Spreadsheet applications vulnerable to unescaped CSV data
If your CSV export includes untrusted data provided by your users, it's possible that they could include an executable formula that could call arbitrary commands on your computer. See #4256 for more details.
Session Commits & Asset Pipeline
When configuring the asset pipeline ensure that the asset prefix
config.assets.prefix) is not the same as the namespace of ActiveAdmin
(default namespace is
/admin). If they are the same Sprockets will prevent the
session from being committed. Flash messages won't work and you will be unable to
use the session for storing anything.
For more information see the following post: http://www.intridea.com/blog/2013/3/20/rails-assets-prefix-may-disable-your-session
There are two known gotchas with helpers. This hopefully will help you to find a solution.
Helpers are not reloading in development
This is a known and still open issue the only way is to restart your server each time you change a helper.
Helper maybe not included by default
If you use
config.action_controller.include_all_helpers = false in your application config,
you need to include it by hand.
First use a monkey patch
This works for all ActiveAdmin resources at once.
# config/initializers/active_admin_helpers.rb ::.class_eval do helper ApplicationHelper end
Second use the
This works only for one resource at a time.
.register User do controller do helper UserHelper end end
In order to avoid the override of your application style with the Active Admin one, you can do one of these things:
- You can properly move the generated file
- You can remove all
require_treecommands from your root level css files, where the
active_admin.scssis in the tree.
With gems that provides a
search class method on a model
If a gem defines a
search class method on a model, this can result in conflicts
with the same method provided by
ransack (a dependency of ActiveAdmin).
Each of this conflicts need to solved is a different way. Some solutions are listed below.
This conflict can be solved, by using explicitly the
search method of
Authentication & Application Controller
ActiveAdmin::BaseController inherits from the
ApplicationController. Any authentication method(s) specified in the
ApplicationController callbacks will be called instead of the authentication method in the active admin config file. For example, if the ApplicationController has a callback
before_action :custom_authentication_method and the config file's authentication method is
config.authentication_method = :authenticate_active_admin_user, then
custom_authentication_method will be called instead of