similar to: acts_as_taggable sql injection vulnerability

Hi all ! I''d like to confirm if I''m reading correctly. It seems ActiveRecord::Acts::Taggable::SingletonMethods#find_tagged_with is vulnerable to SQL injection attacks: def find_tagged_with(options = {}) options = { :separator => '' '' }.merge(options) tag_names = ActiveRecord::Acts::Taggable.split_tag_names(options[:any] || options[:all],

Ahoy, So i''ve installed the acts_as_taggable module and everything is fine, but i''m a bit confused about this bit of code described in the API "photo = Photo.new # splits and adds to the tags collection photo.tag "wine beer alcohol" # don''t need to split since it''s an array, but replaces the tags collection # trailing and leading

Ahoy, having a bit of difficulty w/ the acts as taggable GEM. I was able to create a tagcloud, but now i want to filter items by tags. in my controller i have def show_tagged_with <-- snip snip --> @items = Item.find_tagged_with( :any => params[:tag_name]) @categories = Category.find_all @tag_name = params[:tag_name] @tagged_items = Item.tags_count(:limit

I needed to count tagged records, I came up with this: <pre>def count_tagged_with(options = {}) options = { :separator => '' '' }.merge(options) tag_names = ActiveRecord::Acts::Taggable.split_tag_names(options[:any] || options[:all], options[:separator]) raise "No tags were passed to :any or :all options" if tag_names.empty?

Hi to all, I''m needing some help here ... I want to do an extension on a has_and_belongs_to_many to build a custom add method to the association. i have a table locations that has a many-to-many association with a tags tabel using a locations_tags table. i want to add a method to the Location has_and_belongs_to_many association so that i can do something like this on the location

I''m using the acts_as_taggable gem (who''s site has gone AWOL apparently) and I''m wanting to make it autocomplete. I, however, am the absolute worst JavaScript person ever, so is there anyone out there that can point me to a tutorial or give some good starting points? Thanks! Kenneth -- => the blog from beyond <= => www.eyeheartzombies.com <=

I am using acts_as_taggable in my application and on the tagging side of things, no problem at all. Running edge Rails and PostgreSQL 8.1. I am then trying to find all my AR objects with a certain tag. The tag is: lasvegas and I know that there are at least 3 records with that tag. So, I''m doing this: @lists = List.find_tagged_with :any => @search_string, :separator =>

does anyone now how to delete tags. The code below doesn''t seem to work def remove_tag @page = Page.find(params[:id]) @tag = Tag.find(params[:tag]) arr = @page.tag_names arr.delete( @page.name ) @page.tag( arr, :clear => true ) @page.save render( :partial => ''show_tags'' ) end -- Posted via http://www.ruby-forum.com/.

I''m trying to add per-user tags to a simple app built atop the tiny_file example code, as follows: ------------------------------------------------------------------------------------------------- sqlite> .schema CREATE TABLE resources ( id INTEGER PRIMARY KEY, filename VARCHAR(255), user_id integer ); CREATE TABLE ''tags'' ( ''id'' INTEGER

Setup as follows: class Resource < ActiveRecord::Base belongs_to :user validates_presence_of :filename validates_uniqueness_of :filename, :scope => "user_id", :message => "already exists, try uploading another file or deleting first." acts_as_taggable :join_class_name => ''TagResource''

All, Rails 1.1.6. Any AR find() call that generates a SELECT * type query against a table with a DATETIME column in SQL Server whose value occurs before 1970 will fail, because of the coercion of SQL Server datetime types to Time values in Ruby. See sqlserver_adapter.rb line 490 (record[col] = record[col].to_time if record[col].is_a? DBI::Timestamp) If I remove the coercion (just commenting

Hi folks, Thanks to the community feedback on the 1st version, I''ve come up with a much improved version of the acts_as_taggable mixin. There´s some piece of the action here: http://dema.ruby.com.br/articles/2005/09/03/tagging-on-steroids-with-rails Cheers Dema -- http://dema.ruby.com.br - Rails from a .NET perspective

Hi Please advice me about the following problem. * Problem find_by_xxx method does not work correctly the following caes with sybase adaptor. * How to reproducible model :users t.column :code, :string <-- :string column t.column :last_name, :string t.column :first_name,:string >> User.find(1) => #<User:0x2abe232a68e8

Hi Folks, The acts_as_taggable mixin is now available as a shiny gem. More details here: http://dema.ruby.com.br/articles/2005/09/13/acts-as-taggable-gemified This release features some cool additions as well. Cheers Dema -- http://dema.ruby.com.br - Rails from a .NET perspective

I tried to post this earlier, but it never came through. I''ve got something working in console, but not in controller. Any idea why? This is the plugin not the gem of acts_as_taggable *View* <code> <h1>Listing elements</h1> <% if @elements.blank? %> <p>There are currently no elements in the system tagged <%=

This won''t post with a full code paste, so I''ve got to link it to another forum where I''ve posted it. http://www.railsweenie.com/forums/1/topics/1053 Can''t get the acts_as_taggable plugin to play nice. Works in console, not in teh view. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google

Hi there, I''ve been trying to paginate over a list of members that all share a tag in common using the acts_as_taggable plugin. The regular way of paginating over a collection doesn''t seem to work with acts_as_taggable. Here''s what my method looks like that takes in a tag name, finds all the members that share the tag and then displays all the members. Nothing too fancy

So I''ve got an ActiveRecord model pointing to a MySQL db, with an auto-serialized column ("serialize :columnName"). Thing is, MySQL, depending on how it''s configured (like, by default), has a bad habit of just truncating your data if it''s too wide for the column, with no error raised. Yeah, I can probably reconfigure MySQL and/or my AR connection to it. But

I have Acts_As_Taggable Plugin working. I have a HR controller and a sales controller. I have a document in hr tagged whitepaper and a differnent document in sales tagged whitepaper when I am in hr I see the hr document tagged with whitepaper and not the sale document (what I want). but if I click on the tag whitepaper I return two documents, hr and sales. I just want to return the hr document

OK, I have some basic functionality to support bind variables, it appears to work with the ''old'' %s style too. I''ve altered sanitize_conditions in activerecord/lib/active_record/base.rb to check whether bind variables are in the statement (/\?/). If they are, replace all the ?s to escaped values from the arguments array. else santize and expand. There are a few