Skip to content
This repository
Browse code

Merge branch 'master' of github.com:rails/docrails

  • Loading branch information...
commit 33434f69c44d622b760eca78c5631dfce8c4ad54 2 parents fa91546 + e2a7dbf
Vijay Dev vijaydev authored
4 actionmailer/README.rdoc
Source Rendered
@@ -61,9 +61,7 @@ generated would look like this:
61 61
62 62 Thank you for signing up!
63 63
64   -In previous versions of Rails you would call <tt>create_method_name</tt> and
65   -<tt>deliver_method_name</tt>. Rails 3.0 has a much simpler interface - you
66   -simply call the method and optionally call +deliver+ on the return value.
  64 +In order to send mails, you simply call the method and then call +deliver+ on the return value.
67 65
68 66 Calling the method returns a Mail Message object:
69 67
2  actionpack/lib/action_dispatch/routing/url_for.rb
@@ -20,7 +20,7 @@ module Routing
20 20 #
21 21 # <%= link_to('Click here', controller: 'users',
22 22 # action: 'new', message: 'Welcome!') %>
23   - # # => "/users/new?message=Welcome%21"
  23 + # # => <a href="/users/new?message=Welcome%21">Click here</a>
24 24 #
25 25 # link_to, and all other functions that require URL generation functionality,
26 26 # actually use ActionController::UrlFor under the hood. And in particular,
2  activerecord/lib/active_record/relation/batches.rb
@@ -34,7 +34,7 @@ module Batches
34 34 # between id 0 and 10,000 and worker 2 handle from 10,000 and beyond
35 35 # (by setting the +:start+ option on that worker).
36 36 #
37   - # # Let's process for a batch of 2000 records, skiping the first 2000 rows
  37 + # # Let's process for a batch of 2000 records, skipping the first 2000 rows
38 38 # Person.find_each(start: 2000, batch_size: 2000) do |person|
39 39 # person.party_all_night!
40 40 # end
2  guides/source/active_record_querying.md
Source Rendered
@@ -1189,7 +1189,7 @@ class Post < ActiveRecord::Base
1189 1189 end
1190 1190 ```
1191 1191
1192   -This may then be called using this:
  1192 +Call the scope as if it were a class method:
1193 1193
1194 1194 ```ruby
1195 1195 Post.created_before(Time.zone.now)
59 guides/source/active_support_core_extensions.md
Source Rendered
@@ -96,12 +96,13 @@ INFO: The predicate for strings uses the Unicode-aware character class `[:space:
96 96
97 97 WARNING: Note that numbers are not mentioned. In particular, 0 and 0.0 are **not** blank.
98 98
99   -For example, this method from `ActionDispatch::Session::AbstractStore` uses `blank?` for checking whether a session key is present:
  99 +For example, this method from `ActionController::HttpAuthentication::Token::ControllerMethods` uses `blank?` for checking whether a token is present:
100 100
101 101 ```ruby
102   -def ensure_session_key!
103   - if @key.blank?
104   - raise ArgumentError, 'A key is required...'
  102 +def authenticate(controller, &login_procedure)
  103 + token, options = token_and_options(controller.request)
  104 + unless token.blank?
  105 + login_procedure.call(token, options)
105 106 end
106 107 end
107 108 ```
@@ -1999,7 +2000,7 @@ Produce a string representation of a number in human-readable words:
1999 2000 1234567890123456.to_s(:human) # => "1.23 Quadrillion"
2000 2001 ```
2001 2002
2002   -NOTE: Defined in `active_support/core_ext/numeric/formatting.rb`.
  2003 +NOTE: Defined in `active_support/core_ext/numeric/conversions.rb`.
2003 2004
2004 2005 Extensions to `Integer`
2005 2006 -----------------------
@@ -2444,7 +2445,7 @@ dup[1][2] = 4
2444 2445 array[1][2] == nil # => true
2445 2446 ```
2446 2447
2447   -NOTE: Defined in `active_support/core_ext/array/deep_dup.rb`.
  2448 +NOTE: Defined in `active_support/core_ext/object/deep_dup.rb`.
2448 2449
2449 2450 ### Grouping
2450 2451
@@ -2670,45 +2671,7 @@ hash[:b][:e] == nil # => true
2670 2671 hash[:b][:d] == [3, 4] # => true
2671 2672 ```
2672 2673
2673   -NOTE: Defined in `active_support/core_ext/hash/deep_dup.rb`.
