Search Results

Search found 9938 results on 398 pages for 'ruby shoes'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 230/398 | < Previous Page | 226 227 228 229 230 231 232 233 234 235 236 237  | Next Page >

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • Supporting different locale regions using Rails i18n

    - by Olly
    I'm using the standard Rails I18n API to localise some of our views. This is working really well, but we now have a few use cases for regional changes to the en locale. The API guide mentions that this isn't supported directly, and other plugins should be used. However, I'm wondering whether there's a simpler way to do this. I already have en.yml, so in theory I could just create en-AU.yml and en-US.yml which are effectively clones of en.yml but with a few regional changes applied. I could then add additional English - American and English - Australian options to our configuration which would map to the new region-specific locales and allow users to use a region-specific locale. The only problem I can think of with this is that it isn't DRY -- I would have duplicate translations for all common English words. I can't see a way around this. Are there any other disadvantages to this approach, or should I just bite the bullet and dive into one of the plug-ins such as Globalize2 instead?

    Read the article

  • adding model validation errors in rescue

    - by ash34
    I have the following model with a virtual attribute class Mytimeperiod < ActiveRecord::Base validates presence of :from_dt validates_format_of :from_dt, :with => /\A\d{2}\/\d{2}\/\d{4}\Z/, :message => "format is mm/dd/yyyy" def from_dt self.from_date.strftime("%m/%d/%Y") if !self.from_date.blank? end def from_dt=(from_dt) self.from_date = Date.parse(from_dt) rescue self.errors.add_to_base("invalid from dt") end end I am using <%= f.error_messages %> to display the error messages on the form. I am using from_dt as a virtual attribute (string). The 'presence of' and 'format of' validation errors show up on the form, but when the user enters an invalid date format on the form and Date.Parse raises an exception I have a 'errors.add_to_base' statement in the rescue clause. Can anyone tell me why this error does not show up in the form error messages when I disable the 'format of' validation. thanks.

    Read the article

  • Configure Rails app to retrieve ALL emails from inbox

    - by Kartik Rao
    I'm using the following code to retrieve emails from my Gmail inbox. def get_mail Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_NONE) Net::POP3.start('pop.gmail.com', 995, "uname","pass") do |pop| unless pop.mails.empty? pop.each_mail do |mail| email = TMail::Mail.parse(mail.pop) email_obj=EmailedQueries.new email_obj.save_email(email.from,email.subject,email.body_html) end end end end This works just fine, but it retrieves only new mails from the inbox. Instead, I want a seperate function that will retrieve ALL emails from the inbox. This function will be used rarely. I wont be retrieving all mails all the time. Only when necessary. Thanks!

    Read the article

  • Rails: Custom template for email "deliver_" method?

    - by neezer
    I'm building an email system that stores my different emails in the database and calls the appropriate "deliver_" method via method_missing (since I can't explicitly declare methods since they're user-generated). My problem is that my rails app still tries to render the template for whatever the generated email is, though those templates don't exist. I want to force all emails to use the same template (views/test_email.html.haml), which will be setup to draw their formatting from my database records. How can I accomplish this? I tried adding render :template => 'test_email' in the test_email method in emailer_controller with no luck. models/emailer.rb: class Emailer < ActionMailer::Base def method_missing(method, *args) # not been implemented yet logger.info "method missing was called!!" end end controller/emailer_controller.rb: class EmailerController < ApplicationController def test_email @email = Email.find(params[:id]) Emailer.send("deliver_#{@email.name}") end end views/emails/index.html.haml: %h1 Listing emails %table{ :cellspacing => 0 } %tr %th Name %th Subject - @emails.each do |email| %tr %td=h email.name %td=h email.subject %td= link_to 'Show', email %td= link_to 'Edit', edit_email_path(email) %td= link_to 'Send Test Message', :controller => 'emailer', :action => 'test_email', :params => { :id => email.id } %td= link_to 'Destroy', email, :confirm => 'Are you sure?', :method => :delete %p= link_to 'New email', new_email_path Error I'm getting with the above: Template is missing Missing template emailer/name_of_email_in_database.erb in view path app/views

    Read the article

  • juggernaut error

    - by ZX12R
    i am trying to experiment with Juggernaut plugin using chat_sandbox example. i get this error message Juggernaut: There has been an error connecting on 127.0.0.1:5001 I have no idea what it means. my juggernaut.yml is as follows :hosts: - :port: 5001 :host: 127.0.0.1 :public_host: 127.0.0.1 :public_port: 5001 # :secret_key: your_secret_key # :environment: :development Thanks in advance.

