info.michael-simons.eu

PDF::Writer and Ruby on Rails 2.2.2

If you followed the instructions here and used the method named PDF::Writer (Austin Ziegler), you we’re out of luck when Rails 2.1 appeared.

With Rails 2.2.2 once again the rendering mechanism seems to have changed big time and my previous post on how to make the pdf/writer gem work with a custom template handler doesn’t work anymore.

With the help of Josh Peek i was able to fix this. He gave me the following code to enable a rpdf template handler with pdf-writer:

module ActionView # :nodoc:
  require 'pdf/writer'
  class PDFRender < ActionView::TemplateHandler
    PAPER = 'A4'
    include ApplicationHelper                     
    include ActionView::Helpers::TranslationHelper
    include ActionView::Helpers::AssetTagHelper
    include ActionView::Helpers::TextHelper
    include ActionView::Helpers::TagHelper
    include ActionView::Helpers::UrlHelper
 
    def self.call(template)
      "ActionView::PDFRender.new(self).render(template, local_assigns)"
    end
 
    def initialize(action_view)
      @action_view = action_view
    end
 
    # Render the PDF
    def render(template, local_assigns = {})
      @action_view.controller.headers["Content-Type"] ||= 'application/pdf'
 
      # Retrieve controller variables
      @action_view.controller.instance_variables.each do |v|
        instance_variable_set(v,
        @action_view.controller.instance_variable_get(v))
      end
 
      pdf = ::PDF::Writer.new( :paper => PAPER )
      pdf.compressed = true if RAILS_ENV != 'development'
      eval template.source, nil, ''
 
      pdf.render
    end
  end
end
 
ActionView::Template.register_template_handler 'rpdf', ActionView::PDFRender

Just drop this under config/initializers and you’re fine.

Filed in English posts, Rails | Comments (8) »

24-Nov-08

RFC3339 revisited

Not just for ruby but also the corresponding formats for

Java

public static final SimpleDateFormat RFC3339_FORMAT = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");

and for Oracle

SELECT to_timestamp_tz('1979-21-09T06:54:00+01:00','YYYY-MM-DD"T"HH24:MI:SSTZH:TZM') FROM dual
/

Oracle

Filed in English posts, Java, Oracle | Comments (0) »

13-Nov-08

Ruby: Formatting time values as RFC3339

Times in RSS Feeds and the like are formatted as RFC3339 most of the time. You can save yourself from strftime by using

Time.now.xmlschema

Filed in English posts | Comments (1) »

01-Nov-08

Turn off RoRs automatic timezone conversion for columns

I couldn’t find this in the documents, but Geoff Buesing showed me the hooks to turn off Ruby On Rails’ automatic timezone conversions for some columns of a model or a complete model:

# Turn it off for just some columns
class Picture < ActiveRecord::Base
 def self.skip_time_zone_conversion_for_attributes
   [:created_at, :published_at]
 end
end
 
# Turin it off for the whole model
class Picture < ActiveRecord::Base
 def self.time_zone_aware_attributes
   false
 end
end

Thanks a lot!

Filed in English posts, Rails | Comments (6) »

01-Nov-08

Fun with sql

What’s all the fuss about this SQL Injection thing?

It boils down getting some malicious crafted SQL code into the SQL code of an application, destroying data or authenticate yourself without knowing any real password. xkdc has a nice explanation.

The simple cases base on wrong escaped strings and the like. But as this SQL injection cheatsheet shows there are an infinity number of possibilities.

At day most of the time my database connection is an Oracle connection and so i found this Oracle whitepaper titled How to write injection-proof PL/SQL very interesting (via Bruce Schneier found at the gay bar).

I do not have a magic recipe for avoiding attack vectors all the time but as well as the whitepaper is written, it’s not a solution to expose all queries only via pl/sql to clients. In fact, it’s a nightmare to get this to work with JPA and other ORM mappers.

I try not to use dynamic sql in the sense of “concatenate some strings with one another and mysql_real_escape_string or DBMS_Assert. them” but use prepared statements with placeholders and explicit datatypes. Also if there’s a need for computing sql queries at runtime, do not ever let user supplied input come near them. I know that i’m relying to my api in this case but there is always a point on which i must rely on i guess.

As alway, the most important thing is: Be conscious about what you are doing and try to understand that, but at this point, i leave the discussion about software development and enter the depths of common sense…

Filed in Design, English posts, Oracle | Comments (1) »

27-Oct-08