#428 db:fixtures:dump does not escape <% - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
Combine keywords for powerful searching.
Use advanced searching »

#428 √ invalid

db:fixtures:dump does not escape <%

Reported by Nataniel | June 16th, 2008 @ 04:58 AM

I have a model EmailTemplate and its email_templates db table:

create_table :email_templates do |t|

t.string :name, :limit => 100

t.text :headers, :null => true

t.text :body

end

These templates basically hold views for ActionMailer (within the db instead of file because of editing via admin panel). So I use the Ruby code inside the body, like:

Your e-mail is: <%= @user.email %>

When I dump the model (rake db:fixtures:dump MODEL=EmailTemplate), the code goes into the YML file without escaping:

template_00002:

name: xxxx

body: "Your e-mail is: <%= @user.email %>,\r\n\

(...)

This way the code gets executed while loading fixture (rake db:fixtures:load FIXTURE=templates) instead of ActionMailer... The YML file should hold the data escaped:

body: "Your e-mail is: <%%= @user.email %>,\r\n\

Comments and changes to this ticket

Chris Lloyd August 6th, 2008 @ 08:19 PM
I could be mistaken but I don't believe there is a db:fixtures:dump task in Rails at the moment.
Nataniel August 7th, 2008 @ 12:26 AM
Chris, you're absolutely right. My bad, I thought it is core Rails task, but it came into my project from arfixtures plugin: http://topfunky.net/svn/plugins/arfixtures. Please close the ticket as bogus.
Joshua Peek August 7th, 2008 @ 12:39 AM

Please Login or create a free account to add a new comment.

You can update this ticket by sending an email to from your email client. (help)

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Source available from github

The Git repository resides at http://github.com/rails

Check out the current development trunk (Edge Rails) with:

git clone git://github.com/rails/rails.git

The latest development for the 1.2.x and 2.0.x releases are on the 1-2-stable and 2-0-stable branches.

Creating a bug report

When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.

Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.

Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".

Shared Ticket Bins (Sort)

120Open Patches ↓↑ drag
0Open Doc Patches ↓↑ drag
0Open Bugs ↓↑ drag
4Stale Tickets ↓↑ drag
0Verified Patches ↓↑ drag

Ruby on Rails