    Read the article

  • Test for absence of an input tag's value attribute

    - by Jeff
    How can I confirm the absence of a HTML attribute in a Rails RSpec test? I can verify that an input tag has a value attribute and that it is an empty string like so: response.should have_tag("input[name=?][value=?]", "user[password]", "") response.should have_tag("input[name=?][value=?]", "user[password_confirmation]", "") But what I want to do is verify that my input fields do not have a value attribute at all (i.e., a blank field).

    Read the article

  • How do I insert an input's value into a separate form?

    - by ryan
    I'm making a tool for my university that allows students to create a list of classes by doing the following: Searching by course title for their course via an autocomplete input field. Adding that course to a separate form that upon being submitted creates a course list. I am trying to link the autocomplete and the course list form with an 'add to course list' button that inserts a hidden input field into the course list form which can subsequently be submitted by a 'create course list' button. My question is this: How do I take the value of the autocomplete input and insert it into the course list form without using AJAX? So far I have something like the following: <%= text_field_with_auto_complete :course, :title, :size => 40 %> <%= link_to_function "Add to Course List" do |page| page.insert_html :top, :course_list, hidden_field(:courses, :course, {:value => "$('course_title').value"}) %> <% form_for(@course_list) do |f|%> <div id="course_list">Insert selected courses here.</div> <% end %>

    Read the article

  • RESTfully Nesting Resource Routes with Single Identifiers

    - by Craig Walker
    In my Rails app I have a fairly standard has_many relationship between two entities. A Foo has zero or more Bars; a Bar belongs to exactly one Foo. Both Foo and Bar are identified by a single integer ID value. These values are unique across all of their respective instances. Bar is existence dependent on Foo: it makes no sense to have a Bar without a Foo. There's two ways to RESTfully references instances of these classes. Given a Foo.id of "100" and a Bar.id of "200": Reference each Foo and Bar through their own "top-level" URL routes, like so: /foo/100 /bar/200 Reference Bar as a nested resource through its instance of Foo: /foo/100 /foo/100/bar/200 I like the nested routes in #2 as it more closely represents the actual dependency relationship between the entities. However, it does seem to involve a lot of extra work for very little gain. Assuming that I know about a particular Bar, I don't need to be told about a particular Foo; I can derive that from the Bar itself. In fact, I probably should be validating the routed Foo everywhere I go (so that you couldn't do /foo/150/bar/200, assuming Bar 200 is not assigned to Foo 150). Ultimately, I don't see what this brings me. So, are there any other arguments for or against these two routing schemes?

    Read the article

  • Re-using unit tests for models using STI

    - by TenJack
    I have a number of models that use STI and I would like to use the same unit test to test each model. For example, I have: class RegularList < List class OtherList < List class ListTest < ActiveSupport::TestCase fixtures :lists def test_word_count list = lists(:regular_list) assert_equal(0, list.count) end end How would I go about using the test_word_count test for the OtherList model. The test is much longer so I would rather not have to retype it for each model. Thanks.

    Read the article

  • Rails - how can I query the db w/o touching the sessions table

    - by sa125
    Hi - I'm trying to provide a HTTP api to my app that queries a db that's read-only (for replication purposes). I find that my app crashes repeatedly when making a request b/c the call is trying to update the sessions table whenever I query the db. This doesn't happen when I return some text without hitting the database for info. class APIController < AplicationController def view data = Product.find(params[:id]).to_json # will fail data = { :one => 1, :two => 2 }.to_json # will succeed respond_to do |format| format.html { render :json => data } end end end How do I restrict it from touching the sessions table on this request (it's currently issuing an UPDATE on the updated_at field for that session). thanks.

    Read the article

  • Why does yaml.dump add quotes this key-value pair

    - by jason gagne
    I'm trying to write a new entry to a rails database.yml and for some reason I'm getting quotes around this entry db_yml = {'new_env' = {'database' = 'database_name', '<<' = '*defaults' }} File.open("#{RAILS_ROOT}/config/database.yml", "a") {|f| YAML.dump(db_yml, f)} returns --- new_env: database: database_name "<<": "*defaults" I don't know why the "---" and the quotes around the defaults are returned, any thoughts on how to prevent? thanks!

    Read the article

  • Passenger error message I can't figure out

    - by Sam Kong
    Hi, I am testing Rails 3 on DreamHost which just installed Rails 3. I created a simple controller and it failed. Browser shows 500 error (Internal Server Error) and the log shows the following message. Could not find i18n-0.5.0 in any of the sources Try running `bundle install`. *** Exception EOFError in spawn manager (Unexpected end-of-file detected.) (process 17951): from /dh/passenger/lib/phusion_passenger/utils.rb:306:in `unmarshal_and_raise_errors' from /dh/passenger/lib/phusion_passenger/rack/application_spawner.rb:71:in `spawn_application' from /dh/passenger/lib/phusion_passenger/rack/application_spawner.rb:41:in `spawn_application' from /dh/passenger/lib/phusion_passenger/spawn_manager.rb:159:in `spawn_application' from /dh/passenger/lib/phusion_passenger/spawn_manager.rb:287:in `handle_spawn_application' from /dh/passenger/lib/phusion_passenger/abstract_server.rb:352:in `__send__' from /dh/passenger/lib/phusion_passenger/abstract_server.rb:352:in `main_loop' from /dh/passenger/lib/phusion_passenger/abstract_server.rb:196:in `start_synchronously' from /dh/passenger/bin/passenger-spawn-server:61 [ pid=13245 file=ext/apache2/Hooks.cpp:727 time=2010-12-24 12:13:38.287 ]: Unexpected error in mod_passenger: Cannot spawn application '/home/cp_rails3/sites/rails3.codepremise.com': The spawn server has exited unexpectedly. Backtrace: in 'virtual boost::shared_ptr<Passenger::Application::Session> Passenger::ApplicationPoolServer::Client::get(const Passenger::PoolOptions&)' (ApplicationPoolServer.h:471) in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:523) It runs fine in console (app.get "url") and also ok with "rails server". What's wrong? Thanks. Sam

    Read the article

  • rdoc and the "--accessor" option

    - by Brian Ploetz
    rdoc --help says: --accessor, -A accessorname[,..] comma separated list of additional class methods that should be treated like 'attr_reader' and friends. Option may be repeated. Each accessorname may have '=text' appended, in which case that text appears where the r/w/rw appears for normal accessors. Does anyone have any working examples of doing this (both the accessor method definition and the rdoc command invocation)? No matter what combination I try, my accessors will not show up in the RDoc output. Thanks.

    Read the article

  • Why am I getting an error on Heroku that suggests I need to migrate my app to Bamboo?

    - by user242065
    When I type: git push heroku master, this is what happens @68-185-86-134:sample_app git push heroku master Counting objects: 110, done. Delta compression using up to 2 threads. Compressing objects: 100% (94/94), done. Writing objects: 100% (110/110), 87.48 KiB, done. Total 110 (delta 19), reused 0 (delta 0) -----> Heroku receiving push -----> Rails app detected ! This version of Rails is only supported on the Bamboo stack ! Please migrate your app to Bamboo and push again. ! See http://docs.heroku.com/bamboo for more information ! Heroku push rejected, incompatible Rails version error: hooks/pre-receive exited with error code 1 To [email protected]:blazing-frost-89.git ! [remote rejected] master -> master (pre-receive hook declined) error: failed to push some refs to '[email protected]:blazing-frost-89.git' My .gems file: rails --version 2.3.8 My .git/config file: [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true [remote "origin"] url = [email protected]:csmeder/sample_app.git fetch = +refs/heads/*:refs/remotes/origin/* [remote "heroku"] url = [email protected]:blazing-frost-89.git fetch = +refs/heads/*:refs/remotes/heroku/*

