Bear Den Designs - The Hacker's Musings

Flexible date input and manipulation in javascript with date.js

Sat, 21 Feb 2009 03:30:45 -0600

date.js is a great little JavaScript library that can make your life a lot easier.

If your used to ruby’s date functions then date.js will make you feel right at home.

date.js can:

Parse strings into dates.
Add and Subtract time in days,hours,months or years.
Easily return “x” “day of week” of “month”
Boolean assertions for day, week, month, year.
Turn you into a JavaScript ninja.

Note: Some of the syntactic goodies require ‘sugar.js’

Going into the future is no problem for date.js

Date.today().add(5).days(); Date.today().next().friday();

Interested in this Friday? April of this year?

Date.friday(); Date.april();

What about the first friday of april? No Sweat!

Date.april().first().friday();

Assert any date properties you want.

Date.today().is().friday(); // returns true orfalse

It can parse just about anything you throw at it.

Date.parse(‘today’); Date.parse(‘tomorrow’); Date.parse(‘July 8’); Date.parse(‘July 8th, 2007’); Date.parse(‘July 8th, 2007, 10:30 PM’); // Even crazy! things like Date.parse(‘last april’); Date.parse(‘+2days’);

There are also some fun number functions.

(8).days().fromNow(); (2).months().ago();

For more reading, checkout: date.js examples

GeoKit stubbing for faster tests

Wed, 07 Jan 2009 21:40:19 -0600

We recently added geocoding to after_save on an address model to keep track of peoples lat/lng, and found that it added substantial time to our tests. The solution? Easy.

Don’t really need to test that geolocating works, I mean.. GeoKit has its own unit tests. So Stub it! Stub it good!

Place this in your test_helper.rb (and inside Test::Unit::TestCase) for tolerable test times.

“This was written for mocha, but its easy to adapt to rspec or flexmock”

  setup :stub_geocoder
  def stub_geocoder
    geocode_payload = GeoKit::GeoLoc.new(:lat => 123.456, :lng => 123.456)
    geocode_payload.success = true
    GeoKit::Geocoders::MultiGeocoder.stubs(:geocode).returns(geocode_payload)
  end

“Just remember to turn it off if you plan to test any features that rely on actual geocoding!”

Solution to: Permission denied to get property XULElement.popupOpen

Thu, 09 Oct 2008 11:58:02 -0500

What’s that firefox? A cryptic error message? Timmy’s drowning at the old mill?!

I came across this rather strange bug while switching from a file input to a combination of SWFUploader and a text field.

Permission denied to get property XULElement.popupOpen

The problem seems to occur when focusing on the input via javascript.

Solution? Easy, Just add this to your text input:

autocomplete=“off”

And then give firefox a nice pop on the head for being a bad fox! Bad Fox! …No!

I hope that saves you some headache and confusion =)

- Your Friendly Neighborhood Hacker

ActiveRecord.update_attributes has_many :security_holes, :through => :unkown_features

Mon, 07 Apr 2008 17:52:10 -0500

Among you railites who have successfully learned rails, watched tutorials, and generally feel comfortable about your abilities: Probably didn’t know there is a little security hole in your app.

It has to deal with update_attributes, has_many relationships, and a method made available on the parent in the relation.

Example:

class User < ActiveRecord::Base
  has_many :groups
end

In your view you have your pretty form with user’s name and other demographics they can enter in their profile. and a ‘save’ button that leads to a call to ‘update_attributes’.

The problem lies in the fact that has_many creates a method off your object called

 user.group_ids=

Which allows you to pass in an array of ids and create associations en-mass.
the problem is that I can come in with firebug and add my own fields.

<!-- im in your html source adding my inputs -->
<input type="text" name="user[group_ids][]"/>
<input type="text" name="user[group_ids][]"/>
<input type="text" name="user[group_ids][]"/>

After filling those fields and submiting, if you inspect the params hash you will notice:
- “parent” => {…. “association_ids” => [“1”,“2”,“4”]}

And if you check your script/console and check the associations, they will be there assuming you have groups with id’s of 1,2, and 4.

The implications? If you use these groups for any kind of role based access, a user could assume a group with root/super/power user access!

The lesson?

Protect your attributes!

 attr_protected :group_ids

But! a better idea would be to use:

 attr_accessible :name, :bio, :etc

I hope this has helped you as much as it did me!

