Update selected fields only

2008-06-15 Thread ARAI Shunichi
Hi all, I think that if a method like below are added to Sequel::Model, it will help Web application developers from carelessly making a security hole. It can be used as, update_select([:name, :password], http_params) It prevents an attack which injects HTTP parameters not shown in an HTML

Re: connection pools

2008-06-15 Thread Jeremy Evans
On Jun 14, 7:00 am, Joe Holt [EMAIL PROTECTED] wrote: I'm writing a threaded Ruby app and I've determined that some of the threads need their own exclusive persistent connection to the database. I'm about to patch ConnectionPool to make acquire() public, so that I can do this... Thread.new

Re: Bug with sequel CGI

2008-06-15 Thread Jeremy Evans
On Jun 14, 5:57 pm, Shawn [EMAIL PROTECTED] wrote: Getting a SystemExit exception with require sequel 2.0.[01] in a CGI script, running on Apache 2.2 on Mac OS X 10.5. Here's the script: #/usr/local/bin/ruby require 'rubygems' begin require 'sequel' rescue Exception = e print

Re: Update selected fields only

2008-06-15 Thread Jeremy Evans
ARAI Shunichi wrote: Hi all, I think that if a method like below are added to Sequel::Model, it will help Web application developers from carelessly making a security hole. It can be used as, update_select([:name, :password], http_params) It prevents an attack which injects HTTP

Re: Update selected fields only

2008-06-15 Thread Jeremy Evans
On Jun 15, 8:59 am, Jeremy Evans [EMAIL PROTECTED] wrote: ARAI Shunichi wrote: Hi all, I think that if a method like below are added to Sequel::Model, it will help Web application developers from carelessly making a security hole. It can be used as, update_select([:name, :password],

Re: Bug with sequel CGI

2008-06-15 Thread Shawn
Hi Jeremy, I got a traceback yesterday, but the top frame on the call stack was the require 'sequel' line in my CGI script. I had to dig a little deeper to trace it to ParseTree. I added some debugging output (print Content-type: text/plain\n\n#{path}) to the custom_require.rb file of

Re: connection pools

2008-06-15 Thread Jeremy Evans
On Jun 15, 8:50 am, Jeremy Evans [EMAIL PROTECTED] wrote: On Jun 14, 7:00 am, Joe Holt [EMAIL PROTECTED] wrote: I'm writing a threaded Ruby app and I've determined that some of the threads need their own exclusive persistent connection to the database. I'm about to patch ConnectionPool

ParseTree support is officially deprecated

2008-06-15 Thread Jeremy Evans
Commit here: http://github.com/jeremyevans/sequel/commit/b94bf8ef0534f37364c94f0620a031ee4abeeebc Commit message: Deprecate ParseTree filters, allow expression (blockless) filters inside blocks, default to ParseTree filters ParseTree filters are now officially deprecated and are scheduled for