Search Results

Search found 12686 results on 508 pages for 'ruby on rails3 beta'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 251/508 | < Previous Page | 247 248 249 250 251 252 253 254 255 256 257 258  | Next Page >

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • rails date field format on error

    - by ash34
    Hi, I have an input field that captures a date in my form <%= f.text_field :from_date, :style => 'width:80px;' %> The user enters the date in the following format MM/DD/YYYY. However, when there is a validation error in the model and the form is displayed back to the user with the entered values, the date format is converted to YYYY-MM-DD HH:MM:SS UTC. Where do I format this to show MM/DD/YYYY, when the form is displayed to the user. thanks.

    Read the article

  • Configure Rails app to retrieve ALL emails from inbox

    - by Kartik Rao
    I'm using the following code to retrieve emails from my Gmail inbox. def get_mail Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_NONE) Net::POP3.start('pop.gmail.com', 995, "uname","pass") do |pop| unless pop.mails.empty? pop.each_mail do |mail| email = TMail::Mail.parse(mail.pop) email_obj=EmailedQueries.new email_obj.save_email(email.from,email.subject,email.body_html) end end end end This works just fine, but it retrieves only new mails from the inbox. Instead, I want a seperate function that will retrieve ALL emails from the inbox. This function will be used rarely. I wont be retrieving all mails all the time. Only when necessary. Thanks!

    Read the article

  • Which persistent & lightweight queue messaging for cross domain (> 2) data exchange with rails integ

    - by Erwan
    Hi all, I'm looking for the right messaging system for my needs. Can you help me ? For now, there won't be a huge amount of data to process, but I don't want to be limited later ... The machines are not just web servers, so the messaging tool should be lightweight, even if processing is not very speed. When some data change on a server, all servers should have the information and process it locally. (should I create one channel per server on each of them ?) The frontend is written on Rails, so it is important, in order to simplify the development, that there is a gem / plugin to manage communications and data sent. At this time : RabbitMQ + workling seems to fit my needs. Could this be a right choice ? ActiveMQ make me afraid, because of Java (I really don't know very well Java, but it seems to me to be big CPU consumer) Others don't seem to be as mature as them. There might be lot of development using this kind of technology, so I can't go to the wrong way ! Thank you for help.

    Read the article

  • Easier way to generate paths

    - by Horace Loeb
    Songs on Rap Genius have paths like /lyrics/The-notorious-b-i-g-ft-mase-and-puff-daddy/Mo-money-mo-problems which are defined in routes.rb as: map.song '/lyrics/:artist_slug/:title_slug', :controller => 'songs', :action => 'show' When I want to generate such a path, I use song_url(:title_slug => song.title_slug, :artist_slug => song.artist_slug). However, I'd much prefer to be able to type song_url(some_song). Is there a way I can make this happen besides defining a helper like: def x_song_path(song) song_path(:title_slug => song.title_slug, :artist_slug => song.artist_slug) end

    Read the article

  • rails: include statement with two ON conditions

    - by Markus
    Hi, I have tree tables books bookmarks users where there is a n to m relation from books to users trough bookmarks. Im looking for a query, where I get all the books of a certain user including the bookmarks. If no bookmarks are there, there should be a null included... my sql statement looks like: SELECT * FROM `books` LEFT OUTER JOIN `bookmarks ` ON bookmarks.book_id = books.id AND bookmarks.user_id = ? In rails I only know the :include statement, but how can I add the second bookmarks.user_id = ? statement in the ON section of this query? if I put it in the :conditions part, no null results would get returned! Thanks! Markus

    Read the article

  • How to create an "edit" url for a restful resouce?

    - by Freewind
    In my partial template, there is a varible named "resource", it may be a question or an answer. I want to build a link to edit it, but when I use it, I don't know what it is, so I can't write: <%=link_to 'edit', edit_question_url(resource)%> or <%=link_to 'edit', edit_answer_url(resource)%> I wonder if there is such a method, say "url_for_edit()", can be used as: <%=link_to 'edit', url_for_edit(resource)%> Is there such a method?

    Read the article

  • adding model validation errors in rescue

    - by ash34
    I have the following model with a virtual attribute class Mytimeperiod < ActiveRecord::Base validates presence of :from_dt validates_format_of :from_dt, :with => /\A\d{2}\/\d{2}\/\d{4}\Z/, :message => "format is mm/dd/yyyy" def from_dt self.from_date.strftime("%m/%d/%Y") if !self.from_date.blank? end def from_dt=(from_dt) self.from_date = Date.parse(from_dt) rescue self.errors.add_to_base("invalid from dt") end end I am using <%= f.error_messages %> to display the error messages on the form. I am using from_dt as a virtual attribute (string). The 'presence of' and 'format of' validation errors show up on the form, but when the user enters an invalid date format on the form and Date.Parse raises an exception I have a 'errors.add_to_base' statement in the rescue clause. Can anyone tell me why this error does not show up in the form error messages when I disable the 'format of' validation. thanks.

    Read the article

  • Multi-lingual website and webby

    - by ximus
    Hi, Anyone know how to best implement a multilingual static site using webby? I would put content for the multiple languages in content/{lang}/{page}.txt for starters, any ideas on the rest? I've never used webby. Thanks, Max.

    Read the article

  • nested form collection_select new value overwriting previous selected values

    - by bharath
    Nested form <%= nested_form_for(@bill) do |f| %> <p><%= f.link_to_add "Add Product", :bill_line_items %> </p> Partial of bill line items <%= javascript_include_tag 'bill'%> <%= f.hidden_field :bill_id %> <%- prices = Hash[Product.all.map{|p| [p.id, p.price]}].to_json %> <%= f.label :product_id %> <%= f.collection_select :product_id ,Product.all,:id,:name, :class => 'product', :prompt => "Select a Product", input_html: {data: {prices: prices}}%> <br/ > <%= f.label :price, "price"%> <%= f.text_field :price, :size=>20, :class =>"price" %><br/> bill.js jQuery(document).ready(function(){ jQuery('.product').change(function() { var product_id = jQuery(this).val(); var price = eval(jQuery(this).data("prices"))[product_id]; jQuery('.price').val(price); }); }); Rails 3.2 Issue: Second click on Add Product & on selecting the product When we select the second product the price of second product is overwriting on the price of the first selected product. Request help.

    Read the article

  • Is there a way to undo Mocha stubbing of any_instance in Test::Unit

    - by Craig Walker
    Much like this question, I too am using Ryan Bates's nifty_scaffold. It has the desirable aspect of using Mocha's any_instance method to force an "invalid" state in model objects buried behind the controller. Unlike the question I linked to, I'm not using RSpec, but Test::Unit. That means that the two RSpec-centric solutions there won't work for me. Is there a general (ie: works with Test::Unit) way to remove the any_instance stubbing? I believe that it's causing a bug in my tests, and I'd like to verify that.

    Read the article

  • Supporting different locale regions using Rails i18n

    - by Olly
    I'm using the standard Rails I18n API to localise some of our views. This is working really well, but we now have a few use cases for regional changes to the en locale. The API guide mentions that this isn't supported directly, and other plugins should be used. However, I'm wondering whether there's a simpler way to do this. I already have en.yml, so in theory I could just create en-AU.yml and en-US.yml which are effectively clones of en.yml but with a few regional changes applied. I could then add additional English - American and English - Australian options to our configuration which would map to the new region-specific locales and allow users to use a region-specific locale. The only problem I can think of with this is that it isn't DRY -- I would have duplicate translations for all common English words. I can't see a way around this. Are there any other disadvantages to this approach, or should I just bite the bullet and dive into one of the plug-ins such as Globalize2 instead?

    Read the article

  • Rails Authlogic - no documentation about SingleAccessToken

    - by northox
    I been searching how to use the single access token in Authlogic but there is no consistent documentation on the web. Anyone knows how it work? Presently, I have this: class UserSession < Authlogic::Session::Base single_access_allowed_request_types = :all end And been using this url: www.mysite.com/?user_credentials=xyz but it does not work and the CSRF protection (protect_from_forgery()) is in the way too. thanks,

    Read the article

  • juggernaut error

    - by ZX12R
    i am trying to experiment with Juggernaut plugin using chat_sandbox example. i get this error message Juggernaut: There has been an error connecting on 127.0.0.1:5001 I have no idea what it means. my juggernaut.yml is as follows :hosts: - :port: 5001 :host: 127.0.0.1 :public_host: 127.0.0.1 :public_port: 5001 # :secret_key: your_secret_key # :environment: :development Thanks in advance.

    Read the article

  • searchlogic and virtual attributes

    - by Ermin
    Let's say I have the following model: Person <AR def name [self.first_name,self.middle_name,self.last_name].select{|n| n.present?}.join(' ') end end How could I do a search on the virtual attribute with searchlogic, something like: Person.search.name_like 'foo' Of courese I could construct a large statement like: Person.search.first_name_like_or_last_name_like_or_... 'argh' but surely there is a more elegant way.

    Read the article

  • How to control respond_to based on variable in Rails controller?

    - by smotchkkiss
    The dilemma I'm using a before_filter in my controller that restricts access to admins. However, I want to allow access public access to some methods based on request format. See the index method to understand what I'm talking about. items_controller.rb class ItemsController < ApplicationController before_filter :superuser_required layout 'superuser' def index @items = Item.all respond_to do |format| format.html format.js # I want public to have access to this end end def show @item = Item.find(params[:id]) respond_to do |format| format.html end end def new @item = Item.new respond_to do |format| format.html end end # remaining controller methods # ... def superuser_required redirect_to login_path unless current_user.superuser? end end

    Read the article

  • Whats the significance of named scope in rails?

    - by piemesons
    Before going for details. Question 1:-- Whats the meaning of scope here (ie named scope)? whats the benefits of using named scope? Now:- from agile development with rails book:-- class Order < ActiveRecord::Base named_scope :last_n_days, lambda { |days| {:conditions => ['updated < ?' , days] } } named_scope :checks, :conditions => {:pay_type => :check} end Such a named scope would make finding the last weeks worth of orders a snap. orders = Orders.last_n_days(7) Scopes can also be combined orders = Orders.checks.last_n_days(7) why we are using named_scope here. We can do the same using methods. Whats special thing we got using named_scope.

    Read the article

  • After passing a reference to an method, any mods using that reference are not visible outside the me

    - by Jason
    I am passing the reference of name to *mod_name*, I modify the referenced object from within the method but the change is not visible outside of the method, if I am referring to the same object from all locations how come the value is different depending on where I reference it? name = "Jason" puts name.object_id #19827274 def mod_name(name) puts name.object_id #19827274 name = "JasonB" end puts name.object_id #19827274 puts name #Jason String might be a bad example, but I get the same result even if I use a Fixnum.

    Read the article

  • Storing old previous year data in Rails?

    - by Millisami
    Hi, I'm developing an app which has massive data entries. Its like Campaign which has attrs like rate_per_sq_feet, start_date, end_date. i.e it will have max date of around 30 days. Once the campaign is finished, its done and another starts. Now I'm confused that how to store those campaigns as reports so that its not accessed regurlarly. What I mean is to store in such a way that it will act like report on later years to come? Its something like fiscal year on accounts where the previous year reports are stored with all the calculations done so that when retrieved later, all the algorithms and calculations shouldn't be performed. Something like frozen data??

    Read the article

  • Generating a static website from a set of content data (possibly with webgen, webby or a similar too

    - by Darel
    My company (an engineering firm) is looking to redesign their website with some dynamic content. We have a nice portfolio of projects that we'd like to present on our site by category. To elaborate, I'd like to have a "Projects Category" menu, where you can choose a sub-project category (such as churches, schools, etc) which links to a page with images of all projects which have been tagged with that category attribute. Clicking on an image would then take you to a detailed page for that project. I have done a good bit of asp and jsp page development, but I've always worked on the front end in an enterprise environment - I've never built a production site from the back end. The advice I've gotten so far is that a full-blown CMS solution would be somewhat overkill, as we won't have a large hit count, and we'll be displaying a few hundred projects at most. One big-picture choice I appear to have - whether to dynamically generate the pages (with asp or jsp) or to use a tool to generate a set of static html pages. The tool would build the menus, project summary pages, and individual project pages based on a set of data I could provide (in the form of a database or text file.) I'm leaning towards trying to use a tool like webgen or webby to statically generate the site due to our current web hosting situation. Any thoughts on which approach is more appropriate? Is webgen or webby capable of doing what I am trying to do? Or can anyone recommend other web authoring tools better equipped to accomplish this? Thanks for any feedback!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 247 248 249 250 251 252 253 254 255 256 257 258  | Next Page >