Tuesday, May 21, 2013
On Monday, May 20, 2013 11:19:40 PM UTC-4, Ruby-Forum.com User wrote:
Robert Walker wrote in post #1109609:
> For future reference this is one of those times that fighting Rails
> conventions makes your life more difficult as a Rails developer.
I've done quite a few apps with non-numeric IDs w/o problems until now.
Apparently I never needed to scope a list (?) or the originall DHH one
didn't have this problem maybe?
> If you really want to fix the problem the I suggest you fork the
> acts_as_list repository and fix the bug there...
hmm...
https://github.com/swanandp/acts_as_list/pull/69
So, awareness, but no fix yet.
Frederick Cheung wrote in post #1109627:
> This feels like it should work though - scope is not necessarily a
> foreign
> key column (it could easily be a status column for example
> (open/closed/etc)), so it should work with string valued columns. Also
> anything which allows an unquoted, user controllable string into an SQL
> query is a potential security problem
That's what I was thinking. Though my (probably incomplete) efforts to
inject some quotes have failed.
Anyway, I guess I'll hack at my local copy and see what I come up
with...
Thanks to both
-- gw
--
Posted via http://www.ruby-forum.com/.
The position column in the mapped table needs to be an integer. See:
github.com/rails/acts_as_list
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/3875f1e1-bbfb-4a58-90e6-129deef0ac47%40googlegroups.com?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment