
    +
    +
    <form action="/people/1" class="edit_person" id="edit_person_1" method="post">
+  <input id="person_name" name="person[name]" size="30" type="text" />
+  <input id="contact_detail_phone_number" name="contact_detail[phone_number]" size="30" type="text" />
+</form>
    +
    +

    The object yielded by fields_for is a form builder like the one yielded by form_for (in fact form_for calls fields_for internally).

    +

    2.3. Relying on record identification

    +

    The Article model is directly available to users of our application, so — following the best practices for developing with Rails — you should declare it a resource.

    When dealing with RESTful resources, calls to form_for can get significantly easier if you rely on record identification. In short, you can just pass the model instance and have Rails figure out model name and the rest:

    @@ -493,7 +478,7 @@ form_for(@article) When you’re using STI (single-table inheritance) with your models, you can’t rely on record identification on a subclass if only their parent class is declared a resource. You will have to specify the model name, :url and :method explicitly.
    -

    3.1.1. Dealing with namespaces

    +

    2.3.1. Dealing with namespaces

    If you have created namespaced routes form_for has a nifty shorthand for that too. If your application has an admin namespace then

    @@ -504,12 +489,29 @@ form_for(@article) 
    form_for [:admin, :management, @article]
    -

    For more information on Rails' routing system and the associated conventions, please see the routing guide.

    +

    For more information on Rails' routing system and the associated conventions, please see the routing guide.

    +

    2.4. How do forms with PUT or DELETE methods work?

    +

    Rails framework encourages RESTful design of your applications, which means you’ll be making a lot of "PUT" and "DELETE" requests (besides "GET" and "POST"). Still, most browsers don’t support methods other than "GET" and "POST" when it comes to submitting forms. How does this work, then?

    +

    Rails works around this issue by emulating other methods over POST with a hidden input named "_method" that is set to reflect the desired method:

    +
    +
    +
    form_tag(search_path, :method => "put")
+
+output:
+
+<form action="/search" method="post">
+  <div style="margin:0;padding:0">
+    <input name="_method" type="hidden" value="put" />
+    <input name="authenticity_token" type="hidden" value="f755bb0ed134b76c432144748a6d4b7a7ddf2b71" />
+  </div>
+  ...
    +
    +

    When parsing POSTed data, Rails will take into account the special _method parameter and act as if the HTTP method was the one specified inside it ("PUT" in this example).

    -

    4. Making select boxes with ease

    +

    3. Making select boxes with ease

    -

    Select boxes in HTML require a significant amount of markup (one OPTION element for each option to choose from), therefore it makes the most sense for them to be dynamically generated from data stored in arrays or hashes.

    -

    Here is what our wanted markup might look like:

    +

    Select boxes in HTML require a significant amount of markup (one OPTION element for each option to choose from), therefore it makes the most sense for them to be dynamically generated.

    +

    Here is what the markup might look like:

    <select name="city_id" id="city_id">
@@ -519,8 +521,8 @@ form_for(@article)
    <option value="12">Berlin</option> </select>
    -

    Here you have a list of cities where their names are presented to the user, but internally the application only wants to handle their IDs so they are used as the options' value attributes. Let’s see how Rails can help out here.

    -

    4.1. The select tag and options

    +

    Here you have a list of cities whose names are presented to the user. Internally the application only wants to handle their IDs so they are used as the options' value attribute. Let’s see how Rails can help out here.

    +

    3.1. The select tag and options

    The most generic helper is select_tag, which — as the name implies — simply generates the SELECT tag that encapsulates an options string:

    @@ -565,7 +567,7 @@ output:
    -

    4.2. Select boxes for dealing with models

    +

    3.2. Select boxes for dealing with models

    Until now you’ve seen how to make generic select boxes, but in most cases our form controls will be tied to a specific database model. So, to continue from our previous examples, let’s assume that you have a "Person" model with a city_id attribute.

    Consistent with other form helpers, when dealing with models you drop the _tag suffix from select_tag.

    @@ -598,7 +600,7 @@ output:
    -

    4.3. Option tags from a collection of arbitrary objects

    +

    3.3. Option tags from a collection of arbitrary objects

    Until now you were generating option tags from nested arrays with the help of options_for_select method. Data in our array were raw values:

    @@ -621,19 +623,19 @@ output: 
    <%= collection_select(:person, :city_id, City.all, :id, :name) %>

    To recap, options_from_collection_for_select is to collection_select what options_for_select is to select.

