From dd1b33078addb07fa2c2efb133f079be38c45657 Mon Sep 17 00:00:00 2001 From: Brandon Tilley Date: Mon, 9 Aug 2010 15:46:39 -0700 Subject: Fixed problem with markup that caused an extra symbol in a function name when rendered. --- railties/guides/source/association_basics.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties') diff --git a/railties/guides/source/association_basics.textile b/railties/guides/source/association_basics.textile index b1ee4b8be4..fd1e7f4baf 100644 --- a/railties/guides/source/association_basics.textile +++ b/railties/guides/source/association_basics.textile @@ -550,7 +550,7 @@ build_customer create_customer -h6. _association_(force_reload = false) +h6. association(force_reload = false) The association method returns the associated object, if any. If no associated object is found, it returns +nil+. -- cgit v1.2.3 From 8a2b69b7273379f3c9f68ff7903b653801951ac3 Mon Sep 17 00:00:00 2001 From: Paco Guzman Date: Thu, 12 Aug 2010 17:09:58 +0200 Subject: applied guidelines to "# =>" --- railties/guides/source/security.textile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'railties') diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 8ce0001080..6372c606b7 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -371,7 +371,7 @@ The mass-assignment feature may become a problem, as it allows an attacker to se def signup - params[:user] #=> {:name => “ow3ned”, :admin => true} + params[:user] # => {:name => “ow3ned”, :admin => true} @user = User.new(params[:user]) end @@ -385,7 +385,7 @@ Mass-assignment saves you much work, because you don't have to set each value in This will set the following parameters in the controller: -params[:user] #=> {:name => “ow3ned”, :admin => true} +params[:user] # => {:name => “ow3ned”, :admin => true} So if you create a new user using mass-assignment, it may be too easy to become an administrator. @@ -423,11 +423,11 @@ attr_accessible :name If you want to set a protected attribute, you will to have to assign it individually: -params[:user] #=> {:name => "ow3ned", :admin => true} +params[:user] # => {:name => "ow3ned", :admin => true} @user = User.new(params[:user]) -@user.admin #=> false # not mass-assigned +@user.admin # => false # not mass-assigned @user.admin = true -@user.admin #=> true +@user.admin # => true A more paranoid technique to protect your whole project would be to enforce that all models whitelist their accessible attributes. This can be easily achieved with a very simple initializer: -- cgit v1.2.3