Search Results

Search found 12686 results on 508 pages for 'ruby on rails3 beta'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 344/508 | < Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351  | Next Page >

  • session fixation

    - by markiv
    Hi All, I am new to web development, and trying to get a hold on security issues. I went through this article on http://guides.rubyonrails.org/security.html these are some of the steps the author has mentioned how an attacker fixes session. 1. The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). 2. He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. 3. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>?document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";?</script>. Read more about XSS and injection later on. 4. The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim’s browser will change the session id to the trap session id. 5. As the new trap session is unused, the web application will require the user to authenticate. 6. From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn’t notice the attack. I dont understand couple of points. i) why is user made to login in step5, since session is sent through. ii) I saw possible solutions on wiki, like user properties check and others why cant we just reset the session for the user whoever is login in when they enter username and password in step5? Thanks in advance Markiv

    Read the article

  • How do I quiet image_submit_tag from params hash?

    - by Alan S
    Does anyone know how to eliminate the x and y params when you use image_submit_tag with a get method? I have a simple search form, and using get to pass the value in the url. When I use image_submit_tag, it also appends the x and y coords, so I get urls like http://example.com?q=somesearchterm&x=15&y=12 When I have used submit_tag, I can use the :name = nil attribute (was in one of Ryan Bates' Railscasts), but it doesn't seem to work for image_submit_tag. Granted it doesn't affect functionality, but I don't need them and would like them quieted.

    Read the article

  • Rails toggling closest submit button in a form with radio buttons

    - by Timothy
    I have a bunch of forms listed in Rails like such <% parent.children.some_named_scope.each do |child| %> <% form_for :parent, parent do |f| %> <% current_value = child.column_to_set %> <% child.possible_values_for_column_to_set.each do |value| %> <% f.fields_for :children, child, :child_index => child.id.to_s do |child_form| %> <%= child_form.label :column_to_set, value.to_s.titleize, :value => value %> <%= child_form.radio_button, :column_to_set, value, :type => 'radio' %> <% end %> <% end %> <%= f.submit "Submit", :disabled => true %> <% end %> <% end %> How do I set the submit button's disabled to false, dynamically, when it is not current_value and set it to true when it is while the user clicks radio buttons?

    Read the article

  • rails 3.1 partial_updates doesn't seem to work with password

    - by user1306769
    i have a user model with a password attribute, which gets saved as password_digest. What i want to do is have the edit user page and the edit password page separated, so that the admin doesn't need to input the password everytime he needs to change something else. For this i have made an extra action / view. My problem is that when i update the user info, i get password validation errors even though i have no password field in the form. Which leads me to the conclusion that partial_updates isn't working with the password attribute (as i have already tested in the console that it is enabled, and it is) Is this me doing something wrong, or should i approach this differently?

    Read the article

  • MIgrations and Rspec

    - by pablorc
    Hi, I'm developing a Rails application with Rspec for unit testing. Weeks ago, Rspec used to migrate the database to the last version automatically when executing 'rake spec', but now it doesn't do it automatically, I have to implement everything for myself. This happens in test environment, because my development data doesn't desappear. Is my fault? I didn't change anything, I think :) Thanks in advance.

    Read the article

  • Simple Sinatra Ajax Not Working

    - by proteantech
    I was trying make an AJAX call from a static file on my computer to a simple sinatra service. The ajax call was returning with an error and no details. The server logged no errors either. Another strange symptom was that the Origin in the request header was null. I turns out that you can't make cross domain ajax calls without a little extra effort. You can set the Access-Control-Allow-Origin header on your sinatra response to expose your service to external domains using a snippet like this: get '/hi' do response['Access-Control-Allow-Origin'] = '*' content_type 'text/plain' "Hello World" end There's also another header you can set to allow other HTTP Methods besides gets, Access-Control-Request-Method. You can find more information by searching around for CORS: Cross Origin Resource Sharing and the previously mentioned headers. Oh, and in case you want to do this in Rails as well you can do something like this in your controller: after_filter :set_access_control_headers def set_access_control_headers headers['Access-Control-Allow-Origin'] = '*' headers['Access-Control-Request-Method'] = '*' end

    Read the article

  • Proc causing a random TypeError

    - by go____yourself
    I'm refactoring some code and this proc is causing an error randomly and I don't know why or how to debug it... Any ideas? New code with proc defense_moves, offense_moves = [], [] determine_move = ->move,side,i { side << move.count(move[i]) } defense.size.times { |i| determine_move.(defense, defense_moves, i) } offense.size.times { |i| determine_move.(offense, offense_moves, i) } dm = defense[defense_moves.index(defense_moves.max)].nil? ? [0] : defense[defense_moves.index(defense_moves.max)] om = offense[offense_moves.index(offense_moves.max)].nil? ? [0] : offense[offense_moves.index(offense_moves.max)] Original code: d = 0 defense_moves = [] loop do defense_moves << defense.count(defense[d]) break if defense.count(defense[d]).zero? d += 1 end o = 0 offense_moves = [] loop do offense_moves << offense.count(offense[o]) break if offense.count(offense[o]).zero? o += 1 end dm = defense[defense_moves.index(defense_moves.max)].nil? ? [0] : defense[defense_moves.index(defense_moves.max)] om = offense[offense_moves.index(offense_moves.max)].nil? ? [0] : offense[offense_moves.index(offense_moves.max)] TypeError ttt2.rb:95:in `[]': no implicit conversion from nil to integer (TypeError) from ttt2.rb:95:in `computer_make_move' from ttt2.rb:133:in `draw_board' from ttt2.rb:24:in `place' from ttt2.rb:209:in `block in start_new_game' from ttt2.rb:188:in `loop' from ttt2.rb:188:in `start_new_game' from ttt2.rb:199:in `block in start_new_game' from ttt2.rb:188:in `loop' from ttt2.rb:188:in `start_new_game' from ttt2.rb:199:in `block in start_new_game' from ttt2.rb:188:in `loop' from ttt2.rb:188:in `start_new_game' from ttt2.rb:199:in `block in start_new_game' from ttt2.rb:188:in `loop' from ttt2.rb:188:in `start_new_game' from ttt2.rb:199:in `block in start_new_game' from ttt2.rb:188:in `loop' from ttt2.rb:188:in `start_new_game' from ttt2.rb:234:in `<main>'

    Read the article

  • Rails: validate presence of parent_id in has_many association

    - by deb
    I have a projects resource that has many tasks. I want to ensure that every task has a project_id by adding validates_presence_of :project_id to the tasks model. However, when creating a new project with tasks, the project_id won't be available until the record saves, therefore I can't use validates_presence_of :project_id. So my question is, how do I validate presence of project_id in the task model? I want to ensure every task has a parent. ... class Project < ActiveRecord::Base has_many :tasks, :dependent => :destroy accepts_nested_attributes_for :tasks, :allow_destroy => true ... class Task < ActiveRecord::Base belongs_to :project validates_presence_of :project_id

    Read the article

  • Simple search only searching last word of record

    - by bennett_an
    I set up a simple search as instructed in part of railscast #240. in controller @reports = Report.search(params[:search]).order('created_at DESC').paginate(:page => params[:page], :per_page => 5) in model def self.search(search) if search where('apparatus LIKE ?', "%#{search}") else scoped end end in view <%= form_tag reports_path, :method => :get do %> <p> <%= text_field_tag :search, params[:search] %> <%= submit_tag "Search", :name => nil %> </p> <% end %> it all works... but... I have a few records for example, one with "another time test" and another with "last test of time" if i search "test" the first comes up but the second doesn't, and if i search "time" the second comes up but not the first. It is only seeing the last word of the record. what gives?

    Read the article

  • ActiveRecord date format

    - by Mongus Pong
    I've run into a spot of bother with date formats in our Rails application. I have a date field in our view which I want to be formatted as dd/mm/yy. This is how the user will expect to enter their dates, and the datepicker control uses this format. However, Active Record seems to be expecting mm/dd/yy. If I enter 01/03/2010, this gets put in as 03 January 2010. If I enter 25/03/2010, this gets put in a null. How do I get ActiveRecord to expect Her Majesties date format?

    Read the article

  • Two part form in Rails

    - by samuel02
    I have some two nested resources, so that a Product can have many Bookings. On one page in a different controller I want to create a new booking and since it's a "general" booking I want a select menu to appear in a modal window where the user is able to pick one of the existing products and then go to the booking page. How can I do this? I have no problem setting up the modal and the "New booking" page is already there. What I need is a form that generates a list of existing products, picks the selected product id and then gets /products/:product_id/bookings/new . Any help appreciated! I realize my title does not describe my problem very good so better suggestions are highly welcome!

    Read the article

  • fields_for to stop pluralizing.

    - by Dmitriy Likhten
    I have a fields_for tag, where I specify the prefix (lets say for some good reasons), and this is supposed to represent a one-to-one relationship. I am trying to represent a relationship widget has_many thingamagigs thingamagig has_one whatchamacallit The field_for code is: fields_for "widgt[thingamagigs_attributes][][whatchamacallit_attributes]", thingamagig.whatchamacallit do |x| which generates names (wrongly): widget[thingamagigs_attributes][][whatchamacallit_attributes][][value] The better solution would be t.fields_for :whatchamacallit do |x| where t = fields_for the thingamagig... However if I do that, the following names are generated widgt[thingamagigs_attributes][whatchamacallit_attributes][] which is completely wrong as all other fields for a thingamagig is... widgt[thingamagigs_attributes][][name] So in all cases I am screwed. The original field_for using a string cannot be used with accepts_nested_attributes_for :whatchamacallit since whatchamacallit is a singular relationship and an object is expected not an array. The second fields_for will simply not work because rails cannot parse the params object correctly. Is there a way to tell the first forms_for to not add the [] after [whatchamacallit_attributes] in all field names?

    Read the article

  • how do you group select_tag and text_field_tag?

    - by Eytan
    I'm trying to build a form where a user can select an existing category, or define their own. My form looks something like this... <%= f.select :category, category_options, prompt: "Select"> <%= f.text_field :category %> However, this UI is confusing. The user can select something in the select box, and type in a custom category. In this case, the final result is not obvious. Do you guys have any recommendations on how to handle this situation?

    Read the article

  • I18n translation problem

    - by kshchepelin
    I'm about to translate all time zones to Russian and I've done such things: model: # lib/i18n_time_zone.rb class I18nTimeZone < ActiveSupport::TimeZone def self.all super.map { |z| create(z.name, z.utc_offset) } end def to_s translated_name = I18n.t(name, :scope => :timezones, :default => name) "(GMT#{formatted_offset}) #{translated_name}" end end view: <%= time_zone_select :user, :time_zone, nil, :model => I18nTimeZone %> locale file (/config/locales/ru.yml): ru: timezones: "Midway Island": "??????" "Samoa": "?????" .... But there are cases when original string includes some dots (".") Like "St. Petersburg" And I18n.t() tells me that translation is missing. How can I avoid it?

    Read the article

  • ActiveRecord find all parents that have associated children

    - by brad
    I don't know why I can't figure this out, I think it should be fairly simple. I have two models (see below). I'm trying to come up with a named scope for SupplierCategory that would find all SupplierCategory(s) (including :suppliers) who's associated Supplier(s) are not empty. I tried a straight up join, named_scope :with_suppliers, :joins => :suppliers which gives me only categories with suppliers, but it gives me each category listed separately, so if a category has 2 suppliers, i get the category twice in the returned array: Currently I'm using: named_scope :with_suppliers, :include => :suppliers and then in my view I'm using: <%= render :partial => 'category', :collection => @categories.find_all{|c| !c.suppliers.empty? } %> Not exactly eloquent but illustrates what I'm trying to achieve. Class Definitions class SupplierCategory < AR has_many :suppliers, :order => "name" end class Supplier < AR belongs_to :supplier end

    Read the article

  • why is Active Record firing extra query when I use Includes method to fetch data