    -

    4.4. Time zone and country select

    +

    3.4. Time zone and country select

    To leverage time zone support in Rails, you have to ask our users what time zone they are in. Doing so would require generating select options from a list of pre-defined TimeZone objects using collection_select, but you can simply use the time_zone_select helper that already wraps this:

    <%= time_zone_select(:person, :city_id) %>

    There is also time_zone_options_for_select helper for a more manual (therefore more customizable) way of doing this. Read the API documentation to learn about the possible arguments for these two methods.

    -

    Rails used to have a country_select helper for choosing countries but this has been extracted to the country_select plugin. When using this do be aware that the exclusion or inclusion of certain names from the list can be somewhat controversial (and was the reason this functionality was extracted from rails)

    +

    Rails used to have a country_select helper for choosing countries but this has been extracted to the country_select plugin. When using this do be aware that the exclusion or inclusion of certain names from the list can be somewhat controversial (and was the reason this functionality was extracted from rails).

    -

    5. Date and time select boxes

    +

    4. Using Date and Time Form Helpers

    The date and time helpers differ from all the other form helpers in two important respects:

    -
      +

      1. Unlike other attributes you might typically have, dates and times are not representable by a single input element. Instead you have several, one for each component (year, month, day etc...). So in particular, there is no single value in your params hash with your date or time. @@ -646,7 +648,7 @@ Other helpers use the _tag suffix to indicate whether a helper is a barebones he

      Both of these families of helpers will create a series of select boxes for the different components (year, month, day etc...).

      -

      5.1. Barebones helpers

      +

      4.1. Barebones helpers

      The select_* family of helpers take as their first argument an instance of Date, Time or DateTime that is used as the currently selected value. You may omit this parameter, in which case the current date is used. For example

      @@ -665,7 +667,7 @@ Other helpers use the _tag suffix to indicate whether a helper is a barebones he 
      Date::civil(params[:start_date][:year].to_i, params[:start_date][:month].to_i, params[:start_date][:day].to_i)

      The :prefix option controls where in the params hash the date components will be placed. Here it was set to start_date, if omitted it will default to date.

      -

      5.2. Model object helpers

      +

      4.2. Model object helpers

      select_date does not work well with forms that update or create Active Record objects as Active Record expects each element of the params hash to correspond to one attribute. The model object helpers for dates and times submit parameters with special names. When Active Record sees parameters with such names it knows they must be combined with the other parameters and given to a constructor appropriate to the column type. For example

      @@ -685,7 +687,7 @@ The model object helpers for dates and times submit parameters with special name 
      {:person => {'birth_date(1i)' => '2008', 'birth_date(2i)' => '11', 'birth_date(3i)' => '22'}}

    When this is passed to Person.new, Active Record spots that these parameters should all be used to construct the birth_date attribute and uses the suffixed information to determine in which order it should pass these parameters to functions such as Date::civil.

    -

    5.3. Common options

    +

    4.3. Common options

    Both families of helpers use the same core set of functions to generate the individual select tags and so both accept largely the same options. In particular, by default Rails will generate year options 5 years either side of the current year. If this is not an appropriate range, the :start_year and :end_year options override this. For an exhaustive list of the available options, refer to the API documentation.

    As a rule of thumb you should be using date_select when working with model objects and select_date in others cases, such as a search form which filters results by date.

    @@ -697,61 +699,7 @@ The model object helpers for dates and times submit parameters with special name
    -

    6. Form builders

    -
    -

    As mentioned previously the object yielded by form_for and fields_for is an instance of FormBuilder (or a subclass thereof). Form builders encapsulate the notion of displaying a form elements for a single object. While you can of course write helpers for your forms in the usual way you can also subclass FormBuilder and add the helpers there. For example

    -
    -
    -
    <% form_for @person  do |f| %>
-  <%= text_field_with_label f, :first_name %>
-<% end %>
    -
    -

    can be replaced with

    -
    -
    -
    <% form_for @person, :builder => LabellingFormBuilder do |f| %>
-  <%= f.text_field :first_name %>
-<% end %>
    -
    -

    by defining a LabellingFormBuilder class similar to the following:

    -
    -
    -
    class LabellingFormBuilder < FormBuilder
-  def text_field attribute, options={}
-    label(attribute) + text_field(attribute, options)
-  end
-end
    -

    If you reuse this frequently you could define a labeled_form_for helper that automatically applies the :builder => LabellingFormBuilder option.

