Tiny documentation fixes [ci skip]

f51d1428 · Robin Dupret · 5ffbcf12 · f51d1428 · f51d1428 · f51d1428
3 changed file
--- a/actionpack/lib/action_dispatch/routing/mapper.rb
+++ b/actionpack/lib/action_dispatch/routing/mapper.rb
@@ -447,10 +447,10 @@ def root(options = {})
        #      resources :user, param: :name
        #
        #   You can override <tt>ActiveRecord::Base#to_param</tt> of a related
-        #   model to constructe an URL.
+        #   model to construct an URL:
        #
        #      class User < ActiveRecord::Base
-        #        def to_param  # overridden
+        #        def to_param
        #          name
        #        end
        #      end

--- a/guides/source/routing.md
+++ b/guides/source/routing.md
@@ -83,8 +83,8 @@ Rails would dispatch that request to the `destroy` method on the `photos` contro

 ### CRUD, Verbs, and Actions

-In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to 
-controller actions. By convention, each action also maps to a specific CRUD 
+In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to
+controller actions. By convention, each action also maps to a specific CRUD
 operation in a database. A single entry in the routing file, such as:

 ```ruby
@@ -1095,12 +1095,12 @@ edit_videos GET  /videos/:identifier/edit(.:format) videos#edit
 Video.find_by(identifier: params[:identifier])
 ```

-You can override `ActiveRecord::Base#to_param` of a related
-model to constructe an URL.
+You can override `ActiveRecord::Base#to_param` of a related model to construct
+an URL:

 ```ruby
 class Video < ActiveRecord::Base
-  def to_param  # overridden
+  def to_param
    identifier
  end
 end

--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -95,7 +95,12 @@ Rails 2 introduced a new default session storage, CookieStore. CookieStore saves

 * The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, _you don't want to store any secrets here_. To prevent session hash tampering, a digest is calculated from the session with a server-side secret (`secrets.secret_token`) and inserted into the end of the cookie.

-However, since Rails 4, the default store is EncryptedCookieStore. With EncryptedCookieStore the session is encrypted before being stored in a cookie. This prevents the user access to the content of the cookie and prevents him from tampering its content as well. Thus the session becomes a more secure place to store data. The encryption is done using a server-side secret key `secrets.secret_key_base` stored in `config/secrets.yml`.
+However, since Rails 4, the default store is EncryptedCookieStore. With
+EncryptedCookieStore the session is encrypted before being stored in a cookie.
+This prevents the user from accessing and tampering the content of the cookie.
+Thus the session becomes a more secure place to store data. The encryption is
+done using a server-side secret key `secrets.secret_key_base` stored in
+`config/secrets.yml`.

 That means the security of this storage depends on this secret (and on the digest algorithm, which defaults to SHA1, for compatibility). So _don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters, use `rake secret` instead_.