Posted by Daniel Butler Thu, 07 Sep 2006 01:00:00 GMT
You'll like this code:
... and CriteriaQuery brings it to you (via Max Muermann) as a Ruby on Rails plugin. Head to the README for some useful examples, like this awkward beauty:
Neat, huh?
CriteriaQuery Plugin Documentation Page
Ruby Plugins Directory Entry
Posted by Daniel Butler Wed, 06 Sep 2006 23:32:00 GMT
Sébastien Gruhier of Carquefou, France, a new Rails convert (after 13 years of C++/Java) has provided a handy Prototype/Scriptaculous Carousel component, which does not use any Yahoo User Interface JavaScript components. A carousel component allows you to view a window into a image stream, with forward and reverse buttons that allow you to navigate through the images.
Yahoo's page describes the component:
The carousel component manages a list of content (HTML UL and LI elements) that can be displayed horizontally or vertically. The content can be scrolled back and forth with or without animation. The content can reference static HTML content or the list items can be created dynamically on-the-fly (with or without Ajax).
The current version supports both static and Ajax content.
Prototype Carousel Component Home Page
Original Carousel Component Documentation
Posted by Daniel Butler Wed, 30 Aug 2006 22:00:00 GMT
A new design for ruby-lang.org is coming, and it's very Web 2.0. Sweet.
Posted by Daniel Butler Wed, 30 Aug 2006 21:45:00 GMT
Kevin Clark of San Diego has posted an article describing several deprecated features of Rails--thing you should fix now or they'll break later. Quickly, they are:
find_all and find_firstI don't completely agree with all of Kevin's findings, but you should at least view the article to be aware of some of the problems that you might encounter using these less than best practices features.
Posted by Daniel Butler Wed, 30 Aug 2006 11:01:00 GMT
Brian Ellin of Portland, Oregon, warns us of "assumed logged in" attacks, which are cross-site attacks in which another site carefully crafts a URL that opens in a hidden frame which performs a destructive action on a different site that you are assumed to have been logged in to. His solution: the secure-action-plugin. He describes the problem and the solution:
In an assumed logged in attack, a malicious site assumes the visitor is logged into your site. The malicious site manually crafts a URL to a destructive action on your site (change email, delete account, etc.) and opens the URL to that action in a hidden iframe. The browser then sends the user’s cookies and actions may be performed on your user’s behalf without them ever knowing. This technique may be used to steal accounts, inject or delete account data, or perform other malicious actions.
The plugin works by overriding ActionController.url_for and adding a signature of the user’s session_id and some salt to URL query strings. By adding a sig that includes the user’s session_id, it makes it impossible to for malicious sites to create URLs that will work on your site for anyone but themselves. The signature is verified before a secure action is executed.
Until now, I had not conceived of this type of attack. Thanks, Brian.
Secure Action on the Rails Wiki Page
Plugin Home Page
Ruby Plugins Directory Entry
Posted by Daniel Butler Tue, 29 Aug 2006 14:22:00 GMT
Craig Ambrose, an Aussie from Melbourne, has announced the RedBox Plugin for Ruby on Rails. He writes,
I've written a little plugin to use for displaying a block of html over a page while fading out the background. This is like the lightbox.js library, and all it's related offshoots (thickbox, greybox, etc.). My plugin, Redbox, is not really any better than these others (in fact, it's less mature, and less tested), but it builds on prototype and scriptaculous, is available as a rails plugin, provides easy to use helpers, and unlike the other libraries, works very well with rails' ajax functionality.
Looks nice, and it's easy to use. Thanks, Craigh.
Posted by Daniel Butler Thu, 17 Aug 2006 17:58:00 GMT
Josh Goebel and Rick Olsen are working on Beast, a "small, light-weight forum in Rails with a scary name and a goal of around 500 lines of code when we're done." Beast is not mature yet, but forums is one application domain that is sorely lacking in the RoR world, and it's good to see people working on innovative applications. phpBB is difficult to maintain, modify, and full of security holes, and I've been searching for a better alternative, perhaps even going so far as to start writing my own forum system.
So far, RForum (stuck at version 0.2 since December 2005) looks like the most mature forum application available for Rails, and it comes complete with email gateway functionality, but hopefully other forum applications will start populating the thriving ecosystem.
