Search Results

Search found 13241 results on 530 pages for 'ruby ide'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 268/530 | < Previous Page | 264 265 266 267 268 269 270 271 272 273 274 275  | Next Page >

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • weird behavior with acts_as_taggable_on

    - by macek
    For some reason, tags aren't showing up on a taggable object when an tagger is specified. testing the post class Post < ActiveRecord::Base acts_as_taggable_on :tags belongs_to :user end >> p = Post.first => #<Post id: 1, ...> >> p.is_taggable? => true >> p.tag_list = "foo, bar" => "foo, bar" >> p.save => true >> p.tags => [#<Tag id: 1, name: "foo">, #<Tag id: 2, name: "bar">] testing the user class User < ActiveRecord::Base acts_as_tagger has_many :posts end >> u = User.first => #<User id: 1, ...> >> u.is_tagger? => true >> u.tag(p, :with => "hello, world", :on => :tags) => true >> u.owned_tags => [#<Tag id: 3, name: "hello">, #<Tag id: 4, name: "world">] refresh the post >> p = Post.first => #<Post id: 1 ...> >> p.tags => [#<Tag id: 2, name: "bar">, #<Tag id: 1, name: "foo">] Where's the hello and world tags? Miraculously, if I modify the database directly to set tagger_id and tagger_type to NULL, the two missing tags will show up. I suspect there's something wrong with my User model? What gives?

    Read the article

  • After passing a reference to an method, any mods using that reference are not visible outside the me

    - by Jason
    I am passing the reference of name to *mod_name*, I modify the referenced object from within the method but the change is not visible outside of the method, if I am referring to the same object from all locations how come the value is different depending on where I reference it? name = "Jason" puts name.object_id #19827274 def mod_name(name) puts name.object_id #19827274 name = "JasonB" end puts name.object_id #19827274 puts name #Jason String might be a bad example, but I get the same result even if I use a Fixnum.

    Read the article

  • Backing up my locally hosted rails apps in preparation for OS upgrade

    - by stephen murdoch
    I have some apps running on Heroku. I will be upgrading my OS in two weeks. The last time I upgraded though (6 months ago) I ran into some problems. Here's what I did: copied all my rails apps onto DVD upgraded OS transferred rails apps from DVD to new OS Then, after setting up new SSH-keys I tried to push to some of my heroku apps and, whilst I can't remember the exact error message off-hand, it more or less amounted to "fatal exception the remote end hung up" So I know that I'm doing something wrong here. First of all, is there any need for me to be putting my heroku hosted rails apps onto DVD? Would I be better just pulling all my apps from their heroku repos once I've done the upgrade? What do others do here? The reason I stuck them on DVD is because I tend to push a specific production branch to Heroku and sometimes omit large development files from it... Secondly, was this problem caused by SSH keys? Should I have backed up the old keys and transferred them from my old OS to my new one too, or is Heroku perfectly happy to let you change OS's like that? My solution in the end was to just create new heroku apps and reassign the custom domain names in heroku add-ons menu... I never actually though of pulling from the heroku repos as I tend to push a specific branch to heroku and that branch doesn't always have all the development files in it... I realise that the error message I mentioned doesn't particularly help anyone but I didn't think to remember it 6 months ago. Any advice would be appreciated PS - when I say upgrade, I mean full install of the new version with full format of the HDD.

    Read the article

  • RJS in controller

    - by Jamal Abdul Nasir
    i have put the following rjs in a controller... but it gives me the following error... TypeError: Element.update is not a function respond_to do |format| format.js do responds_to_parent do render :update do |page| page.replace_html 'errorLay', :text => "Page with the same name already exists." page.show 'errorLay' page.delay(2) do page.hide 'errorLay' end end end end end so how can i get rid of this error...?

    Read the article

  • Unit test with Authlogic on Rails 3

    - by Puru puru rin..
    Hello, I would like to write some unit test with a logged user using Authlogic. To start right, I used some code hosted in http://github.com/binarylogic/authlogic_example. But I get an error after rake test, because of "test_helper.rb" and the following class: class ActionController::TestCase setup :activate_authlogic end Here is my error: NameError: undefined local variable or method `activate_authlogic' for I think this Authlogic example is mapped over Rails 2; maybe it's a little bit different on Rails 3. Is there an other example where I can take example about unit test? Many thanks.

    Read the article

  • Configure Rails app to retrieve ALL emails from inbox

    - by Kartik Rao
    I'm using the following code to retrieve emails from my Gmail inbox. def get_mail Net::POP3.enable_ssl(OpenSSL::SSL::VERIFY_NONE) Net::POP3.start('pop.gmail.com', 995, "uname","pass") do |pop| unless pop.mails.empty? pop.each_mail do |mail| email = TMail::Mail.parse(mail.pop) email_obj=EmailedQueries.new email_obj.save_email(email.from,email.subject,email.body_html) end end end end This works just fine, but it retrieves only new mails from the inbox. Instead, I want a seperate function that will retrieve ALL emails from the inbox. This function will be used rarely. I wont be retrieving all mails all the time. Only when necessary. Thanks!

    Read the article

  • Let a question always :include its author, how?

    - by Freewind
    class Question < ActiveRecord::Base belongs_to :author end class Author < ActiveRecord::Base has_many :questions end When I find some questions, I usually need to get their authors at the same time, so I use: Question.find(:all, :include=>:authors) But I don't write the ":include" part everywhere. I hope I can define the "include" somewhere only once, and when I find questions, the author will be automaticly loaded. Is there any way to do this?

    Read the article

  • searchlogic and virtual attributes

    - by Ermin
    Let's say I have the following model: Person <AR def name [self.first_name,self.middle_name,self.last_name].select{|n| n.present?}.join(' ') end end How could I do a search on the virtual attribute with searchlogic, something like: Person.search.name_like 'foo' Of courese I could construct a large statement like: Person.search.first_name_like_or_last_name_like_or_... 'argh' but surely there is a more elegant way.

    Read the article

  • Why does yaml.dump add quotes this key-value pair

    - by jason gagne
    I'm trying to write a new entry to a rails database.yml and for some reason I'm getting quotes around this entry db_yml = {'new_env' = {'database' = 'database_name', '<<' = '*defaults' }} File.open("#{RAILS_ROOT}/config/database.yml", "a") {|f| YAML.dump(db_yml, f)} returns --- new_env: database: database_name "<<": "*defaults" I don't know why the "---" and the quotes around the defaults are returned, any thoughts on how to prevent? thanks!

    Read the article

  • Should this even be a has_many :through association?

    - by GoodGets
    A Post belongs_to a User, and a User has_many Posts. A Post also belongs_to a Topic, and a Topic has_many Posts. class User < ActiveRecord::Base has_many :posts end class Topic < ActiveRecord::Base has_many :posts end class Post < ActiveRecord::Base belongs_to :user belongs_to :topic end Well, that's pretty simple and very easy to set up, but when I display a Topic, I not only want all of the Posts for that Topic, but also the user_name and the user_photo of the User that made that Post. However, those attributes are stored in the User model and not tied to the Topic. So how would I go about setting that up? Maybe it can already be called since the Post model has two foreign keys, one for the User and one for the Topic? Or, maybe this is some sort of "one-way" has_many through assiociation. Like the Post would be the join model, and a Topic would has_many :users, :through = :posts. But the reverse of this is not true. Like a User does NOT has_many :topics. So would this even need to be has_many :though association? I guess I'm just a little confused on what the controller would look like to call both the Post and the User of that Post for a give Topic. Edit: Seriously, thank you to all that weighed in. I chose tal's answer because I used his code for my controller; however, I could have just as easily chosen either j.'s or tim's instead. Thank you both as well. This was so damn simple to implement, and I think today marks the day that I'm beginning to fall in love with rails.

    Read the article

  • Rails - how can I query the db w/o touching the sessions table

    - by sa125
    Hi - I'm trying to provide a HTTP api to my app that queries a db that's read-only (for replication purposes). I find that my app crashes repeatedly when making a request b/c the call is trying to update the sessions table whenever I query the db. This doesn't happen when I return some text without hitting the database for info. class APIController < AplicationController def view data = Product.find(params[:id]).to_json # will fail data = { :one => 1, :two => 2 }.to_json # will succeed respond_to do |format| format.html { render :json => data } end end end How do I restrict it from touching the sessions table on this request (it's currently issuing an UPDATE on the updated_at field for that session). thanks.

    Read the article

  • juggernaut error

    - by ZX12R
    i am trying to experiment with Juggernaut plugin using chat_sandbox example. i get this error message Juggernaut: There has been an error connecting on 127.0.0.1:5001 I have no idea what it means. my juggernaut.yml is as follows :hosts: - :port: 5001 :host: 127.0.0.1 :public_host: 127.0.0.1 :public_port: 5001 # :secret_key: your_secret_key # :environment: :development Thanks in advance.

