similar to: acts_as_taggable vulnerable to attacks ?

I needed to count tagged records, I came up with this: <pre>def count_tagged_with(options = {}) options = { :separator => '' '' }.merge(options) tag_names = ActiveRecord::Acts::Taggable.split_tag_names(options[:any] || options[:all], options[:separator]) raise "No tags were passed to :any or :all options" if tag_names.empty?

The code on http://blog.craz8.com/articles/2005/10/28/acts_as_taggable-is-a-cool-piece-of-code is based on the acts_as_taggable gem,anybody has done that using the acts_as_taggable plugin?thanks! btw:the code above uses the tag_count method,which is defined in the gem: def tags_count(options = {}) options = {:order => ''count DESC''}.merge(options)

Hi, excuse me if this is off-topic and feel free to ingore it in case. I''m using acts_as_taggable (the gem version) and found what to me looks like a bug in this code from the method tags_count: sql = "SELECT #{t}.#{t_pk} AS id, #{t}.name AS name, COUNT (*) AS count FROM #{jt}, #{o}, #{t} WHERE #{jt}.#{t_fk} = #{t}.#{t_pk} AND #{jt}.#{o_fk} =

Hey everyone! If you''re using acts_as_taggable <= 1.04, (erm, any version, I think..) please fix your local copy right now! There are numerous sql sanitization holes in this library. I notified Obie of this over a month ago, so hopefully he''s fixed it. How to tell lif you''re vulnerable ====================== Make a tag with a single quote in it. See if raises an

Ahoy, having a bit of difficulty w/ the acts as taggable GEM. I was able to create a tagcloud, but now i want to filter items by tags. in my controller i have def show_tagged_with <-- snip snip --> @items = Item.find_tagged_with( :any => params[:tag_name]) @categories = Category.find_all @tag_name = params[:tag_name] @tagged_items = Item.tags_count(:limit

Gents, I''m using the acts_as_taggable rails plugin (not gem), and would like to add some additional methods to it. For example, the find_tagged_with methods essentially does a find tag in a list (effectively an OR), while I''d like to implement a find_tagged_with_all method that would implement an AND (so if I specified 4 tags, it would only return items that were

hi, I started today to use the acts as taggable plugin and it''s working as expected. I added a method find_tagged_with_all since I needed to find the elements tagged with all the items in a list while find_tagged_with finds all the elements tagged with any of the list terms. Attached to this mail there''s a patch which adds the find_tagged_with_all method and which solves a

I tried to post this earlier, but it never came through. I''ve got something working in console, but not in controller. Any idea why? This is the plugin not the gem of acts_as_taggable *View* <code> <h1>Listing elements</h1> <% if @elements.blank? %> <p>There are currently no elements in the system tagged <%=

I have run into a very strange problem discovered through the use of the acts_as_taggable plugin, but related to quoting/sanitizing the interpolated list in a find_by_sql. Apologies for the length, but I wanted to be complete. ;-) The method from acts_as_taggable.rb is: def find_tagged_with(list) find_by_sql(["SELECT #{table_name}.* FROM #{table_name}, tags,

Setup as follows: class Resource < ActiveRecord::Base belongs_to :user validates_presence_of :filename validates_uniqueness_of :filename, :scope => "user_id", :message => "already exists, try uploading another file or deleting first." acts_as_taggable :join_class_name => ''TagResource''

I am using acts_as_taggable in my application and on the tagging side of things, no problem at all. Running edge Rails and PostgreSQL 8.1. I am then trying to find all my AR objects with a certain tag. The tag is: lasvegas and I know that there are at least 3 records with that tag. So, I''m doing this: @lists = List.find_tagged_with :any => @search_string, :separator =>

Hello, When I try: @tagged_items = Problem.find_tagged_with :all => ''kuba'' or @tagged_items = Problem.tags_count :limit => 100 I get this error: ArgumentError in Volume#index wrong number of arguments (2 for 3) RAILS_ROOT: script/../config/.. Application Trace | Framework Trace | Full Trace

Hi, I''m using the acts_as_taggable plugin & wanted to page through all a model''s records taggged with a particular tags. i.e. page through all Model records that have been tagged with "artist" I could not work out how to do this with the plugin, so I made the changes outlined below. Did I need to do this..? & does anyone else find this useful?

DHH''s acts_as_taggable is now much more usable with this patch. http://dev.rubyonrails.org/ticket/3866 This patch adds scoped finders, documentation, and tests: # Get tags for all articles in a blog @blog.articles.tags # Get tags for articles in a blog published in the last year @blog.articles.tags :conditions => [''published_at > ?'', 1.year.ago] # Get related

Ahoy, So i''ve installed the acts_as_taggable module and everything is fine, but i''m a bit confused about this bit of code described in the API "photo = Photo.new # splits and adds to the tags collection photo.tag "wine beer alcohol" # don''t need to split since it''s an array, but replaces the tags collection # trailing and leading

Hello experts, I am trying to paginate the following query but no matter what I try I am unable to paginate it. In controller I have: q_webpages=Webpage.find_tagged_with(:any => params[:tag], :separator=>'','', :order=>''updated_at DESC'') @webpage_pages, @webpages = paginate_collection(:collection=>q_webpages)

Hi to all, I''m needing some help here ... I want to do an extension on a has_and_belongs_to_many to build a custom add method to the association. i have a table locations that has a many-to-many association with a tags tabel using a locations_tags table. i want to add a method to the Location has_and_belongs_to_many association so that i can do something like this on the location

I am using acts_as_taggable and everything seems to be working except that :condition => "tags_resources.portal_id=#{portal_id}" is not being applied. @resource_pages = Paginator.new self, Resource.find_tagged_with(:any => tag, :condition => "tags_resources.portal_id=#{portal_id}").length, 25, @params[''page'']; @resources

I am using the acts_as_taggable plugin, which works rather nicely by the way. My question is this: When using find_tagged_with, how do I sort the resultant data? It is currently sorting based on the "id" of the record. For instance, I have posts, with tags. If I want to find all posts tagged with "RubyOnRails" it displays them, but not in chronological order, they are

I am trying to write a plugin, ''acts_as_commentable'', for my models - Image, Book, Music and so on, I do not want to use polymorphic association, so very model should have its own comment class. Here is my code acts_as_commentable.rb module Commentable def self.included(base) base.extend(ClassMethods) end module ClassMethods def