    - by riddhi_agrawal
    I have the following model structure: class Group < ActiveRecord::Base has_many :group_products, :dependent => :destroy has_many :products, :through => :group_products end class Product < ActiveRecord::Base has_many :group_products, :dependent => :destroy has_many :groups, :through => :group_products end class GroupProduct < ActiveRecord::Base belongs_to :group belongs_to :product end I wanted to minimize my database queries so I decided to use includes.In the console I tried something like, groups = Group.includes(:products) my development logs show the following calls, Group Load (403.0ms) SELECT `groups`.* FROM `groups` GroupProduct Load (60.0ms) SELECT `group_products`.* FROM `group_products` WHERE (`group_products`.group_id IN (1,3,14,15,16,18,19,20,21,22,23,24,25,26,27,28,29,30,33,42,49,51)) Product Load (22.0ms) SELECT `products`.* FROM `products` WHERE (`products`.`id` IN (382,304,353,12,63,103,104,105,262,377,263,264,265,283,284,285,286,287,302,306,307,308,328,335,336,337,340,355,59,60,61,247,309,311,66,30,274,294,324,350,140,176,177,178,64,240,327,332,338,380,383,252,254,255,256,257,325,326)) Product Load (10.0ms) SELECT `products`.* FROM `products` WHERE (`products`.`id` = 377) LIMIT 1 I could analyze the initial three calls were necessary but don't get the reason why the last database call is made, Product Load (10.0ms) SELECT `products`.* FROM `products` WHERE (`products`.`id` = 377) LIMIT 1 Any idea why this is happening? Thanks in advance. :)

    Read the article

  • Update paths of already-created Paperclip attachments

    - by Horace Loeb
    I used to have this buggy Paperclip config: class Photo < ActiveRecord::Base has_attached_file :image, :storage => :s3, :styles => { :medium => "600x600>", :small => "320x320>", :thumb => "100x100#" }, :s3_credentials => "#{RAILS_ROOT}/config/s3.yml", :path => "/:style/:filename" end This is buggy because two images cannot have the same size and filename. To fix this, I changed the config to: class Photo < ActiveRecord::Base has_attached_file :image, :storage => :s3, :styles => { :medium => "600x600>", :small => "320x320>", :thumb => "100x100#" }, :s3_credentials => "#{RAILS_ROOT}/config/s3.yml", :path => "/:style/:id_:filename" end Unfortunately this breaks all URLs to attachments I've already created. How can I update those file paths or otherwise get the URLs to work?

    Read the article

  • Why is rails called a dsl?

    - by b_ayan
    Recently, when I tried to explain why Rails is a DSL to an intern at my organisation, I was not able to articulate my reasonings to the effect I would like to. Maybe I do not understand the space well enough to teach the nuances. Redirecting him to Martin Fowler' article or the google ranked one InfoQ or other material has not helped much either. Can some explain why Rails is a DSL with an example / parallel situation which is not voodoo stuff for someone who is fairly new to the world of code? Understanding the ideology might also help in elaborating the intricacies of the rails ecosystem?

    Read the article

  • Import Excel into Rails app

    - by Jack
    Hi, I am creating a small rails app for personal use and would like to be able to upload excel files to later be validated and added to the database. I had this working previously with csv files, but this has since become impractical. Does anyone know of a tutorial for using the roo or spreadsheet gem to upload the file, display the contents to the user and then add to the database (after validating)? I know this is quite specific, but I want to work through this step by step. All I have so far is an 'import' view: <% form_for :dump, :url=>{:controller=>"students", :action=>"student_import"}, :html => { :multipart => true } do |f| -%> Select an Excel File : <%= f.file_field :excel_file -%> <%= submit_tag 'Submit' -%> <% end -%> But have no idea how to access this uploaded file in the controller. Any suggestions/help would be welcomed. Thanks

    Read the article

  • NoMethodError / undefined method `foobar_path' when using form_for

    - by user1850886
    I'm using form_for to create a chatroom and when I view the page I get the following error: NoMethodError in Chatrooms#new undefined method `chatrooms_path' for #<#<Class:0xa862b94>:0xa5307f0> Here's the code for the view, located in app/views/chatrooms/new.html.erb: <div class="center"> <%= form_for(@chatroom) do |f| %> <%=f.text_field :topic%> <br> <%=f.submit "Start a discussion", class: "btn btn-large btn-primary"%> <% end %> </div> Here's the relevant controller: class ChatroomsController < ApplicationController def new @chatroom = Chatroom.new end def show @chatroom = Chatroom.find(params[:id]) end end If I change the line <%= form_for(@chatroom) do |f| %> to <%= form_for(:chatroom) do |f| %> it works fine. I've searched around for similar questions but none of the solutions have worked for me. Help?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351  | Next Page >