    Read the article

  • Base-camp Style Subdomains and IDs of Models

    - by Newy
    I have an app that has Basecamp-style subdomains, that is, I have Projects, Users, Apples and Oranges. The Users, Apples and Oranges are all keyed to a Project and only exist in the http://project.myapp.com. I added a project_id to Users, Apples and Oranges and everything works, except of course that the ids of those three objects increment globally, and throughout my app I lookup objects by that id. This doesn't seem like best practice. Should I instead do lookups by a secondary key? How does that affect efficiency? If there's a good blog post that covers this, would be wesome.

    Read the article

  • best practice for boolean REST results

    - by Andrew Patterson
    I have a resource /system/resource And I wish to ask the system a boolean question about the resource that can't be answered by processing on the client (i.e I can't just GET the resource and look through the actual resource data - it requires some processing on the backend using data not available to the client). eg /system/resource/related/otherresourcename I want this is either return true or false. Does anyone have any best practice examples for this type of interaction? Possibilities that come to my mind: use of HTTP status code, no returned body (smells wrong) return plain text string (True, False, 1, 0) - Not sure what string values are appropriate to use, and furthermore this seems to be ignoring the Accept media type and always returning plain text come up with a boolean object for each of my support media types and return the appropriate type (a JSON document with a single boolean result, an XML document with a single boolean field). However this seems unwieldy. I don't particularly want to get into a long discussion about the true meaning of a RESTful system etc - I have used the word REST in the title because it best expresses the general flavour of system I am designing (even if perhaps I am tending more towards RPC over the web rather than true REST). However, if someone has some thoughts on how a true RESTful system avoids this problem entirely I would be happy to hear them.

    Read the article

  • Overriding as_json has no effect?

    - by Ola Tuvesson
    I'm trying to override as_json in one of my models, partly to include data from another model, partly to strip out some unnecessary fields. From what I've read this is the preferred approach in Rails 3. To keep it simple, let's say I've got something like: class Country < ActiveRecord::Base def as_json(options={}) super( :only => [:id,:name] ) end end and in my controller simply def show respond_to do |format| format.json { render :json => @country } end end Yet whatever i try, the output always contains the full data, the fields are not filtered by the ":only" clause. Basically, my override doesn't seem to kick in, though if I change it to, say... class Country < ActiveRecord::Base def as_json(options={}) {foo: "bar"} end end ...I do indeed get the expected JSON output. Have I simply got the syntax wrong?

    Read the article

  • Why am I getting an error on Heroku that suggests I need to migrate my app to Bamboo?

    - by user242065
    When I type: git push heroku master, this is what happens @68-185-86-134:sample_app git push heroku master Counting objects: 110, done. Delta compression using up to 2 threads. Compressing objects: 100% (94/94), done. Writing objects: 100% (110/110), 87.48 KiB, done. Total 110 (delta 19), reused 0 (delta 0) -----> Heroku receiving push -----> Rails app detected ! This version of Rails is only supported on the Bamboo stack ! Please migrate your app to Bamboo and push again. ! See http://docs.heroku.com/bamboo for more information ! Heroku push rejected, incompatible Rails version error: hooks/pre-receive exited with error code 1 To [email protected]:blazing-frost-89.git ! [remote rejected] master -> master (pre-receive hook declined) error: failed to push some refs to '[email protected]:blazing-frost-89.git' My .gems file: rails --version 2.3.8 My .git/config file: [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true ignorecase = true [remote "origin"] url = [email protected]:csmeder/sample_app.git fetch = +refs/heads/*:refs/remotes/origin/* [remote "heroku"] url = [email protected]:blazing-frost-89.git fetch = +refs/heads/*:refs/remotes/heroku/*

    Read the article

  • Rails: Custom template for email "deliver_" method?

    - by neezer
    I'm building an email system that stores my different emails in the database and calls the appropriate "deliver_" method via method_missing (since I can't explicitly declare methods since they're user-generated). My problem is that my rails app still tries to render the template for whatever the generated email is, though those templates don't exist. I want to force all emails to use the same template (views/test_email.html.haml), which will be setup to draw their formatting from my database records. How can I accomplish this? I tried adding render :template => 'test_email' in the test_email method in emailer_controller with no luck. models/emailer.rb: class Emailer < ActionMailer::Base def method_missing(method, *args) # not been implemented yet logger.info "method missing was called!!" end end controller/emailer_controller.rb: class EmailerController < ApplicationController def test_email @email = Email.find(params[:id]) Emailer.send("deliver_#{@email.name}") end end views/emails/index.html.haml: %h1 Listing emails %table{ :cellspacing => 0 } %tr %th Name %th Subject - @emails.each do |email| %tr %td=h email.name %td=h email.subject %td= link_to 'Show', email %td= link_to 'Edit', edit_email_path(email) %td= link_to 'Send Test Message', :controller => 'emailer', :action => 'test_email', :params => { :id => email.id } %td= link_to 'Destroy', email, :confirm => 'Are you sure?', :method => :delete %p= link_to 'New email', new_email_path Error I'm getting with the above: Template is missing Missing template emailer/name_of_email_in_database.erb in view path app/views

    Read the article

  • Should I stop redirecting after successful POST or PUT requests?