    -

    The form builder used also determines what happens when you do

    -
    -
    -
    <%= render :partial => f %>
    -
    -

    If f is an instance of FormBuilder then this will render the form partial, setting the partial’s object to the form builder. If the form builder is of class LabellingFormBuilder then the labelling_form partial would be rendered instead.

    -

    6.1. Scoping out form controls with fields_for

    -

    fields_for creates a form builder in exactly the same way as form_for but doesn’t create the actual <form> tags. It creates a scope around a specific model object like form_for, which is useful for specifying additional model objects in the same form. For example if you had a Person model with an associated ContactDetail model you could create a form for editing both like so:

    -
    -
    -
    <% form_for @person do |person_form| %>
-  <%= person_form.text_field :name %>
-  <% fields_for @person.contact_detail do |contact_details_form| %>
-    <%= contact_details_form.text_field :phone_number %>
-  <% end %>
-<% end %>
    -
    -

    which produces the following output:

    -
    -
    -
    <form action="/people/1" class="edit_person" id="edit_person_1" method="post">
-  <input id="person_name" name="person[name]" size="30" type="text" />
-  <input id="contact_detail_phone_number" name="contact_detail[phone_number]" size="30" type="text" />
-</form>
    -
    -
    -

    7. File Uploads

    +

    5. Uploading Files

    A common task is uploading some sort of file, whether it’s a picture of a person or a CSV file containing data to process. The most important thing to remember with file uploads is that the form’s encoding MUST be set to multipart/form-data. If you forget to do this the file will not be uploaded. This can be done by passing :multi_part => true as an HTML option. This means that in the case of form_tag it must be passed in the second options hash and in the case of form_for inside the :html hash.

    The following two forms both upload a file.

    @@ -766,7 +714,7 @@ http://www.gnu.org/software/src-highlite --> <% end %>

    Rails provides the usual pair of helpers: the barebones file_field_tag and the model oriented file_field. The only difference with other helpers is that you cannot set a default value for file inputs as this would have no meaning. As you would expect in the first case the uploaded file is in params[:picture] and in the second case in params[:person][:picture].

    -

    7.1. What gets uploaded

    +

    5.1. What gets uploaded

    The object in the params hash is an instance of a subclass of IO. Depending on the size of the uploaded file it may in fact be a StringIO or an instance of File backed by a temporary file. In both cases the object will have an original_filename attribute containing the name the file had on the user’s computer and a content_type attribute containing the MIME type of the uploaded file. The following snippet saves the uploaded content in #{RAILS_ROOT}/public/uploads under the same name as the original file (assuming the form was the one in the previous example).

    If the user has not selected a file the corresponding parameter will be an empty string.
    -

    7.2. Dealing with Ajax

    +

    5.2. Dealing with Ajax

    Unlike other forms making an asynchronous file upload form is not as simple as replacing form_for with remote_form_for. With an AJAX form the serialization is done by javascript running inside the browser and since javascript cannot read files from your hard drive the file cannot be uploaded. The most common workaround is to use an invisible iframe that serves as the target for the form submission.

    -
    -

    8. Parameter Names

    -
    -

    As you’ve seen in the previous sections values from forms can appear either at the top level of the params hash or may appear nested in another hash. For example in a standard create +

    Customising Form Builders

    +
    +
    +
    As mentioned previously the object yielded by `form_for` and `fields_for` is an instance of FormBuilder (or a subclass thereof). Form builders encapsulate the notion of displaying a form elements for a single object. While you can of course write helpers for your forms in the usual way you can also subclass FormBuilder and add the helpers there. For example
    +
    +

    <% form_for @person do |f| %> + <%= text_field_with_label f, :first_name %> +<% end %>

    +
    +
    +
    can be replaced with
    +
    +

    <% form_for @person, :builder => LabellingFormBuilder do |f| %> + <%= f.text_field :first_name %> +<% end %>

