| Reluctantly crouched at the command line | |
| keyboards clicking and clacking in time | |
| the green bar flashes, the vim pops up | |
| churning, and burning, they yearn for server up | |
| they deftly maneuver and regex to rename | |
| fingers flying fast keyboards in flame | |
| reckless and wild, they commit and they push | |
| their prowess is potent though they sit on their tush. | |
| as they speed through the release, the deploy goes out | |
| they all get up and pour themselves stout |
| # assumes 1.9.3-p0 is already installed in RVM (1.9.2) and you are in an empty gemset | |
| curl -OL http://rubyforge.org/frs/download.php/75414/linecache19-0.5.13.gem | |
| curl -OL http://rubyforge.org/frs/download.php/75415/ruby-debug-base19-0.11.26.gem | |
| gem install rake | |
| gem install archive-tar-minitar | |
| gem install ruby_core_source | |
| gem install columnize | |
| gem install linecache19-0.5.13.gem -- --with-ruby-include="$rvm_path/src/`rvm tools strings`" | |
| gem install ruby-debug-base19-0.11.26.gem -- --with-ruby-include="$rvm_path/src/`rvm tools strings`" |
| #!/bin/bash | |
| ### BEGIN INIT INFO | |
| # Provides: APPLICATION | |
| # Required-Start: $all | |
| # Required-Stop: $network $local_fs $syslog | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: 0 1 6 | |
| # Short-Description: Start the APPLICATION unicorns at boot | |
| # Description: Enable APPLICATION at boot time. | |
| ### END INIT INFO |
For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.
When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.
To allow new known fields to be added via JS, we could add:
| class PostsController < ActionController::Base | |
| def create | |
| Post.create(post_params) | |
| end | |
| def update | |
| Post.find(params[:id]).update_attributes!(post_params) | |
| end | |
| private |
| class ActiveRecord::Base | |
| attr_accessible nil | |
| def update_attributes *args | |
| raise "Don't call #{self.class.name}#update_attributes. " + | |
| "Mass assignment is pure evil." | |
| end | |
| end |
##How Homakov hacked GitHub and the line of code that could have prevented it
Please note: THIS ARTICLE IS NOT WRITTEN BY THE GITHUB TEAM or in any way associated with them. It's simply hosted as a Gist because the markdown formatting is excellent and far clearer than anything I could manage on my personal Tumblr at peternixey.com.
If you'd like to follow me on twitter my handle is @peternixey
| # Requirements: | |
| # - The 'session' gem | |
| # - A directory called 'rgen' and the files listed with copy, in the exact places listed | |
| require 'session' | |
| def run(command) | |
| @session ||= Session::Shell.new | |
| stdout, stderr = @session.execute command | |
| puts stdout unless stdout.empty? | |
| puts stderr unless stderr.empty? |
| --colour | |
| -I app |
| #Model | |
| @user.should have(1).error_on(:username) # Checks whether there is an error in username | |
| @user.errors[:username].should include("can't be blank") # check for the error message | |
| #Rendering | |
| response.should render_template(:index) | |
| #Redirecting | |
| response.should redirect_to(movies_path) |
