From 7d7e0627a0490b6b4ddb0ee5429264ccd46f1245 Mon Sep 17 00:00:00 2001
From: Xavier Noria <fxn@hashref.com>
Date: Sun, 4 Apr 2010 08:42:54 -0700
Subject: fixes duplicate element IDs in some guides

---
 railties/guides/rails_guides/generator.rb                     |  2 +-
 railties/guides/source/action_view_overview.textile           |  2 +-
 railties/guides/source/active_support_core_extensions.textile |  6 +++---
 railties/guides/source/form_helpers.textile                   |  2 +-
 railties/guides/source/performance_testing.textile            |  6 +++---
 railties/guides/source/routing.textile                        |  6 +++---
 railties/guides/source/security.textile                       | 10 +++++-----
 7 files changed, 17 insertions(+), 17 deletions(-)

(limited to 'railties')

diff --git a/railties/guides/rails_guides/generator.rb b/railties/guides/rails_guides/generator.rb
index b8c1913819..f577182f5f 100644
--- a/railties/guides/rails_guides/generator.rb
+++ b/railties/guides/rails_guides/generator.rb
@@ -227,7 +227,7 @@ module RailsGuides
       anchors = Set.new
       html.scan(/<h\d\s+id="([^"]+)/).flatten.each do |anchor|
         if anchors.member?(anchor)
-          puts "*** DUPLICATE HEADER ID: #{anchor}, please consider rewording"
+          puts "*** DUPLICATE ID: #{anchor}, please put and explicit ID, e.g. h4(#explicit-id), or consider rewording"
         else
           anchors << anchor
         end
diff --git a/railties/guides/source/action_view_overview.textile b/railties/guides/source/action_view_overview.textile
index 2fa89bb4c2..842a8408ad 100644
--- a/railties/guides/source/action_view_overview.textile
+++ b/railties/guides/source/action_view_overview.textile
@@ -1414,7 +1414,7 @@ Replaces the inner HTML of the DOM element with the given id.
 page.replace_html 'person-45', :partial => 'person', :object => @person
 </ruby>
 
-h5. select
+h5(#prototype-select). select
 
 Returns a collection reference by finding it through a CSS pattern in the DOM.
 
diff --git a/railties/guides/source/active_support_core_extensions.textile b/railties/guides/source/active_support_core_extensions.textile
index a8410a8dd2..b41b16b728 100644
--- a/railties/guides/source/active_support_core_extensions.textile
+++ b/railties/guides/source/active_support_core_extensions.textile
@@ -866,7 +866,7 @@ WARNING: Note that in that case +parent+ returns +Object+.
 
 NOTE: Defined in +active_support/core_ext/module/introspection.rb+.
 
-h5. +parents+
+h5(#module-parents). +parents+
 
 The method +parents+ calls +parent+ on the receiver and upwards until +Object+ is reached. The chain is returned in an array, from bottom to top:
 
@@ -2191,9 +2191,9 @@ NOTE: Defined in +active_support/core_ext/array/grouping.rb+.
 
 h3. Extensions to +Hash+
 
-h4. Conversions
+h4(#hash-conversions). Conversions
 
-h5. +to_xml+
+h5(#hash-to-xml). +to_xml+
 
 The method +to_xml+ returns a string containing an XML representation of its receiver:
 
diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile
index d33bb4b4ff..fe0f8f1ac9 100644
--- a/railties/guides/source/form_helpers.textile
+++ b/railties/guides/source/form_helpers.textile
@@ -501,7 +501,7 @@ Date.civil(params[:start_date][:year].to_i, params[:start_date][:month].to_i, pa
 
 The +:prefix+ option is the key used to retrieve the hash of date components from the +params+ hash. Here it was set to +start_date+, if omitted it will default to +date+.
 
-h4. Model Object Helpers
+h4(#select-model-object-helpers). Model Object Helpers
 
 +select_date+ does not work well with forms that update or create Active Record objects as Active Record expects each element of the +params+ hash to correspond to one attribute.
 The model object helpers for dates and times submit parameters with special names,  when Active Record sees parameters with such names it knows they must be combined with the other parameters and given to a constructor appropriate to the column type. For example:
diff --git a/railties/guides/source/performance_testing.textile b/railties/guides/source/performance_testing.textile
index 154dbbbbe6..f74b68b0ef 100644
--- a/railties/guides/source/performance_testing.textile
+++ b/railties/guides/source/performance_testing.textile
@@ -213,11 +213,11 @@ h4. Understanding the Output
 
 Performance tests generate different outputs inside +tmp/performance+ directory depending on their mode and metric.
 
