42

Security announcement about potential SQL injection with limit().

Full details here.

Versions affected 3.0.0 to 3.0.3.

Security announcement about filtering problems on case insensitive filesystems.

Full details here

Versions affected 3.0.0 to 3.0.3

Security announcement about potential XSS problem with mail_to :encode => :javascript.

Full details here

Versions affected 2.x.x and 3.0.x

Security announcement about CSRF protection bypass.

Full details here

Affected versions 2.x.x and 3.0.x

Problem
You would like to host a new git repository in Gitorius.

Solution
Assuming that you have created your initial ruby on rails application, and you have git installed, you can follow the steps below:

1. Create a new account in Gitorious
2. Copy your public ssh key (usually in ~./ssh) to your new account in Gitorius
3. Create a new project in Gitorius (ie My Project)
4. Add a new repository in Gitorius (ie My Git Repository)
5. On your local development host initialise the git repository in your project’s directory: git init
6. Add your remote hosting repository: git remote add origin git@gitorious.org:my-project-name/my-git-repo.git
7. Add your project files: git add .
8. Do your initial commit: git commit -m "Initial commit"
9. Push your project to the Gitorious repository: git push origin master

Problem
You want to examine some big log files (ie Rails production files), on the command line in Linux but they are quite big.

Solution
You can use cat and grep to look for a specific part in the log files. You can also use grep with the A and B parameters to specify how many lines you want to include before and after the search text, but maybe you want to have chunks of the logs to examine. In that case you can use split to split them up in smaller files:

split --bytes=10M input_log_file.log [output_files_or_directory]

In that case you will be splitting your log file on size (–bytes variable), so you can decide depending on the total size of the log file how many files you want. The output files or directory is optional and if you leave it empty it will create the files in your current directory.

You can also split by the number of lines you want in each file like:

split --lines=15000 input_log_file.log [output_files_or_directory]

Problem
You are trying to use the pdfkit (here) in your rails application, and you configure it according to the configuration options for the rails 2.x in the config/environment.rb file. Although the application works, when you are trying to use the console you get the error:

no such file to load -- pdfkit (LoadError)

Solution
Make sure that:

require 'pdfkit'
in the config/environment.rb file comes after the line:

require File.join(File.dirname(__FILE__), 'boot')

Problem
New security vulnerability in nested attributes in Rails 2.3.9 and 3.0.0

Solution
More details and links to patches for upgrading here

Problem
You are trying to use shoulda with factory_girl but you are getting the above error:

NameError: uninitialized constant UserTest::Factory

Solution
Insert the following to your config/environments/test.rb
config.gem 'shoulda', :lib => 'shoulda'

install the gem with:
sudo gem install shoulda

add the following to your test/test_helper.rb
require 'factory_girl'
require "factories"

in your test use the new syntax without the underscore, as in:
should belong_to(:model)

Problem
You have installed various versions of rails (ie 3.0, 2.3.8, 2.3.5 etc). You want to create a new rails application for a specific version, and if you run rails app_name, it will create an application in the latest version you have installed.

Solution
Use the following if you want to create a specific rails (ie 2.3.8) application:

rails _2.3.8_ app_name