Ask for Help
*Is sunspot vulnerable to a ruby injection attack?
Sunspot requests ruby as an output format from solr, and evals the response. One project is seeing invalid unicode being passed to solr and coming back in the response, causing the eval error on the invalid characters. The consensus was that it probably wasn’t exploitable, but is unfortunate.
- Is there a way to put Jasmine in the test group without it causing errors on production?
This has gotten better in rails 3 but the fix has caused problems in rails 2 apps. For now you can install in every group or catch the exception when it tries to load it in production.
- You can pass an array as the value of the :join parameter in ActiveRecord finders. This lets your write clearer code instead of having one long string with multiple joins.