Comments and changes to this ticket

• You flagged this item as spam.
  

  23inhouse January 19th, 2011 @ 03:00 AM

  There is a typo please use:

  rake test:functionals

• 

  Santiago Pastorino January 31st, 2011 @ 09:17 PM

  • Importance changed from “” to “Low”

  Have you tried tests in 3.0.3? even better what's about 3.0.4.rc1?.
  Thanks.

• You flagged this item as spam.
  

  23inhouse January 31st, 2011 @ 09:39 PM

  I should have mentioned that it doesn't work in any version after 3.0.0. I was trying to isolate the change that broke it.

  I just ran it in 3.0.4.rc1 and it still fails to pass the test.

  P.S. I'm using ruby-1.9.2-p0

• 

  Santiago Pastorino February 1st, 2011 @ 02:45 AM

  Hey sorry I hadn't check the issue deeply in my first glance.
  The issue you're pointing, is not a real one :), is a security fix.

• 

  Michael Koziarski February 1st, 2011 @ 02:45 AM

  • State changed from “new” to “invalid”

  Your application was relying on a security vulnerability that was fixed in 3.0.1

  http://groups.google.com/group/rubyonrails-security/t/f9f913d328dafe0c

  If we let you specify the ID like that you could edit arbitrary records in the database by simply changing a few form parameters. This will never be fixed.

• You flagged this item as spam.
  

  23inhouse February 6th, 2011 @ 03:12 AM

  Michael and Santiago

  Thank you for clarifying that. I was really enjoying just jamming the params into the Models attributes= methods and having it all work, but i can see the problem this causes.

  Thanks again.
  Ben

• You flagged this item as spam.
  

  af001 May 5th, 2011 @ 03:00 AM

  私の中で、総合評価のとっても低いアバアバクロホリスタークロ銀座店。アバクロは大好きなんですけどね。一昨日の東京駅付近での打ち合わせの後、散歩がてら久々に行ってきました。そしたらビックリ！相変わらアバクロず、踊っているだけの店員さんとかもいましたが、