Skip to content

Instantly share code, notes, and snippets.

use strict;
use warnings;
# Beauty of Math!

Proposal for Improving Mass Assignment

For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.

Sign Allowed Fields

When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.

To allow new known fields to be added via JS, we could add:

class PostsController < ActionController::Base
def create
def update
harlantwood / push_to_github.rb
Created June 15, 2012 07:27
Commit and push via Github REST API, from ruby RestClient
# Committing changes to a repo via the Github API is not entirely trivial.
# The five-step process is outlined here:
# Matt Swanson wrote a blog post translating the above steps into actual API calls:
# I was not able to find sample code for actually doing this in Ruby,
# either via the HTTP API or any of the gems that wrap the API.
# So in the hopes it will help others, here is a simple function to
piscisaureus /
Created August 13, 2012 16:12
Checkout github pull requests locally

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url =

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this: