mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
[ci skip] Use plain underscore instead of "\_".
This commit is contained in:
parent
0bccde963c
commit
982a19edc9
4 changed files with 5 additions and 5 deletions
|
@ -294,7 +294,7 @@ NOTE. The old style `map` commands still work as before with a backwards compati
|
|||
Deprecations
|
||||
|
||||
* The catch all route for non-REST applications (`/:controller/:action/:id`) is now commented out.
|
||||
* Routes :path\_prefix no longer exists and :name\_prefix now automatically adds "\_" at the end of the given value.
|
||||
* Routes `:path_prefix` no longer exists and `:name_prefix` now automatically adds "_" at the end of the given value.
|
||||
|
||||
More Information:
|
||||
* [The Rails 3 Router: Rack it Up](http://yehudakatz.com/2009/12/26/the-rails-3-router-rack-it-up/)
|
||||
|
|
|
@ -187,7 +187,7 @@ Action Pack
|
|||
|
||||
Rails will use `layouts/single_car` when a request comes in `:show` action, and use `layouts/application` (or `layouts/cars`, if exists) when a request comes in for any other actions.
|
||||
|
||||
* `form\_for` is changed to use `#{action}\_#{as}` as the css class and id if `:as` option is provided. Earlier versions used `#{as}\_#{action}`.
|
||||
* `form_for` is changed to use `#{action}_#{as}` as the css class and id if `:as` option is provided. Earlier versions used `#{as}_#{action}`.
|
||||
|
||||
* `ActionController::ParamsWrapper` on Active Record models now only wrap `attr_accessible` attributes if they were set. If not, only the attributes returned by the class method `attribute_names` will be wrapped. This fixes the wrapping of nested attributes by adding them to `attr_accessible`.
|
||||
|
||||
|
|
|
@ -571,7 +571,7 @@ If you create an association some time after you build the underlying model, you
|
|||
|
||||
If you create a `has_and_belongs_to_many` association, you need to explicitly create the joining table. Unless the name of the join table is explicitly specified by using the `:join_table` option, Active Record creates the name by using the lexical order of the class names. So a join between customer and order models will give the default join table name of "customers_orders" because "c" outranks "o" in lexical ordering.
|
||||
|
||||
WARNING: The precedence between model names is calculated using the `<` operator for `String`. This means that if the strings are of different lengths, and the strings are equal when compared up to the shortest length, then the longer string is considered of higher lexical precedence than the shorter one. For example, one would expect the tables "paper\_boxes" and "papers" to generate a join table name of "papers\_paper\_boxes" because of the length of the name "paper\_boxes", but it in fact generates a join table name of "paper\_boxes\_papers" (because the underscore '\_' is lexicographically _less_ than 's' in common encodings).
|
||||
WARNING: The precedence between model names is calculated using the `<` operator for `String`. This means that if the strings are of different lengths, and the strings are equal when compared up to the shortest length, then the longer string is considered of higher lexical precedence than the shorter one. For example, one would expect the tables "paper_boxes" and "papers" to generate a join table name of "papers_paper_boxes" because of the length of the name "paper_boxes", but it in fact generates a join table name of "paper_boxes_papers" (because the underscore '_' is lexicographically _less_ than 's' in common encodings).
|
||||
|
||||
Whatever the name, you must manually generate the join table with an appropriate migration. For example, consider these associations:
|
||||
|
||||
|
|
|
@ -151,7 +151,7 @@ The most effective countermeasure is to _issue a new session identifier_ and dec
|
|||
reset_session
|
||||
```
|
||||
|
||||
If you use the popular RestfulAuthentication plugin for user management, add reset\_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
|
||||
If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, _you have to transfer them to the new session_.
|
||||
|
||||
Another countermeasure is to _save user-specific properties in the session_, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. _These might change over the course of a session_, so these users will not be able to use your application, or only in a limited way.
|
||||
|
||||
|
@ -314,7 +314,7 @@ def sanitize_filename(filename)
|
|||
end
|
||||
```
|
||||
|
||||
A significant disadvantage of synchronous processing of file uploads (as the attachment\_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
|
||||
A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its _vulnerability to denial-of-service attacks_. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.
|
||||
|
||||
The solution to this is best to _process media files asynchronously_: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background.
|
||||
|
||||
|
|
Loading…
Reference in a new issue