diff options
8 files changed, 34 insertions, 7 deletions
diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 8b596083d5..a8f726f181 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -173,6 +173,9 @@ class FunctionalCachingController < CachingController end end + def xml_fragment_cached_with_html_partial + end + def formatted_fragment_cached respond_to do |format| format.html @@ -308,6 +311,11 @@ CACHED @store.read("views/functional_caching/formatted_fragment_cached_with_variant:#{template_digest("functional_caching/formatted_fragment_cached_with_variant")}/fragment") end + def test_fragment_caching_with_html_partials_in_xml + get :xml_fragment_cached_with_html_partial, format: "*/*" + assert_response :success + end + private def template_digest(name) ActionView::Digestor.digest(name: name, finder: @controller.lookup_context) diff --git a/actionpack/test/fixtures/functional_caching/_formatted_partial.html.erb b/actionpack/test/fixtures/functional_caching/_formatted_partial.html.erb new file mode 100644 index 0000000000..aad73c0d6b --- /dev/null +++ b/actionpack/test/fixtures/functional_caching/_formatted_partial.html.erb @@ -0,0 +1 @@ +<p>Hello!</p> diff --git a/actionpack/test/fixtures/functional_caching/xml_fragment_cached_with_html_partial.xml.builder b/actionpack/test/fixtures/functional_caching/xml_fragment_cached_with_html_partial.xml.builder new file mode 100644 index 0000000000..2bdda3af18 --- /dev/null +++ b/actionpack/test/fixtures/functional_caching/xml_fragment_cached_with_html_partial.xml.builder @@ -0,0 +1,5 @@ +cache do + xml.title "Hello!" +end + +xml.body cdata_section(render("formatted_partial")) diff --git a/actionview/Rakefile b/actionview/Rakefile index 4d7a2f1812..9542b626d1 100644 --- a/actionview/Rakefile +++ b/actionview/Rakefile @@ -57,7 +57,7 @@ namespace :test do end namespace :integration do - # ActiveRecord Integration Tests + # Active Record Integration Tests Rake::TestTask.new(:active_record) do |t| t.libs << "test" t.test_files = Dir.glob("test/activerecord/*_test.rb") @@ -66,7 +66,7 @@ namespace :test do t.ruby_opts = ["--dev"] if defined?(JRUBY_VERSION) end - # ActionPack Integration Tests + # Action Pack Integration Tests Rake::TestTask.new(:action_pack) do |t| t.libs << "test" t.test_files = Dir.glob("test/actionpack/**/*_test.rb") diff --git a/actionview/lib/action_view/digestor.rb b/actionview/lib/action_view/digestor.rb index dbd7a4ee11..45cf48b3e0 100644 --- a/actionview/lib/action_view/digestor.rb +++ b/actionview/lib/action_view/digestor.rb @@ -45,9 +45,8 @@ module ActionView # Create a dependency tree for template named +name+. def tree(name, finder, partial = false, seen = {}) logical_name = name.gsub(%r|/_|, "/") - finder.formats = [finder.rendered_format] if finder.rendered_format - if template = finder.disable_cache { finder.find_all(logical_name, [], partial, []).first } + if template = find_template(finder, logical_name, [], partial, []) finder.rendered_format ||= template.formats.first if node = seen[template.identifier] # handle cycles in the tree @@ -69,6 +68,17 @@ module ActionView seen[name] ||= Missing.new(name, logical_name, nil) end end + + private + def find_template(finder, *args) + finder.disable_cache do + if format = finder.rendered_format + finder.find_all(*args, formats: [format]).first || finder.find_all(*args).first + else + finder.find_all(*args).first + end + end + end end class Node diff --git a/activesupport/test/cache/behaviors/cache_store_behavior.rb b/activesupport/test/cache/behaviors/cache_store_behavior.rb index 0806665c27..e2146a1b3a 100644 --- a/activesupport/test/cache/behaviors/cache_store_behavior.rb +++ b/activesupport/test/cache/behaviors/cache_store_behavior.rb @@ -241,7 +241,7 @@ module CacheStoreBehavior # generate an incompressible string loop do - incompressible = SecureRandom.bytes(1.kilobyte) + incompressible = SecureRandom.random_bytes(1.kilobyte) break if incompressible.bytesize < Zlib::Deflate.deflate(incompressible).bytesize end diff --git a/guides/source/security.md b/guides/source/security.md index 06c24670de..a21526d895 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -74,7 +74,7 @@ Hence, the cookie serves as temporary authentication for the web application. An * Instead of stealing a cookie unknown to the attacker, they fix a user's session identifier (in the cookie) known to them. Read more about this so-called session fixation later. -The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from $10-$1000 (depending on the available amount of funds), $0.40-$20 for credit card numbers, $1-$8 for online auction site accounts and $4-$30 for email passwords, according to the [Symantec Global Internet Security Threat Report](http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf). +The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from 0.5%-10% of account balance, $0.5-$30 for credit card numbers ($20-$60 with full details), $0.1-$1.5 for identities (Name, SSN & DOB), $20-$50 for retailer accounts, and $6-$10 for cloud service provider accounts, according to the [Symantec Internet Security Threat Report (2017)](https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf). ### Session Guidelines diff --git a/railties/lib/rails/generators/rails/app/templates/gitignore.tt b/railties/lib/rails/generators/rails/app/templates/gitignore.tt index 2cd8335aba..4e114fb1d9 100644 --- a/railties/lib/rails/generators/rails/app/templates/gitignore.tt +++ b/railties/lib/rails/generators/rails/app/templates/gitignore.tt @@ -24,8 +24,11 @@ <% unless skip_active_storage? -%> # Ignore uploaded files in development /storage/* - +<% if keeps? -%> +!/storage/.keep <% end -%> +<% end -%> + <% unless options.skip_yarn? -%> /node_modules /yarn-error.log |