similar to: Sanitize my params and the create method

Hello list, Probably a newbie question but couldn''t find the answer in the archives. I am using the login_engine Plugin to implement the login functionality. I have a JournalEntry model that interacts with the journal_entries table. I would like to link the journal entries to the user who entered it. Essentially, it is a one to many relationship between the model User(from

I am using many-to-many using :through since I need to store additional information in the join table. I am doing this and it seems to work. I want to verify that this is the best way to do this. Tables foods - id, food foodallergies - food_id, symptom_id, a few other columns symptoms - id, symptom Models class Food < ActiveRecord::Base has_many :foodallergies has_many :symptoms,

Hi! I have ran on problem with collations. In database.yml I have set: encoding: utf8, but when in console run: >> ActiveRecord::Base.connection.collation => "latin1_swedish_ci" It is Rails 2.1, mysql gem 2.7, mysql 5.1.22. This leads to errors like: Mysql::Error: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation

Hi! I need to generate some JS from Ruby. This is no AJAX related stuff so RJS templates are not help to me. Also I want to not mix JS with HTML, so putting JS in .rhtml templates is no go for me. Currently I made some action in controller, prepared JS code and I''m sending it via send_data as ''text/javascript''. In .rhtml templates I use <script> tag with src

Hi! I''m upgrading existing app from Rails 1.2.6 to 2.1.2. I have encountered following problem with AR objects. Model definition did not change and with 1.2.6: params={} params[:flight] = "1111" params[:airline] = "Air France" params[:luggage] = 0 r=Reservation.new params r.save is working code, new Reservation. With the same dataset, changing only

Hi! I''m observing some problems using gem inside Rails. My understanding is that after following sequence in irb: $ irb irb(main):001:0> require ''rubygems'' => true irb(main):002:0> require ''active_record'' => true irb(main):003:0> gem ''acts_as_taggable'' => true I should have access to acts_as_tagable mixins, like:

Hi, I am new to ROR and learning it. In my controller I have an admins record and I am passing that admin object to the admin''s view page to get the name of the admin. But when I try to access the name it is showing error as "undefined method `name'' for :current_admin:Symbol".. Please help.. Please find my code below Sessions Controller def create

Hello everyone, I have a rails app which uses email as login name. At some point, I have to search the user, in the User model by email. For some reason, the method User.find_by_email(email) returns nil, even though the user is in the database. The same applies for any find_by_* method that searches by any database column. I was able to find the user using the User.find Does anyone have an idea

I have a user Model with a class method that I am using to do some authentication basically something like this class User < ActiveRecord::Base attr_accessor :password attr_accessible :first_name, :last_name, :email, :birth_date, :sex, :password, :password_confirmation email_regex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i validates :first_name,

Hi everyone, I''d like some help to understand this method: def self.authenticate(email, submitted_password) user = find_by_email(email) return nil if user.nil? return user if user.has_password?(submitted_password) # Don''t understand why it doesn''t return user instead of nil # since ''user = find_by_email(email)'' was the last

Hi I have problem trying to pass the signin failure test. This is the test code of the sessions_controller.rb def create user = User.authenticate(params[:session][:email], params[:session][:password]) if user.nil? flash.now[:error] = "Invalid email/password combination." @title = "Sign in" render

I have been working on a small app that started with some scaffolding. Some of my actions still have the structure where the id''s of things are passed on the url for gets. Whats the best way to avoid the security problems that this creates? I am sure that there are many pages written on this topic but I guess I have been searching for the wrong things. Thanks Gareth -- Posted via

Hi all, I''ll do my best to explain this... I have the possibility to have two customer types in my system: 1. A "mailing list" type: new records are saved when user enters email address in the mailing list subscription form. 2. A "full" type: new records are saved when the user buys something and provides all their billing/shipping details, etc. Model: -

How can I ask ActiveRecord to make it''s "has_many" code to work on some arbitrary relationship between two tables? ie neither field is a primary key The situation is that I am writing a Postfix management application and one of the tables to manage is the "alias" table. My primary key in the "mailbox" table is "id", but the alias table is just

#user.rb ------> Model class User < ActiveRecord::Base attr_accessible :email, :name, :password, :password_confirmation has_secure_password before_save :create_remember_token . . . . . . . private def create_remember_token self.remember_token = SecureRandom.urlsafe_base64 end end #sessions_controller.rb ------->

Hi! In .rhtml template I''m trying to create some output, which should be sent to browser. But this is inside <% %> not <%= %>, so how can it be accomplished? Default output is directed to log file, so puts "output" does not send to browser but to log file... -- Posted via http://www.ruby-forum.com/.

I use a call to the sanitize method every time I render some user input, but it would be much nicer if I could clean it up once before putting it into the database and avoid having to call the (relatively expensive) sanitize every time I render a page. My first thought was to just add something like: def message=(x) self[:message]=sanitize(x) end However, the sanitize helper cannot be called

@client = Client.find(params[:id]) I use the above line in alot of scripts because it is shown this way in the Rails book. Is this safe. Does it use placeholders? Will it leave me open to an SQL injection attack? -- Posted via http://www.ruby-forum.com/.

While doing @foo = Bar.new(params[:foo]) in a controller, the application is open to injection attacks. For example, My model has following attributes : name password admin - boolean Now, if on my form I''m just acception name & password, and doing @foo = Bar.new(params[:foo]) in my controller, someone can just enter following in form : <%= text_field ''foo'',

im my web server app , i have an action to be used as a REST web service # GET /user/membership.xml?email=emailaddress def membership @user = User.find_by_email(params[:email]) respond_to do |format| format.xml { render :xml => @user.to_xml( :only => [ :first_name, :last_name, :display_name, :membership_type, :membership_at], :skip_types => true)} end end my