    +
    +
    +
    by defining a LabellingFormBuilder class similar to the following:
+
+[source, ruby]
    +
    +

    class LabellingFormBuilder < FormBuilder + def text_field attribute, options={} + label(attribute) + text_field(attribute, options) + end +end

    +
    +
    +
    If you reuse this frequently you could define a `labeled_form_for` helper that automatically applies the `:builder => LabellingFormBuilder` option.
+
+The form builder used also determines what happens when you do
    +
    +

    <%= render :partial => f %>

    +
    +
    +
    If `f` is an instance of FormBuilder then this will render the 'form' partial, setting the partial's object to the form builder. If the form builder is of class LabellingFormBuilder then the 'labelling_form' partial would be rendered instead.
+
+Understanding Parameter Naming Conventions
    +
    +

    As you’ve seen in the previous sections, values from forms can appear either at the top level of the params hash or may appear nested in another hash. For example in a standard create action for a Person model, params[:model] would usually be a hash of all the attributes for the person to create. The params hash can also contain arrays, arrays of hashes and so on.

    -

    Fundamentally HTML forms don’t know about any sort of structured data. All they know about is name-value pairs. Rails tacks some conventions onto parameter names which it uses to express some structure.

    +

    Fundamentally HTML forms don’t know about any sort of structured data, all they generate is name-value pairs. The arrays and hashes you see in your application are the result of some parameter naming conventions that Rails uses.

    @@ -811,7 +795,7 @@ action for a Person model, params[:model] would usually be a hash of al
    -

    8.1. Basic structures

    +

    5.3. Basic structures

    The two basic structures are arrays and hashes. Hashes mirror the syntax used for accessing the value in the params. For example if a form contains

    @@ -845,7 +829,7 @@ http://www.gnu.org/software/src-highlite --> <input name="person[phone_number][]" type="text"/>

    This would result in params[:person][:phone_number] being an array.

    -

    8.2. Combining them

    +

    5.4. Combining them

    We can mix and match these two concepts. For example, one element of a hash might be an array as in the previous example, or you can have an array of hashes. For example a form might let you create any number of addresses by repeating the following form fragment

    @@ -863,7 +847,7 @@ http://www.gnu.org/software/src-highlite --> Array parameters do not play well with the check_box helper. According to the HTML specification unchecked checkboxes submit no value. However it is often convenient for a checkbox to always submit a value. The check_box helper fakes this by creating a second hidden input with the same name. If the checkbox is unchecked only the hidden input is submitted. If the checkbox is checked then both are submitted but the value submitted by the checkbox takes precedence. When working with array parameters this duplicate submission will confuse Rails since duplicate input names are how it decides when to start a new hash. It is preferable to either use check_box_tag or to use hashes instead of arrays.
    -

    8.3. Using form helpers

    +

    5.5. Using form helpers

    The previous sections did not use the Rails form helpers at all. While you can craft the input names yourself and pass them directly to helpers such as text_field_tag Rails also provides higher level support. The two tools at your disposal here are the name parameter to form_for/fields_for and the :index option.

    You might want to render a form with a set of edit fields for each of a person’s addresses. Something a little like this will do the trick

    @@ -916,7 +900,7 @@ http://www.gnu.org/software/src-highlite -->

    produces exactly the same output as the previous example.

    -

    9. Complex forms

    +

    6. Building Complex forms

    Many apps grow beyond simple forms editing a single object. For example when creating a Person instance you might want to allow the user to (on the same form) create multiple address records (home, work etc.). When later editing that person the user should be able to add, remove or amend addresses as necessary. While this guide has shown you all the pieces necessary to handle this, Rails does not yet have a standard end-to-end way of accomplishing this, but many have come up with viable approaches. These include:

      @@ -947,7 +931,7 @@ James Golick’s a
    -

    10. Changelog

    +

    7. Changelog

    Lighthouse ticket

    Authors
      diff --git a/railties/doc/guides/html/security.html b/railties/doc/guides/html/security.html index 4751e9f92b..371decda64 100644 --- a/railties/doc/guides/html/security.html +++ b/railties/doc/guides/html/security.html @@ -326,7 +326,7 @@ The user has his credit back.

    This attack focuses on fixing a user’s session id known to the attacker, and forcing the user’s browser into using this id. It is therefore not necessary for the attacker to steal the session id afterwards. Here is how this attack works:

    -
      +

      1. The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). -- cgit v1.2.3