    - by Andres Jaan Tack
    It seems common in the Rails community, at least, to respond to successful POST, PUT or DELETE requests by redirecting instead of returning success. For instance, if I PUT a legal change to my user profile, the idiomatic response would be a 302 Redirect to the profile page. Isn't this wrong? Shouldn't we be returning 200 OK from the request? Or a 201 Created, in the case of a POST request? Either of those, in the HTTP/1.1 Status Definitions are allowed to (or required to) include a response, anyway. I guess I'm wondering, before I go and "fix" my application, whether there is there a darn good reason why the community has gone the way of redirects instead of successful responses.

    Read the article

  • Test for absence of an input tag's value attribute

    - by Jeff
    How can I confirm the absence of a HTML attribute in a Rails RSpec test? I can verify that an input tag has a value attribute and that it is an empty string like so: response.should have_tag("input[name=?][value=?]", "user[password]", "") response.should have_tag("input[name=?][value=?]", "user[password_confirmation]", "") But what I want to do is verify that my input fields do not have a value attribute at all (i.e., a blank field).

    Read the article

  • RoR associations through or not through?

    - by showFocus
    I have four models that are related to one another, the way I have it setup at the moment is I have to select a county, region and country when entering a new city. class Country < ActiveRecord::Base has_many :regions has_many :counties has_many :cities end class Region < ActiveRecord::Base has_one :country has_many :counties has_many :cities end class County < ActiveRecord::Base has_one :country has_one :region has_many :cities end class City < ActiveRecord::Base has_one :country has_one :region has_one :county end Would it be better to use the :through symbol in the association? So I could say the city: has_one :country, :through => :region Not sure if this is correct, I have read how :through works but I'm not sure if this is the best solution. I am a newbie and while I'm not struggling with the syntax and how things work, it would be good to get opinions on best practices and the way things should be done from some rails wizards! Thanks in advance.

    Read the article

  • rdoc and the "--accessor" option

    - by Brian Ploetz
    rdoc --help says: --accessor, -A accessorname[,..] comma separated list of additional class methods that should be treated like 'attr_reader' and friends. Option may be repeated. Each accessorname may have '=text' appended, in which case that text appears where the r/w/rw appears for normal accessors. Does anyone have any working examples of doing this (both the accessor method definition and the rdoc command invocation)? No matter what combination I try, my accessors will not show up in the RDoc output. Thanks.

    Read the article

  • Save has_and_belongs_to_many link in basic RoR app

    - by Stéphane V
    I try to learn the has_and_belongs_to_many relationship between my 2 fresh new and simple models Product and Author, where a Product can have many authors and where author can have a lots of products. I wrote this : class Author < ActiveRecord::Base has_and_belongs_to_many :products end class Product < ActiveRecord::Base has_and_belongs_to_many :authors end In the partial form of view for the products, I have : <p>Products</p> <%= collection_select(:product, :author_ids, @authors, :id, :name, :prompt => " ", :multiple => true) %> but when I hit the update button, I get this strange message I can't resolve myself : NoMethodError in ProductsController#update undefined method `reject' for "1":String Rails.root: /home/stephane/www/HABTM Application Trace | Framework Trace | Full Trace app/controllers/products_controller.rb:63:in block in update' app/controllers/products_controller.rb:62:inupdate' Request Parameters: {"utf8"="✓", "_method"="put", "authenticity_token"="2GlTssOFjTVZ9BikrIFgx22cdTOIJuAB70liYhhLf+4=", "product"={"title"="Le trésor des Templiers", "original_title"="", "number"="1", "added_by"="", "author_ids"="1"}, "commit"="Update Product", "id"="1"} What's wrong ? Is there a problem with :product_ids... I saw on internet I had to pu a "s" but I'm not sure of what it represents.... How can I link the table authors_products to the key which is given back by the drop-down menu ? (here "author_ids"="1") Thx !

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 264 265 266 267 268 269 270 271 272 273 274 275  | Next Page >