Rails is a web-application framework that includes everything needed to create database-backed web applications according to the Model-View-Controller (MVC) pattern.
Understanding the MVC pattern is key to understanding Rails. MVC divides your application into three layers: Model, View, and Controller, each with a specific responsibility.
The Model layer represents the domain model (such as Account, Product, Person, Post, etc.) and encapsulates the business logic specific to your application. In Rails, database-backed model classes are derived from
ActiveRecord::Base. Active Recordallows you to present the data from database rows as objects and embellish these data objects with business logic methods. Although most Rails models are backed by a database, models can also be ordinary Ruby classes, or Ruby classes that implement a set of interfaces as provided by the Active Model module.
The Controller layer is responsible for handling incoming HTTP requests and providing a suitable response. Usually this means returning HTML, but Rails controllers can also generate XML, JSON, PDFs, mobile-specific views, and more. Controllers load and manipulate models, and render view templates in order to generate the appropriate HTTP response. In Rails, incoming requests are routed by Action Dispatch to an appropriate controller, and controller classes are derived from
ActionController::Base. Action Dispatch and Action Controller are bundled together in Action Pack.
The View layer is composed of “templates” that are responsible for providing appropriate representations of your application’s resources. Templates can come in a variety of formats, but most view templates are HTML with embedded Ruby code (ERB files). Views are typically rendered to generate a controller response, or to generate the body of an email. In Rails, View generation is handled by Action View.
Rails 18.104.22.168 was released.
- [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
- [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
- [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
- [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
- [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
- [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload