stable-badge

Upgrading ubiquo 0.7.X to Rails 2.3.11

This guide is intended for ubiquo 0.7.X based applications running on Rails versions previous to 2.3.11. If this is your case you should upgrade as soon as possible because you may be affected by security vulnerabilities:

1 Installing required gems

Obviusly we need to install the new rails gem but we also need to install the i18n gem.

sudo gem install rails -v 2.3.11 --no-ri --no-rdoc sudo gem install i18n -v 0.4.2 --no-ri --no-rdoc

For the i18n gem we need a version prior to 0.5.0 because this one uses the new interpolation syntax which, at this moment, it’s unsuported by this ubiquo version and probably by your application.

2 Upgrading ubiquo plugins

Now we are going to upgrade all ubiquo plugins to the last version of the 0.7.X branch doing:

rake ubiquo:foreach:pull

3 Add a preinitializer

Now we need to add a new file config/preinitializer.rb so we can require the proper i18n gem.

require 'rubygems' gem 'i18n', '<0.5.0'

Since we upgraded the ubiquo version previously, we can accomplish the same effect doing rake ubiquo:install this will create the appropiate preinitializer.

4 Update environment.rb

And finally we need to update our config/environment.rb file and point it to use the Rails 2.3.11 version:

RAILS_GEM_VERSION = '2.3.11' unless defined? RAILS_GEM_VERSION

5 Apply the patch to your application

Now that you have your application running 2.3.11, you have to apply the patch described in the Rails link above.

This basically means 3 steps:

  • In your application controller, you have to delete any possible cookie you have set in case the request is not verified. For example you can use this code as a base
def handle_unverified_request super cookies.delete(:auth_token) # deletes ubiquo authentication # now delete any possible public-part cookies raise ActionController::InvalidAuthenticityToken # optional, if you want to hear about possible problems end
  • In all your layouts you should send the csrf meta:
<%= javascript_include_tag :defaults %> <%= csrf_meta_tag %>
  • Finally, to ensure that all the javascript requests include this meta, you should add the following snippet

http://weblog.rubyonrails.org/assets/2011/2/8/prototype-snippet.js

This should be present everywhere js requests are initiated. You can include it in a common javascript file, for example in ubiquo.js if you don’t have a public site in your ubiquo app.

6 Upgrade the ubiquo gem

You should also upgrade to the last ubiquo gem so new projects use the latest Rails version.

sudo gem install ubiquo --no-ri --no-rdoc