-h5. Benchmarking
+h5(#output-benchmarking). Benchmarking
 
 In benchmarking mode, performance tests generate two types of outputs:
 
-h6. Command Line
+h6(#output-command-line). Command Line
 
 This is the primary form of output in benchmarking mode. Example:
 
@@ -258,7 +258,7 @@ measurement,created_at,app,rails,ruby,platform
 0.00771250000000012,2009-01-09T15:46:03Z,,2.3.0.master.859e150,ruby-1.8.6.110,i686-darwin9.0.0
 </shell>
 
-h5. Profiling
+h5(#output-profiling). Profiling
 
 In profiling mode, you can choose from four types of output.
 
diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile
index 6625412684..0cf8c45761 100644
--- a/railties/guides/source/routing.textile
+++ b/railties/guides/source/routing.textile
@@ -65,7 +65,7 @@ RESTful routes take advantage of the built-in REST orientation of Rails to wrap
 resources :books
 </ruby>
 
-h4. Named Routes
+h4(#quick-tour-named-routes). Named Routes
 
 Named routes give you very readable links in your code, as well as handling incoming requests. Here's a typical named route:
 
@@ -91,7 +91,7 @@ resources :assemblies do
 end
 </ruby>
 
-h4. Regular Routes
+h4(#quick-tour-regular-routes). Regular Routes
 
 In many applications, you'll also see non-RESTful routing, which explicitly connects the parts of a URL to a particular action. For example,
 
@@ -400,7 +400,7 @@ In addition to the routes for magazines, this declaration will also create route
 
 This will also create routing helpers such as +magazine_ads_url+ and +edit_magazine_ad_path+.
 
-h5. Using +:name_prefix+
+h5(#nested-name-prefix). Using +:name_prefix+
 
 The +:name_prefix+ option overrides the automatically-generated prefix in nested route helpers. For example,
 
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index b62ff8cb38..1ddf094d18 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -611,7 +611,7 @@ h4. SQL Injection
 
 -- _Thanks to clever methods, this is hardly a problem in most Rails applications. However, this is a very devastating and common attack in web applications, so it is important to understand the problem._
 
-h5. Introduction
+h5(#sql-injection-introduction). Introduction
 
 SQL injection attacks aim at influencing database queries by manipulating web application parameters. A popular goal of SQL injection attacks is to bypass authorization. Another goal is to carry out data manipulation or reading arbitrary data. Here is an example of how not to use user input data in a query:
 
@@ -668,7 +668,7 @@ The result won't be a list of projects (because there is no project with an empt
 
 Also, the second query renames some columns with the AS statement so that the web application displays the values from the user table. Be sure to update your Rails "to at least 2.1.1":http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/.
 
-h5. Countermeasures
+h5(#sql-injection-countermeasures). Countermeasures
 
 Ruby on Rails has a built in filter for special SQL characters, which will escape ' , " , NULL character and line breaks. <em class="highlight">Using +Model.find(id)+ or +Model.find_by_some thing(something)+ automatically applies this countermeasure</em>. But in SQL fragments, especially <em class="highlight">in conditions fragments (+:conditions => "..."+), the +connection.execute()+ or +Model.find_by_sql()+ methods, it has to be applied manually</em>.
 
@@ -760,7 +760,7 @@ http://www.cbsnews.com/stories/2002/02/15/weather_local/main501644.shtml?zipcode
   <script src=http://www.securitylab.ru/test/sc.js></script><!--
 </plain>
 
-h6. Countermeasures
+h6(#html-injection-countermeasures). Countermeasures
 
 _(highlight)It is very important to filter malicious input, but it is also important to escape the output of the web application_.
 
@@ -850,7 +850,7 @@ In the end, he got a 4 KB worm, which he injected into his profile page.
 
 The "moz-binding":http://www.securiteam.com/securitynews/5LP051FHPE.html CSS property proved to be another way to introduce JavaScript in CSS in Gecko-based browsers (Firefox, for example).
 
-h5. Countermeasures
+h5(#css-injection-countermeasures). Countermeasures
 
 This example, again, showed that a blacklist filter is never complete. However, as custom CSS in web applications is a quite rare feature, I am not aware of a whitelist CSS filter. _(highlight)If you want to allow custom colours or images, you can allow the user to choose them and build the CSS in the web application_. Use Rails' +sanitize()+ method as a model for a whitelist CSS filter, if you really need one.
 
@@ -879,7 +879,7 @@ RedCloth.new("<a href='javascript:alert(1)'>hello</a>", [:filter_html]).to_html
 # => "<p><a href="javascript:alert(1)">hello</a></p>"
 </ruby>
 
-h5. Countermeasures
+h5(#textile-injection-countermeasures). Countermeasures
 
 It is recommended to _(highlight)use RedCloth in combination with a whitelist input filter_, as described in the countermeasures against XSS section.
 
-- 
cgit v1.2.3