similar to: Security + Rails =Joke?

A Rails 2.3.9 app with Active Record or Memcache session store will never send the session ID cookie to a client if the client doesn''t send any HTTP cookies in its requests. Rails integration tests didn''t catch this because they always send the HTTP_COOKIE header, even if it''s empty. This is a huge bug, as it can break keeping sessions on sites which don''t set

Hi, I just put in a patch that allows you to DRY up this: <%= link_to @company.name, @company %> to this: <%= link_to :name, @company %> The symbol indicates the method to be called on the object passed in the link_to options. http://dev.rubyonrails.org/ticket/8789 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the

class User end class Agent < User end script/console production User.find_by_name ''john'' SELECT "people".* FROM "people" WHERE ((("people"."type" = ''User'' OR "people"."type" = ''Manager'') OR "people"."type" = ''Agent'')) AND

Yesterday I answered a question regarding polymorphic URL helpers on Core ML and noticed that the module has no documentation. I''ve documented it and rewritten unit tests using Mocha. I also optimized some of the code slightly (nothing major, though). The patch also includes two fixes by Geoff Buesing, who has done awesome work in this area in the past.

Hello, I wish to route a sinatra application in my Rails 3 app. As said by Yehuda, it should be possible. http://yehudakatz.com/2009/12/26/the-rails-3-router-rack-it-up/ However I see the route isn''t recognized and I get ActionController::RoutingError problems. It works well with simple rack apps however (the test in actionpack with a lambda passes well). I''ve written a test

As it currently stands, ActiveRecord has alot of private and protected methods in the Base class. >> ActiveRecord::Base.methods.size => 427 >> ActiveRecord::Base.protected_methods.size => 32 >> ActiveRecord::Base.private_methods.size => 193 I really loved the suggestion by Courtenay in Refactoring AR::Base.find (http://groups.google.com/group/rubyonrails-core/

According to "Ruby On Rails", the layout call is suppose to be inherited: (page 508) "Subclasses of a controller will use the parent''s layout unless they override it using the layout directive" I have a case where this is not working. I have not spent time to concoct a stand alone test. I wanted to verify that David''s book is correct first. Can someone

Just trying to implement a simple helper over the past few days had me really confused. messages = '''' messages << content_tag(:p, ''dave'') #=> &lt;p&gt;dave&lt;\p%;gt; Eventually I realised the original empty string was not html_safe message = ''''.html_safe message << content_tag(:p, ''dave'') #=>

Hi - quick question: when will "TODO" comment/rake support come out? Tks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to

In Rails 3.0 (both RC and edge), any constant that''s defined while loading a file in development mode will get unloaded on each request, regardless of whether it comes from an autoload path in the application or from external code such as a gem. Example file (tested on a fresh edge app): # kittens.rb require ''nibbler/json'' # "nibbler" is a gem specified

Hello, I posted this on the rails talk group but received no response. Perhaps someone on this list could weigh in on whether this is expected/desired behavior or a bug that I should file and develop failing tests for (I doubt I have the active record method_missing fu to actually patch it). Test Scenario: I would like to find or initialize a new user and base the find on the users email

Hello! Does anybody know of a Ruby implementation of a HTML sanitizer that prevents the attacks described on the xss cheatsheet? (http://ha.ckers.org/xss.html) I checked out the version Jamis wrote (http://dev.rubyonrails.com/ticket/1277), but that only covers the very basic attacks. Anybody? Just figured I would ask before, before I reinvent the wheel.. Ciao! Florian

Hi :) Was just wondering whether someone could help me with adjustments to trellis plots (parallel). I've got two way multivariate data. I want to make parallel plots for one of the factors, and want to color the lines according to the other factor. The first thing I manage, but with the other I'm lost :( Can only change the overall color. This is basically how far I get:

Wayne, I have this bug in redhat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=439074 Summary: rsync 3.0.1pre -H fails assertion Is it ok to pass this kind of bug directly upstream filing a new bug in bugzilla and linking the fedora bug ? (There is also a reproducer there) Simo. -- Simo Sorce * Red Hat, Inc * New York

rsyncing a tree of perhaps 30M files, getting this: rsync: hlink.c:126: match_gnums: Assertion `gnum >= hlink_flist->ndx_start' failed. then a bit more output and

I''ve just reinstalled linux (9.10) and am trying to match my gem environment to our server''s. I''m having a problem with will_paginate. On the server, under gem list, i have "mislav-will_paginate (2.3.6)". So, i''m trying to install that locally. Following the instructions on the will_paginate page, http://wiki.github.com/mislav/will_paginate,

I was just wondering what about a report that I made almost 2 months ago: Active Record observers broken<https://rails.lighthouseapp.com/projects/8994/tickets/4087-activerecord-observers-cant-be-used-for-before-callbacks> I think it''s a pretty big bug. In Rails 3, creating an observer with a "before_save" callback (for instance) will result in all observed models being

Hi, I am trying to convert a hash to JSON using ActiveSupports built in .to_json. I am doing similar to the example below but are there certain strings that could go in place of ''bar'' or ''rez'' that will break the to_json method? I am using a very long string from rjs output in place of ''bar''. Perhaps .to_json is not ready yet? Thanks, Peter

I''m using [acts_as_commentable_with_threading](http://github.com/elight/acts_as_commentable_with_threading/), and it worked fine until I tried to overwrite the to_json function to include more details about the associated user. Here''s part of the comment class (which was originally defined in the plugin, but I moved it to the models folder, a move which seems not to affect the

I''d really like to see just 2 more functional changes to the JSON serialization/encoding before we get to Rails 2.0. First, and I think this is really crucial because without it all the efforts to output JSON from ActiveRecord objects would have been half in vain, is to allow us to do this in controllers: @authors = Author.find(:all) render :json => @authors.to_json(:only =>