Bring up to date rails, minitest #17
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Rails 4 was failing with this message: "The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?
AFAIK, CAST AS DECIMAL will work across SQLite, MySQL, Postgres #11
^ and $ match lines. \A and \z match the start and end of the string. This prevents an error in Rails 5 (and possibly earlier).
This has different syntax compared to SQLite.
This requires two changes: 1. Cast to the integer type (rather than unsigned) 2. Convert anything that doesn't come out of the first replace as a series of digits to '0'. This catches the case of the first slug with no numeric suffix.
Instead of failing, we'll default to the name of the class, so that there is always a usable slug.
Before:
"foo bar" => "foo-bar"
"foo" => "foo-1"
"foo" => "foo-1" /!\ Error /!\
After
"foo bar" => "foo-bar"
"foo" => "foo"
"foo" => "foo-1"
Update gems for security flaws
There are several improvements in this branch from @ambit-contacts which we incorporate here: - add a generic default option vs. throwing an exception when source column generates an empty slug (we made this optional; some might prefer to get the exception) - additional test for partial matches In addition: - reduce number of gem dependencies - dry-up some of the test setup - use explicit vs. implicit validation methods - a tiny bit of trailing whitespace cleanup
|
These are all great contributions! Should've done this a long time ago, but will go ahead and merge back to master. |
This was referenced Nov 11, 2018
Closed
Closed
|
Ben: This is so cool that you brought-in this work. Thank you very much. Thank you for this great gem. Doug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a mixed bag because I merged some of the improvements from others, for which I think we already have pull requests.
In addition, I ditched rcov and jeweler (but didn't use the bundler method to infer Gemfile from gemspec)
And this computes a unique slug by a more portable method. PostgreSQL wants
CAST ... AS INTEGER. MySQL wantsCAST ... AS UNSIGNED. And there were a lot of string manipulation tricks involved. Ditched that for query - retry until not found.And most importantly for me, brought this up to modern MiniTest and Rails.
This was very quick and dirty and I'm putting this out here pro-forma without much expectation. However, if you think of merging it, I'll try to clear any objections.