2674   -
2675   -### Diffing
2676   -
2677   -The method `diff` returns a hash that represents a diff of the receiver and the argument with the following logic:
2678   -
2679   -* Pairs `key`, `value` that exist in both hashes do not belong to the diff hash.
2680   -
2681   -* If both hashes have `key`, but with different values, the pair in the receiver wins.
2682   -
2683   -* The rest is just merged.
2684   -
2685   -```ruby
2686   -{a: 1}.diff(a: 1)
2687   -# => {}, first rule
2688   -
2689   -{a: 1}.diff(a: 2)
2690   -# => {:a=>1}, second rule
2691   -
2692   -{a: 1}.diff(b: 2)
2693   -# => {:a=>1, :b=>2}, third rule
2694   -
2695   -{a: 1, b: 2, c: 3}.diff(b: 1, c: 3, d: 4)
2696   -# => {:a=>1, :b=>2, :d=>4}, all rules
2697   -
2698   -{}.diff({}) # => {}
2699   -{a: 1}.diff({}) # => {:a=>1}
2700   -{}.diff(a: 1) # => {:a=>1}
2701   -```
2702   -
2703   -An important property of this diff hash is that you can retrieve the original hash by applying `diff` twice:
2704   -
2705   -```ruby
2706   -hash.diff(hash2).diff(hash2) == hash
2707   -```
2708   -
2709   -Diffing hashes may be useful for error messages related to expected option hashes for example.
2710   -
2711   -NOTE: Defined in `active_support/core_ext/hash/diff.rb`.
  2674 +NOTE: Defined in `active_support/core_ext/object/deep_dup.rb`.
2712 2675
2713 2676 ### Working with Keys
2714 2677
@@ -3843,13 +3806,13 @@ def default_helper_module!
3843 3806 module_path = module_name.underscore
3844 3807 helper module_path
3845 3808 rescue MissingSourceFile => e
3846   - raise e unless e.is_missing? "#{module_path}_helper"
  3809 + raise e unless e.is_missing? "helpers/#{module_path}_helper"
3847 3810 rescue NameError => e
3848 3811 raise e unless e.missing_name? "#{module_name}Helper"
3849 3812 end
3850 3813 ```
3851 3814
3852   -NOTE: Defined in `active_support/core_ext/name_error.rb`.
  3815 +NOTE: Defined in `actionpack/lib/abstract_controller/helpers.rb`.
3853 3816
3854 3817 Extensions to `LoadError`
3855 3818 -------------------------
@@ -3872,4 +3835,4 @@ rescue NameError => e
3872 3835 end
3873 3836 ```
3874 3837
3875   -NOTE: Defined in `active_support/core_ext/load_error.rb`.
  3838 +NOTE: Defined in `actionpack/lib/abstract_controller/helpers.rb`.
2  guides/source/command_line.md
Source Rendered
@@ -385,7 +385,7 @@ Active Record version 4.0.0
385 385 Action Pack version 4.0.0
386 386 Action Mailer version 4.0.0
387 387 Active Support version 4.0.0
388   -Middleware Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007ffd131a7c88>, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::EncryptedCookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::Head, Rack::ConditionalGet, Rack::ETag
  388 +Middleware Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007ffd131a7c88>, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::Head, Rack::ConditionalGet, Rack::ETag
389 389 Application root /home/foobar/commandsapp
390 390 Environment development
391 391 Database adapter sqlite3
6 guides/source/configuring.md
Source Rendered
@@ -273,6 +273,12 @@ config.middleware.delete "Rack::MethodOverride"
273 273
274 274 * `config.active_record.cache_timestamp_format` controls the format of the timestamp value in the cache key. Default is `:number`.
275 275
  276 +* `config.active_record.record_timestamps` is a boolean value which controls whether or not timestamping of `create` and `update` operations on a model occur. The default value is `true`.
  277 +
  278 +* `config.active_record.partial_writes` is a boolean value and controls whether or not partial writes are used (i.e. whether updates only set attributes that are dirty). Note that when using partial writes, you should also use optimistic locking `config.active_record.lock_optimistically` since concurrent updates may write attributes based on a possibly stale read state. The default value is `true`.
  279 +
  280 +* `config.active_record.attribute_types_cached_by_default` sets the attribute types that `ActiveRecord::AttributeMethods` will cache by default on reads. The default is `[:datetime, :timestamp, :time, :date]`.
  281 +
276 282 The MySQL adapter adds one additional configuration option:
277 283
278 284 * `ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans` controls whether Active Record will consider all `tinyint(1)` columns in a MySQL database to be booleans and is true by default.
2  guides/source/getting_started.md
Source Rendered
@@ -1134,7 +1134,7 @@ appear next to the "Show" link:
1134 1134 <tr>
1135 1135 <td><%= post.title %></td>
1136 1136 <td><%= post.text %></td>
1137   - <td><%= link_to 'Show', post %></td>
  1137 + <td><%= link_to 'Show', post_path(post) %></td>
1138 1138 <td><%= link_to 'Edit', edit_post_path(post) %></td>
1139 1139 </tr>
1140 1140 <% end %>
6 guides/source/security.md
Source Rendered
@@ -290,7 +290,7 @@ NOTE: _Make sure file uploads don't overwrite important files, and process media
290 290
291 291 Many web applications allow users to upload files. _File names, which the user may choose (partly), should always be filtered_ as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like "../../../etc/passwd", it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so - one more reason to run web servers, database servers and other programs as a less privileged Unix user.
292 292
293   -When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master:)
  293 +When filtering user input file names, _don't try to remove malicious parts_. Think of a situation where the web application removes all "../" in a file name and an attacker uses a string such as "....//" - the result will be "../". It is best to use a whitelist approach, which _checks for the validity of a file name with a set of accepted characters_. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the [attachment_fu plugin](https://github.com/technoweenie/attachment_fu/tree/master):
294 294
295 295 ```ruby
296 296 def sanitize_filename(filename)
@@ -447,7 +447,7 @@ Here are some ideas how to hide honeypot fields by JavaScript and/or CSS:
447 447
448 448 The most simple negative CAPTCHA is one hidden honeypot field. On the server side, you will check the value of the field: If it contains any text, it must be a bot. Then, you can either ignore the post or return a positive result, but not saving the post to the database. This way the bot will be satisfied and moves on. You can do this with annoying users, too.
449 449
450   -You can find more sophisticated negative CAPTCHAs in Ned Batchelder's [blog post](http://nedbatchelder.com/text/stopbots.html:)
  450 +You can find more sophisticated negative CAPTCHAs in Ned Batchelder's [blog post](http://nedbatchelder.com/text/stopbots.html):
451 451
452 452 * Include a field with the current UTC time-stamp in it and check it on the server. If it is too far in the past, or if it is in the future, the form is invalid.
453 453 * Randomize the field names
@@ -760,7 +760,7 @@ The following is an excerpt from the [Js.Yamanner@m](http://www.symantec.com/sec
760 760
761 761 The worms exploits a hole in Yahoo's HTML/JavaScript filter, which usually filters all target and onload attributes from tags (because there can be JavaScript). The filter is applied only once, however, so the onload attribute with the worm code stays in place. This is a good example why blacklist filters are never complete and why it is hard to allow HTML/JavaScript in a web application.
762 762
763   -Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details on [Rosario Valotta's paper](http://www.xssed.com/article/9/Paper_A_PoC_of_a_cross_webmail_worm_XWW_called_Njuda_connection/). Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with.
  763 +Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details on [Rosario Valotta's paper](http://www.xssed.com/news/37/Nduja_Connection_A_cross_webmail_worm_XWW/). Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with.
764 764
765 765 In December 2006, 34,000 actual user names and passwords were stolen in a [MySpace phishing attack](http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html). The idea of the attack was to create a profile page named "login_home_index_html", so the URL looked very convincing. Specially-crafted HTML and CSS was used to hide the genuine MySpace content from the page and instead display its own login form.
766 766
2  guides/source/upgrading_ruby_on_rails.md
Source Rendered
@@ -339,7 +339,7 @@ config.assets.js_compressor = :uglifier
339 339
340 340 ### sass-rails
341 341
342   -* `asset_url` with two arguments is deprecated. For example: `asset-url("rails.png", image)` becomes `asset-url("rails.png")`
  342 +* `asset-url` with two arguments is deprecated. For example: `asset-url("rails.png", image)` becomes `asset-url("rails.png")`
343 343
344 344 Upgrading from Rails 3.1 to Rails 3.2
345 345 -------------------------------------

0 comments on commit 33434f6

Please sign in to comment.
Something went wrong with that request. Please try again.