Skip to content

Instantly share code, notes, and snippets.

View wxianfeng's full-sized avatar
🎯
Focusing

xianfeng wang wxianfeng

🎯
Focusing
53 followers · 83 following
View GitHub Profile
@nightire
nightire / Changes in Rails 4_1.md
Last active May 11, 2022 04:50
拥抱 Rails 4 —— 详述 Rails 4 的新变化

Routes

小心地使用 Match(Rails 3 已实现)

Rails 3 提供了 match 方法供我们自定义 routes,然而我们要小心使用它以避免“跨站脚本攻击”(XSS Attack)。比如像这样的 routes:

注:(r3 代表 Rails 3,r4 代表 Rails 4)

# routes.rb
@vincenting
vincenting / client.py
Last active February 5, 2021 06:42
微信公共平台脚本
# coding=utf-8
__author__ = 'Vincent Ting'
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'Vincent Ting'
import cookielib
import urllib2
@kreeger
kreeger / surrogate.rb
Last active September 5, 2021 08:18
Converts a number into a UTF16 surrogate pair.
#!/usr/bin/env ruby
require 'fileutils'
require 'debugger'
class Fixnum
def to_surrogate_pair
if self >= 0x10000 && self <= 0x10FFFF
high = ((self - 0x10000) / 0x400).floor + 0xD800
low = ((self - 0x10000) % 0x400) + 0xDC00
@ctalkington
ctalkington / Gemfile
Last active May 16, 2023 20:19
Nginx, Sinatra, and Puma.
source :rubygems
gem "puma"
gem "sinatra"
@sferik
sferik / install-ruby-2.0.0.sh
Created November 5, 2012 02:28
Instructions to install on Ruby 2.0.0 on Mac OS X with homebrew
#!/usr/bin/env sh
brew update
brew install rbenv
brew install ruby-build
brew install openssl
CONFIGURE_OPTS=--with-openssl-dir=`brew --prefix openssl` rbenv install 2.0.0-preview1
@paulmillr
paulmillr / active.md
Last active April 23, 2024 17:32
Most active GitHub users (by contributions). http://twitter.com/paulmillr

Most active GitHub users (git.io/top)

The count of contributions (summary of Pull Requests, opened issues and commits) to public repos at GitHub.com from Wed, 21 Sep 2022 till Thu, 21 Sep 2023.

Only first 1000 GitHub users according to the count of followers are taken. This is because of limitations of GitHub search. Sorting algo in pseudocode:

githubUsers
 .filter(user =&gt; user.followers &gt; 1000)
@makotoworld
makotoworld / cyclone.py
Created April 17, 2012 01:40
flask deploy tornado
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from tornado.wsgi import WSGIContainer
from tornado.ioloop import IOLoop
from tornado.web import FallbackHandler, RequestHandler, Application
from wsgi import app
class MainHandler(RequestHandler):
def get(self):
@troelskn
troelskn / app.rb
Last active August 12, 2021 17:25 — forked from dstrelau/app.rb
Gollum protected by HTTP Basic
require 'gollum/frontend/app'
require 'digest/sha1'
class App < Precious::App
User = Struct.new(:name, :email, :password_hash, :can_write)
before { authenticate! }
before /^\/(edit|create|delete|livepreview|revert)/ do authorize_write! ; end
helpers do
@dhh
dhh / gist:1975644
Created March 5, 2012 00:32
class PostsController < ActionController::Base
def create
Post.create(post_params)
end
def update
Post.find(params[:id]).update_attributes!(post_params)
end
private
@wycats
wycats / security.md
Created March 4, 2012 18:06

Proposal for Improving Mass Assignment

For a while, I have felt that the following is the correct way to improve the mass assignment problem without increasing the burden on new users. Now that the problem with the Rails default has been brought up again, it's a good time to revisit it.

Sign Allowed Fields

When creating a form with form_for, include a signed token including all of the fields that were created at form creation time. Only these fields are allowed.

To allow new known fields to be added via JS, we could add: