Ruby security vulnerabilities

Multiple arbitrary code execution vulnerabilities in Ruby have been revealed by the Apple Product Security team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being:

1.8.4 and all prior versions
1.8.5-p230 and all prior versions
1.8.6-p229 and all prior versions
1.8.7-p21 and all prior versions
1.9.0-1 and all prior versions

Upgrading to either 1.8.5-p231, 1.8.6-p230, 1.8.7-p22 or 1.9.0-2 is recommended.

Details could be found at

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities

Generate Unique ID

Here is a very simple way to generate a unique id.
[Background support : Abhishek S.]

def generate_unique_id( len )
    chars_pattern = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
    unique_id = ""
    1.upto(len) {
			|i| unique_id << chars_pattern[rand(chars_pattern.size-1)]  }
    return unique_id
end
#generates a key of length 10
mykey = generate_unique_id(10)
print mykey # gives a result like "qeKX0myIQh"

code optimization

if params[:a].nil?
  if params[:b].nil?
       "999"
  else
     params[:b]
  end
else
  params[:a]
end

the same can be written using ternary operator

@a1 = params[:a].nil? ? params[:b].nil? ? ‘999′ : params[:b] :params[:a]

But you know RoR is so powerful…..
@a1 = params[:a] ||= params[:b] ||= ‘999′
[Background support : Ashish S.]

Agile web development 3rd Edition

DHH’s Agile web development - 3rd Edition is now in the market covering RAILS 2. Hope again this will rock.

render in rails

What do you see in a browser is nothing but a response; which is a combination of header and some document data.

From where does it come? -> Through the action of some controller.

Each action results in a response,

response = headers + document content

This resonse object is generated using various types of renders/redirects. Action Controller sends content to the user by using these rendering methods.

By default, actions are rendered within the current layout (if one exists)

• AUTOMATIC RENDER

def myname
@name = “rajesh”
end

myname.rhtml ->My name is “#{@name}”

Yes this is also a type of render; an automatic rendering using instance var.

• SIMPLE RENDER

def method1
@val = 30
render :action => “method2″, :layout => “mylayout1″
return
end

> This will execute the view of method2,

> Nothing will appear as a view for method1

> there is no relation what all defined in action def method2

> Any instance var defined before this statment can be executed in the view for method2 (not in action)
means in readered view of method2.rhtml
puts @val # returns you 30
where as
def method2
puts @val # dont expecct 30 in direct way
end
> TWO render is not possible in same action, else gives error, coz control exececutes code after the render statement.

• RENDER PARTIAL

def method1
@val = 30
render :partial => “my_first_partial”
return
end

> render partial can be used in both controller as well as view, while plain render can be used in controller only
> In controller if you are using -> render :partial => “my_first_partial”
Layout will be lost of the current method i.e method1; But if you want to preserve it use layout as true
render :partial => “my_first_partial”, :layout => ‘true’
> If you are using it in view then layout of method1 will be preserved.

> instance var is well accessible in partial file, but if you want to pass the local var, then must use locals
render :partial => “my_first_partial” , :locals => {:q => 90}

• RENDERING TEXT

render :text => “hello”, :layout => true
render :inline => “<%= ‘hello, ‘ * 3 + ‘again’ %>”, :layout => true

• REDIRECTS_TO

redirect_to refers the method while render seeks you to the corresponding view.
You cant have these two together without any conditional statment.

RENDER -> populates a VIEW

REDIRECT -> hammers an ACTION

[Background support : Himanshu P.]