    Read the article

  • Unit test with Authlogic on Rails 3

    - by Puru puru rin..
    Hello, I would like to write some unit test with a logged user using Authlogic. To start right, I used some code hosted in http://github.com/binarylogic/authlogic_example. But I get an error after rake test, because of "test_helper.rb" and the following class: class ActionController::TestCase setup :activate_authlogic end Here is my error: NameError: undefined local variable or method `activate_authlogic' for I think this Authlogic example is mapped over Rails 2; maybe it's a little bit different on Rails 3. Is there an other example where I can take example about unit test? Many thanks.

    Read the article

  • Should I stop redirecting after successful POST or PUT requests?

    - by Andres Jaan Tack
    It seems common in the Rails community, at least, to respond to successful POST, PUT or DELETE requests by redirecting instead of returning success. For instance, if I PUT a legal change to my user profile, the idiomatic response would be a 302 Redirect to the profile page. Isn't this wrong? Shouldn't we be returning 200 OK from the request? Or a 201 Created, in the case of a POST request? Either of those, in the HTTP/1.1 Status Definitions are allowed to (or required to) include a response, anyway. I guess I'm wondering, before I go and "fix" my application, whether there is there a darn good reason why the community has gone the way of redirects instead of successful responses.

    Read the article

  • After passing a reference to an method, any mods using that reference are not visible outside the me

    - by Jason
    I am passing the reference of name to *mod_name*, I modify the referenced object from within the method but the change is not visible outside of the method, if I am referring to the same object from all locations how come the value is different depending on where I reference it? name = "Jason" puts name.object_id #19827274 def mod_name(name) puts name.object_id #19827274 name = "JasonB" end puts name.object_id #19827274 puts name #Jason String might be a bad example, but I get the same result even if I use a Fixnum.

    Read the article

  • Is there a way to undo Mocha stubbing of any_instance in Test::Unit

    - by Craig Walker
    Much like this question, I too am using Ryan Bates's nifty_scaffold. It has the desirable aspect of using Mocha's any_instance method to force an "invalid" state in model objects buried behind the controller. Unlike the question I linked to, I'm not using RSpec, but Test::Unit. That means that the two RSpec-centric solutions there won't work for me. Is there a general (ie: works with Test::Unit) way to remove the any_instance stubbing? I believe that it's causing a bug in my tests, and I'd like to verify that.

    Read the article

  • Storing old previous year data in Rails?

    - by Millisami
    Hi, I'm developing an app which has massive data entries. Its like Campaign which has attrs like rate_per_sq_feet, start_date, end_date. i.e it will have max date of around 30 days. Once the campaign is finished, its done and another starts. Now I'm confused that how to store those campaigns as reports so that its not accessed regurlarly. What I mean is to store in such a way that it will act like report on later years to come? Its something like fiscal year on accounts where the previous year reports are stored with all the calculations done so that when retrieved later, all the algorithms and calculations shouldn't be performed. Something like frozen data??

    Read the article

  • RoR associations through or not through?

    - by showFocus
    I have four models that are related to one another, the way I have it setup at the moment is I have to select a county, region and country when entering a new city. class Country < ActiveRecord::Base has_many :regions has_many :counties has_many :cities end class Region < ActiveRecord::Base has_one :country has_many :counties has_many :cities end class County < ActiveRecord::Base has_one :country has_one :region has_many :cities end class City < ActiveRecord::Base has_one :country has_one :region has_one :county end Would it be better to use the :through symbol in the association? So I could say the city: has_one :country, :through => :region Not sure if this is correct, I have read how :through works but I'm not sure if this is the best solution. I am a newbie and while I'm not struggling with the syntax and how things work, it would be good to get opinions on best practices and the way things should be done from some rails wizards! Thanks in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 226 227 228 229 230 231 232 233 234 235 236 237  | Next Page >