Skip to content

Instantly share code, notes, and snippets.

View rsierra's full-sized avatar
🏠
Working from home

Ruben Sierra rsierra

🏠
Working from home
29 followers · 12 following
  • Pamplona, Spain
View GitHub Profile
@rsierra
rsierra / availability.rb
Created September 23, 2011 18:35
Modelo de disponibilidades
class Availability < ActiveRecord::Base
DEFAULT_RENT = "General"
MINIMUM_MINUTES_DURATION = 90
MINIMUN_HOURS_MARGIN = 1
MINIMUN_MINUTES_SEGMENT = 15
belongs_to :rent
belongs_to :carpark
validates_associated :carpark
@rsierra
rsierra / rawclone_bundler.rb
Last active September 28, 2015 06:38
Script para generar el Gemfile de bundler a partir de un 'gem list'
#!/usr/bin/env ruby
# So you want to start developing an already "woking" project. No
# bundle, config.gem's not present or messing up dependencies. Fear
# not!
# Do a "gem list" wherever the project is already working
# (production?, some colleage machine?). Make a file with this format:
#
# chronic (0.2.3)
# colored (1.1)
@rsierra
rsierra / Default (OSX).sublime-keymap
Created December 2, 2011 11:13
Sublide Text File Settings User (in ~/Library/Application Support/Sublime Text 2/Packages/User)
// Preferences -> Key Bindings - User
[
// Key for ERB Insert and Toggle Commands package
{ "keys": ["ctrl+shift+<"], "command": "erb" }
]
@rsierra
rsierra / gmaps4rails2_hack.rb
Created December 26, 2011 14:57
Hack to use gmaps4rails acts_as_gmappable with rails 2
module Gmaps4rails
module ActsAsGmappable
def self.included(base)
base.extend ClassMethods
end
module InstanceMethods
# This is a before_filter to trigger the geocoding and save its results
@rsierra
rsierra / .rdebugrc
Created February 28, 2012 17:09
Configuración para ruby-debug
set autolist
set autoeval
set autoreload
@rsierra
rsierra / sql_injection_patch_for_rails_2_1_series.rb
Created June 13, 2012 11:17
Patch for Ruby on Rails 2.1.x SQL Injection (CVE-2012-2695)
# Adapted patch for CVE-2012-2695 Ruby on Rails SQL Injection for rails 2.1.x versinos
# http://seclists.org/oss-sec/2012/q2/att-504/2-3-sql-injection.patch
# 1- Drop it at your_app/config/initializers/
# 2- Remember to pass your tests/specs
# 3- Profit!
module ActiveRecord
class Base
class << self
@rsierra
rsierra / 1ST README.md
Last active December 11, 2015 21:38
Rails < 2.3 patch for CVE-2013-0333 vulnerability

Rails < 2.3 patch for CVE-2013-0333 vulnerability:

  • Add CVE-2013-0333_patch.rb in '/config/initializers' directory.
  • Add okjson.rb in '/lib' directory.

To test the parser, try to decode with a bad formatted json: (I don't know if it's the best test, but you check if you are using the json parser in the rails 2.3 official patch)

  • In console, before patch:
@rsierra
rsierra / 1ST README.md
Last active December 13, 2015 16:49
Rails <= 2.3 patch for CVE-2013-0269, CVE-2013-0276 and CVE-2013-0277 vulnerabilities

Rails <= 2.3 patch for CVE-2013-0269, CVE-2013-0276 and CVE-2013-0277 vulnerabilities

Extracted from official patchs.

  • Add files in '/config/initializers' directory.

To test the JSON parser (CVE-2013-0269), try to parse a malicious json:

  • In console, before patch:
@rsierra
rsierra / 1ST README.md
Last active December 16, 2015 13:49
Multiple params assignment and dates with multiparams

Simple class multiassignment

Module to use similar model multiple params assignment and dates with multiparams (params["date(1i)"], params["date(2i)"], params["date(3i)"]) in a non ActiveModel class.

class Sample
  include ActiveModel::Multiassignment

  attr_accessor :name, :date
 multiparameter_dates :date
@rsierra
rsierra / .powrc
Created January 13, 2014 11:33
Pow config with rvm 1.24.4
if [ -f "$rvm_path/scripts/rvm" ] && [ -f ".ruby-version" ]; then
source "$rvm_path/scripts/rvm"
if [ -f ".ruby-gemset" ]; then
rvm use `cat .ruby-version`@`cat .ruby-gemset`
else
rvm use `cat .ruby-version`
fi
fi