ruby on rails - Regular expressions with validations in RoR 4 -

-

there following code:

class product < activerecord::base   validates :title, :description, :image_url, presence: true   validates :price, numericality: {greater_than_or_equal_to: 0.01}   validates :title, uniqueness: true   validates :image_url, allow_blank: true, format: {       with: %r{\.(gif|jpg|png)$}i,       message: 'url must point git/jpg/png pictures'   } end

it works, when try test using "rake test" i'll catch message: 

rake aborted! provided regular expression using multiline anchors (^ or $), may present security risk. did mean use \a , \z, or forgot add :multiline => true option?

what mean? how can fix it?

^ , $ start of line , end of line anchors. while \a , \z permanent start of string , end of string anchors.
see difference:

string = "abcde\nzzzz" # => "abcde\nzzzz"  /^abcde$/ === string # => true  /\aabcde\z/ === string # => false

so rails telling you, "are sure want use ^ , $? don't want use \a , \z instead?"

there more on rails security concern generates warning here.


Comments

Post a Comment

Popular posts from this blog

SQL php on different pages to Insert (mysqli) -

-
i have piece of php code, works when placed on index page ( index.php ), nothing if put in page, i.e. add.php for example: having code add.php page, tried go to: www.myhost.com/add.php , nothing happen. if copy code index.php , go page www.myhost.com/index.php add row in sql table. why that? <?php $server="mysql.server.com"; $user="randomusr"; $pass="randompwd"; $db="randomdb"; $link=mysqli_connect($server, $user, $pass, $db); $result=mysqli_query($link,"select * `battery` `id`"); $query = "insert battery (id,type,owner,charge,time) values ('1','lily002','maisnow','15','2015-04-22 17:20:28')"; mysqli_query($link, $query); header("location: index.php"); //this 1 comment out when copied index.php ?> l # name type collation attributes null 1 id int(16) no ...
Read more

How to combine associative arrays in bash? -

-
does know of elegant way combine 2 associative arrays in bash normal array? here's i'm talking about: in bash can combine 2 normal arrays follows: declare -ar array1=( 5 10 15 ) declare -ar array2=( 20 25 30 ) declare -ar array_both=( ${array1[@]} ${array2[@]} ) item in ${array_both[@]}; echo "item: ${item}" done i want same thing 2 associative arrays, following code not work: declare -ar array1=( [5]=true [10]=true [15]=true ) declare -ar array2=( [20]=true [25]=true [30]=true ) declare -ar array_both=( ${array1[@]} ${array2[@]} ) key in ${!array_both[@]}; echo "array_both[${key}]=${array_both[${key}]}" done it gives following error: ./associative_arrays.sh: line 3: array_both: true: must use subscript when assigning associative array the following work-around came with: declare -ar array1=( [5]=true [10]=true [15]=true ) declare -ar array2=( [20]=true [25]=true [30]=true ) declare -a array_both=() key in ${!array1[@]}; ...
Read more

c++ - No viable overloaded operator for references a map -

-
i trying use map can make tag names reference number. when try , use it, in code error (6 in total every time reference map): src/main.cpp:25:45: error: no viable overloaded operator[] type 'std::map<std::string, std::string>' const char* idcs = node.child_value(tagmap[3]); this code: #include "pugi/pugixml.hpp" #include <iostream> #include <string> #include <map> int main() { pugi::xml_document doca, docb; std::map<std::string, pugi::xml_node> mapa, mapb; std::map<std::string, std::string> tagmap {{"1", "data"}, {"2", "entry"}, {"3", "id"}, {"4", "content"}}; if (!doca.load_file("a.xml") || !docb.load_file("b.xml")) { std::cout << "can't find input files"; return 1; } (auto& node: doca.child(tagmap[1]).children(tagmap[2])) { co...
Read more