Skip to content

Instantly share code, notes, and snippets.

View rsierra's full-sized avatar
🏠
Working from home

Ruben Sierra rsierra

🏠
Working from home
34 followers · 12 following
  • Pamplona, Spain
View GitHub Profile
@rsierra
rsierra / keybase.md
Created October 5, 2017 22:07

Keybase proof

I hereby claim:

  • I am rsierra on github.
  • I am maguilag (https://keybase.io/maguilag) on keybase.
  • I have a public key ASCtAwIhv_ptYAJYUjHMK68lREQu6PIrUb7WgRRXFM4Rego

To claim this, I am signing this object:

@rsierra
rsierra / en.yml
Created January 26, 2016 18:06
RoR: Lock values validation
en:
errors:
messages:
lock: can't be changed
@rsierra
rsierra / .powrc
Created January 13, 2014 11:33
Pow config with rvm 1.24.4
if [ -f "$rvm_path/scripts/rvm" ] && [ -f ".ruby-version" ]; then
source "$rvm_path/scripts/rvm"
if [ -f ".ruby-gemset" ]; then
rvm use `cat .ruby-version`@`cat .ruby-gemset`
else
rvm use `cat .ruby-version`
fi
fi
@rsierra
rsierra / 1ST README.md
Last active December 16, 2015 13:49
Multiple params assignment and dates with multiparams

Simple class multiassignment

Module to use similar model multiple params assignment and dates with multiparams (params["date(1i)"], params["date(2i)"], params["date(3i)"]) in a non ActiveModel class.

class Sample
  include ActiveModel::Multiassignment

  attr_accessor :name, :date
 multiparameter_dates :date
@rsierra
rsierra / 1ST README.md
Last active December 13, 2015 16:49
Rails <= 2.3 patch for CVE-2013-0269, CVE-2013-0276 and CVE-2013-0277 vulnerabilities

Rails <= 2.3 patch for CVE-2013-0269, CVE-2013-0276 and CVE-2013-0277 vulnerabilities

Extracted from official patchs.

  • Add files in '/config/initializers' directory.

To test the JSON parser (CVE-2013-0269), try to parse a malicious json:

  • In console, before patch:
@rsierra
rsierra / 1ST README.md
Last active December 11, 2015 21:38
Rails < 2.3 patch for CVE-2013-0333 vulnerability

Rails < 2.3 patch for CVE-2013-0333 vulnerability:

  • Add CVE-2013-0333_patch.rb in '/config/initializers' directory.
  • Add okjson.rb in '/lib' directory.

To test the parser, try to decode with a bad formatted json: (I don't know if it's the best test, but you check if you are using the json parser in the rails 2.3 official patch)

  • In console, before patch:
@rsierra
rsierra / sql_injection_patch_for_rails_2_1_series.rb
Created June 13, 2012 11:17
Patch for Ruby on Rails 2.1.x SQL Injection (CVE-2012-2695)
# Adapted patch for CVE-2012-2695 Ruby on Rails SQL Injection for rails 2.1.x versinos
# http://seclists.org/oss-sec/2012/q2/att-504/2-3-sql-injection.patch
# 1- Drop it at your_app/config/initializers/
# 2- Remember to pass your tests/specs
# 3- Profit!
module ActiveRecord
class Base
class << self
@rsierra
rsierra / .rdebugrc
Created February 28, 2012 17:09
Configuración para ruby-debug
set autolist
set autoeval
set autoreload
@rsierra
rsierra / gmaps4rails2_hack.rb
Created December 26, 2011 14:57
Hack to use gmaps4rails acts_as_gmappable with rails 2
module Gmaps4rails
module ActsAsGmappable
def self.included(base)
base.extend ClassMethods
end
module InstanceMethods
# This is a before_filter to trigger the geocoding and save its results
@rsierra
rsierra / Default (OSX).sublime-keymap
Created December 2, 2011 11:13
Sublide Text File Settings User (in ~/Library/Application Support/Sublime Text 2/Packages/User)
// Preferences -> Key Bindings - User
[
// Key for ERB Insert and Toggle Commands package
{ "keys": ["ctrl+shift+<"], "command": "erb" }
]