I found this extremely useful:

1
2
3

def redirect_to_ssl
    redirect_to url_for params.merge({:protocol => 'https://'}) unless request.ssl?
end

Put this in your application controller and call

1

before_filter :redirect_to_ssl

on every controller that would require ssl. You can pick which actions would only require this by extending your before_filter declaration as such:

1

before_filter :redirect_to_ssl, :only => [:new, :purchase]

or even by exclusion, whichever is more convenient for your case:

1

before_filter :redirect_to_ssl, :except => [:show]

PS: There are other resources too, such as this one (that could be of help): http://fuadcse.blogspot.com/2009/01/redirecting-http-request-to-https-in.html

I have been maintaining several WordPress blogs (all currently running 2.8.3 as of the time of writing). I logged in earlier today, and found that there was a new release. Of course, I wanted to have them all updated at the soonest possible time.

By practice, I download the zipped file to apply them manually onto our source code repositories for update. Usually, I find this useful because I get to see what the changes really were for the new release. I was surprised to see that the new version I downloaded was a complete joke.

I got WordPress 2.8.4 here. I downloaded the file also inside the server, for a quick copy of the latest version, in case it will be needed. Applying it to local copy of the repository, I found some big joke. Amusing, but also confusing.

Now tell me.. Is this real? Could I be wrong? Could this be a mistake perhaps? Where is the security release? I’m not moving a muscle.