Ruby On Rails
Database field and table names to avoid when using Rails
by specialj on Dec.12, 2010, under Ruby On Rails
I’ve looked for a list of field names to not use that I can hand off to the db folks on projects but so far I cannot find one.
I guess I’ll just start documenting the ones I know of to be problematic.
Playing with Rails XSS protection
by specialj on Aug.23, 2010, under Ruby On Rails
So in Rails 3 xss is protection is built in. This is good. In fact, I’ve wanted to see this since I first start coding rails in the 1.x days. I have not started any Rails 3 projects yet but I have been playing with enabling this on a Rails 2.3.8 project by using erubis and the rails_xss gem. Switching over I found lots of problems where strings which should be safe are being escaped. Of course I can easily mark the string as safe but I wanted to learn why this was happening. I found that the join method does not seem to keep strings safe.
1 2 3 4 5 6 7 8 | >> ("foo".html_safe + "bar".html_safe).html_safe? => true >> ("foo".html_safe << "bar".html_safe).html_safe? => true >> ["foo".html_safe, "bar".html_safe].join.html_safe? => nil >> ["foo".html_safe, "bar".html_safe].join(''.html_safe).html_safe? => nil |
I’ve also noticed that mail_to does not return an html_safe string. It appears to have been fixed in Rails 3 but not correct in the rails_xss gem.
Learned a lot about nested attributes and Rails
by specialj on Jun.04, 2010, under Ruby On Rails
It’s been a frustrating night trying to figure out how accepts_nested_attributes_for, autosave, dirtyness, and Rails versions all fit together. Going to try and summarize my findings and hopefully I’ll get it right.
- accepts_nested_attributes_for turns on autosave
- autosave will cause any loaded associations to be saved when save for the parent object is called
- the key word is “loaded”, so a find with an include will cause the association to be loaded, and thus autosaved (took my a long time to track this down)
- in Rails 2.3.5 the association is saved regardless of dirty state
- in Rails 2.3.8 the association is saved only if dirty
Resources for working with ICalendar, Ruby, and Rails
by specialj on Mar.25, 2010, under Ruby On Rails, Web Development
Icalendar is not fun to work with. If only there was a library that would make it easy and pleasant. Alas, that does not seem to be the case, but there are places to start.
There are 3 ICalendar libraries available as gems:
- iCalendar – version 1.1.3 released 3/2010
- iCalendar home – rdoc
- RiCal – version 0.8.5 was released 9/2009
- RiCal home – links to rdoc, google group, bug tracker
- GitHub
- Author’s Blog Posts tagged with “RiCal”
- vPim – version 0.695 was released 3/2009
Beyond that I’d say anyone planning to work with ICalendar files should be prepared to dig into the reference. I found iCalendar Specification Excerpts particularly useful.
Simple way to capitalize the first letter of each word in a string using Ruby
by specialj on Mar.18, 2010, under Ruby On Rails
I am not infrequently looking to translate a string of either all lowercase or all uppercase characters to a string with the first character of each word capitalized. I decided to see if I could come up with a quick and easy way to do this in Ruby. This is what I came up with:
"STRING TO CAPITALIZE".gsub(/\b(\w+)/) {|x| x.capitalize}
=> "String To Capitalize"
"string to capitalize".gsub(/\b(\w+)/) {|x| x.capitalize}
=> "String To Capitalize"
It’s not perfect as I think it will choke on quotes but good enough for 5 minutes worth of work.
Building SOAP service in Rails
by specialj on Feb.20, 2010, under Ruby On Rails
Looks like I may have to do it. I got started with some reading:
Ruby Arrays and Hashes and Days of the Week.
by specialj on Feb.16, 2010, under Ruby On Rails
I was playing around with different ways to represent the days of the week and their index from 0 to 6 as hashes and arrays. Here’s what I cam up with:
irb(main):001:0> require 'date'
=> true
irb(main):002:0> Date::DAYNAMES
=> ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"]
irb(main):003:0> Date::DAYNAMES.enum_with_index.to_a
=> [["Sunday", 0], ["Monday", 1], ["Tuesday", 2], ["Wednesday", 3], ["Thursday", 4], ["Friday", 5], ["Saturday", 6]]
irb(main):004:0> Date::DAYNAMES.enum_with_index.to_a.map{|a| a.reverse}
=> [[0, "Sunday"], [1, "Monday"], [2, "Tuesday"], [3, "Wednesday"], [4, "Thursday"], [5, "Friday"], [6, "Saturday"]]
irb(main):005:0> Hash[*Date::DAYNAMES.enum_with_index.to_a.flatten]
=> {"Friday"=>5, "Wednesday"=>3, "Saturday"=>6, "Tuesday"=>2, "Monday"=>1, "Sunday"=>0, "Thursday"=>4}
irb(main):006:0> Hash[*Date::DAYNAMES.enum_with_index.to_a.flatten].invert
=> {5=>"Friday", 0=>"Sunday", 6=>"Saturday", 1=>"Monday", 2=>"Tuesday", 3=>"Wednesday", 4=>"Thursday"}
2 ways to use LIKE queries with wildcards safely in Rails finders
by specialj on Feb.11, 2010, under Ruby On Rails
It is important to sanitize variables that may come from users to prevent SQL injection attacks. Rails makes this easy by default:
Author.find(:all, :conditions=>['first_name = ?', first_name]
However this will not work:
Author.find(:all, :conditions=>['first_name LIKE "%?%"', first_name]
This will work but is insecure:
Author.find(:all, :conditions=>"first_name LIKE '%#{first_name}%'"
Solution 1:
Author.find(:all, :conditions=>['first_name LIKE ?', "%#{first_name}%"]
Solution 2:
Author.find(:all, :conditions=>['first_name LIKE CONCAT("%", ?, "%")', first_name]
