Monthly Archives: August 2008

We have a twitter account for Rails at http://twitter.com/rails. You can follow it to receive regular updates about the framework.

Continue reading →

The official Ruby blog announces that REXML, an XML library that comes with Ruby and is heavily used by many Ruby apps (including RAils), is vulnerable to a specific type of attack that could result in a denial of service. Core Rails developer, Michael "Koz" Koziarski has posted instructions on how to work around it.

If you're running Rails 2.1.0 or later, it's very simple. Just run:

gem install rexml-expansion-fix

And then add this to your app's environment.rb file:

require 'rexml-expansion-fix'

For users of lower versions of Rails, refer to Koz's post for further information. Bear in mind that even if you don't use Rails' XML processing features, they will most likely be automatically employed by your app when it receives XML data, so get on top of this right away.

Continue reading →

DateSplicer adds the Dynarch calendar widget and a date parser to your Rails application as a fully integrated user control. Is a user friendly substitute for date_select field.

Continue reading →

Photo credit

Suppose you’re trying to be a good Rails developer and use RESTful routing wherever possible in your application. Using the ever-present blog example¹, you might implement your PostController’s index action like this:

def index
  @posts = Post.all unless request.format.rss?

  respond_to do |format|
    format.html  # render posts.html.erb
    format.xml   { render  ml => @posts }
    format.rss   { @posts = Post.all(:limit => 10,  rder => 'created_at desc') }
  end
end

In other words, for HTML and XML clients, we return all the posts, formatted accordingly. For RSS readers, we only give out the 10 most recent posts².

Without doing anything special, this url:

/posts.rss

will automatically use /app/views/posts/index.rss.rxml (which we have to write) to generate our RSS data feed.

But I Knew That Already

Ok, but suppose you’re converting an existing site, and your readers already grab your feed at this url:

/posts/feed

Now, our code won’t work. Rails will try to call the show action, using feed as an :id parameter. Not good.

At this point, the easiest thing to do is to add a custom action to your controller:

def feed
  @posts = Post.all(:limit => 10,  rder => 'created_at desc')
  # render default template
end

Rails will automatically find a template named, say, app/views/posts/feed.rxml and use it generate the feed.

But those who know me, know that I despise custom actions. Yes, once in a blue moon I have to use them. But in this situation, I prefer to use a more elegant solution: routes.

Ok, But Did You Know How To Do This?

We need to support /posts/feed as our url for RSS feeds. Remember that Rails routing allows us to route any url we want into any controller action we want. So somewhere above the map.resources :posts line in our routes.rb file, we do this³:

  map.feed 'posts/feed', :controller => 'posts', :format => 'rss'

And now if you go to /posts/feed, your glorious index action will be called and will respond as if an RSS client has made the request.

Cool, no?

¹ At our workshop, we will build something more interesting than a blog.

² We’ll also learn how to use named scopes to simplify this kind of code.

³ Even in development mode, you might have to restart your local server (mongrel or webrick or thin or whatever) to get Rails to pickup your routing changes.

Continue reading →