| #!/usr/bin/env ruby | |
| require "openssl" | |
| class BF < Struct.new(:key, :pad_with_spaces) | |
| def encrypt(str) | |
| cipher = OpenSSL::Cipher.new('bf-ecb').encrypt | |
| if pad_with_spaces | |
| str += " " until str.bytesize % 8 == 0 | |
| cipher.padding = 0 |
For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.
When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.
To allow new known fields to be added via JS, we could add:
| def remote_ip | |
| if forwarded = request.env["HTTP_X_FORWARDED_FOR"] | |
| forwarded.split(",").first | |
| elsif addr = request.env["REMOTE_ADDR"] | |
| addr | |
| end | |
| end |
| /** | |
| * Continents and Countries MySQL Tables compiled from Wikipedia, Braintree Payments documentation | |
| * and a couple other places I don't recall at the moment. This data is compatible with the Braintree | |
| * Payment API as of Dec 2011 | |
| * | |
| * Compiled by Steve Kamerman, 2011 | |
| */ | |
| SET FOREIGN_KEY_CHECKS=0; | |
| -- ---------------------------- |
| =Navigating= | |
| visit('/projects') | |
| visit(post_comments_path(post)) | |
| =Clicking links and buttons= | |
| click_link('id-of-link') | |
| click_link('Link Text') | |
| click_button('Save') | |
| click('Link Text') # Click either a link or a button | |
| click('Button Value') |
