[Rails] Re: acts_as_list crashes with non-numeric id

Robert Walker wrote in post #1109609:
> For future reference this is one of those times that fighting Rails
> conventions makes your life more difficult as a Rails developer.

I've done quite a few apps with non-numeric IDs w/o problems until now.
Apparently I never needed to scope a list (?) or the originall DHH one
didn't have this problem maybe?


> If you really want to fix the problem the I suggest you fork the
> acts_as_list repository and fix the bug there...

hmm...
https://github.com/swanandp/acts_as_list/pull/69

So, awareness, but no fix yet.


Frederick Cheung wrote in post #1109627:
> This feels like it should work though - scope is not necessarily a
> foreign
> key column (it could easily be a status column for example
> (open/closed/etc)), so it should work with string valued columns. Also
> anything which allows an unquoted, user controllable string into an SQL
> query is a potential security problem

That's what I was thinking. Though my (probably incomplete) efforts to
inject some quotes have failed.

Anyway, I guess I'll hack at my local copy and see what I come up
with...

Thanks to both

-- gw

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7cf3004ae3f9e1656219bb094dba168c%40ruby-forum.com?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.