-TheHacker

A Window Into Functional Tests

Mon, 07 Apr 2008 17:16:36 -0500

So like any ruby blooded human, I create functional tests for my rails applications. However, things don’t always go as planned; a redirect instead of a success, but where to?, the assigns is right, but the flash was wrong, etc.

Sometimes you just need a way to peek at what you get back. If you enjoy gouging your eyes out you can do a puts @response or @response.body

A slightly better alternative is to spit the body to a file and preview it in firefox.

    tmpfile = File.new(tmpname = 'tmp/test_page.html', "w")
    tmpfile.puts @response.body
    tmpfile.close
    `firefox #{tmpname}`

Put this after any get, post, etc, and you will get a decent html output of your view (sans stylesheets and valid links) Although nothing is stopping you from outputting to public, running script/server, and viewing it from there.

If your dealing with redirects, don’t forget about follow_redirect!
If your crossing controllers, use integration tests =)

It’s not the be all end all of solutions, but it helps for a quick glimpse while fixing tests.
Hope it helps!

Syntax Highlighting for Everyone!

Fri, 14 Dec 2007 13:41:22 -0600

I recently integrated a javascript based syntax highlighter into this blog. Its very easy to do and quiet useful. Here is a quick rundown. I also go over some alternative methods afterwards.

The software I ended up using was SyntaxHighlighter

Instructions can be found here just include some files, run the javascript and your gold.

Once thats in place all you have todo is invoke:

<pre name="code" class="yourlanguage">
   awesome code snippit here

Where ‘yourlanguage’ is one of ruby,perl,etc

There is a very useful option which allows you to match line numbers to the file you may be refering to (for example your code may begin on line 10).

<pre name="code" class="yourlanguage:firstline[10]">
   awesome code snippit here

Here is an example from line 35 from a rails controller (Note the line numbers on the left)

def show
  @owner = User.find(params[:user]) || User.find(1)
  @blogs = Blog.paginate :conditions => ["(user_id = ?) AND NOT disabled", @owner.id], 
    :order => 'updated_at DESC', :per_page => 5, :page => params[:page]
end

SyntaxHighlighter supports out of the box:

Csharp
C++
CSS
Delphi
JavaScript
Java
Php
Python
Ruby
SQL
VisualBasic
XML (Which works well for xhtml files)

In addition you can grab shBrushPerl.js which adds perl support.

And thats all there is to it! Syntax Highlighting with Client Side Javascript.

I would also like to point out some other ways to convert code into markup.

Coderay integrates well with ruby on rails.
GeSHi is a PHP based generator.
Highlight is a command line (and gtk gui) based app.

At the very least Highlight’s console output can be grabbed and fed into your web application no matter what language. It also has a cool 256 Color Xterm output which is great for piping code into from grep or less.

Highlight also comes with a slew of existing color schemes in CSS which is nice.

There are many more highlighters out there, google is your friend.

Enjoy the shiny colors!

Google-Geocode Gem Woe's

Fri, 14 Dec 2007 11:54:02 -0600

While using the very cool google-geocode gem for ruby, I ran into a small (read: big) problem.

Do a search for “Trinidad” by itself and you get something like:

Communication error: #<REXML::ParseException: Missing end tag for 'AdministrativeAreaName' (got "AdministrativeArea")

The problem lies not in the gem but in ruby’s REXML and how it deals with the xml google sends back. This only happens when international characters are involved.

After doing a little googling I saw a patch for rexml which I changed into a monkey patch for google-geocodes helper library rc-rest.

This monkey patch will solve all your accent mark woe’s.

class RCRest
  
  def get(method, params = {})
    url = make_url method, params

    url.open do |xml|
      body = xml.read

      res = REXML::Document.new Iconv.conv("UTF-8//Ignore", 'UTF-8', body)
  
      check_error res

      return parse_response(res)
    end
  rescue IOError, SystemCallError, SocketError, Timeout::Error,
         REXML::ParseException => e
    raise CommunicationError.new(e)
  rescue OpenURI::HTTPError => e
    begin
      xml = REXML::Document.new e.io.read
      check_error xml
    rescue REXML::ParseException => e
    end
    new_e = CommunicationError.new e
    new_e.message << "\n\nunhandled error:\n#{xml.to_s}"
    raise new_e
  end
  
end

The magical change is the inclusion of Iconv to make REXML happy.