diff options
| -rw-r--r-- | actionview/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/url_helper.rb | 14 | ||||
| -rw-r--r-- | actionview/test/template/url_helper_test.rb | 17 | ||||
| -rw-r--r-- | activerecord/CHANGELOG.md | 40 | ||||
| -rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb | 4 | ||||
| -rw-r--r-- | activesupport/lib/active_support/deprecation/reporting.rb | 2 | ||||
| -rw-r--r-- | activesupport/lib/active_support/log_subscriber/test_helper.rb | 3 | ||||
| -rw-r--r-- | guides/source/active_model_basics.md | 6 | ||||
| -rw-r--r-- | guides/source/active_support_core_extensions.md | 7 | ||||
| -rw-r--r-- | guides/source/testing.md | 4 | ||||
| -rw-r--r-- | railties/Rakefile | 29 |
11 files changed, 89 insertions, 41 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 65314184c8..e5f5961326 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,7 @@ +* Restrict `url_for :back` to valid, non-JavaScript URLs. GH#14444 + + *Damien Burke* + * Allow `date_select` helper selected option to accept hash like the default options. *Lecky Lao* diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb index 5684de35e8..baebc34b4b 100644 --- a/actionview/lib/action_view/helpers/url_helper.rb +++ b/actionview/lib/action_view/helpers/url_helper.rb @@ -41,11 +41,21 @@ module ActionView end def _back_url # :nodoc: - referrer = controller.respond_to?(:request) && controller.request.env["HTTP_REFERER"] - referrer || 'javascript:history.back()' + _filtered_referrer || 'javascript:history.back()' end protected :_back_url + def _filtered_referrer # :nodoc: + if controller.respond_to?(:request) + referrer = controller.request.env["HTTP_REFERER"] + if referrer && URI(referrer).scheme != 'javascript' + referrer + end + end + rescue URI::InvalidURIError + end + protected :_filtered_referrer + # Creates an anchor element of the given +name+ using a URL created by the set of +options+. # See the valid options in the documentation for +url_for+. It's also possible to # pass a String instead of an options hash, which generates an anchor element that uses the diff --git a/actionview/test/template/url_helper_test.rb b/actionview/test/template/url_helper_test.rb index 43a65a58cb..48d0a9a47a 100644 --- a/actionview/test/template/url_helper_test.rb +++ b/actionview/test/template/url_helper_test.rb @@ -50,6 +50,23 @@ class UrlHelperTest < ActiveSupport::TestCase assert_equal 'javascript:history.back()', url_for(:back) end + def test_url_for_with_back_and_no_controller + @controller = nil + assert_equal 'javascript:history.back()', url_for(:back) + end + + def test_url_for_with_back_and_javascript_referer + referer = 'javascript:alert(document.cookie)' + @controller = Struct.new(:request).new(Struct.new(:env).new("HTTP_REFERER" => referer)) + assert_equal 'javascript:history.back()', url_for(:back) + end + + def test_url_for_with_invalid_referer + referer = 'THIS IS NOT A URL' + @controller = Struct.new(:request).new(Struct.new(:env).new("HTTP_REFERER" => referer)) + assert_equal 'javascript:history.back()', url_for(:back) + end + def test_button_to_with_straight_url assert_dom_equal %{<form method="post" action="http://www.example.com" class="button_to"><input type="submit" value="Hello" /></form>}, button_to("Hello", "http://www.example.com") end diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 3576f5c905..c2cfdd5001 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -60,7 +60,7 @@ *Takashi Kokubun* -* Use advisory locking to raise a ConcurrentMigrationError instead of +* Use advisory locking to raise a `ConcurrentMigrationError` instead of attempting to migrate when another migration is currently running. *Sam Davies* @@ -80,7 +80,7 @@ *Aaron Suggs* * Avoid disabling errors on the PostgreSQL connection when enabling the - standard_conforming_strings setting. Errors were previously disabled because + `standard_conforming_strings` setting. Errors were previously disabled because the setting wasn't writable in Postgres 8.1 and didn't exist in earlier versions. Now Rails only supports Postgres 8.2+ we're fine to assume the setting exists. Disabling errors caused problems when using a connection @@ -92,7 +92,7 @@ *Harry Marr* -* Set `scope.reordering_value` to `true` if :reordering values are specified. +* Set `scope.reordering_value` to `true` if `:reordering`-values are specified. Fixes #21886. @@ -151,13 +151,13 @@ validates_numericality_of :pitch end - - Old style - - `guitar.errors["tuning_pegs.pitch"] = ["is not a number"]` + # Old style + guitar.errors["tuning_pegs.pitch"] = ["is not a number"] - - New style (if defined globally, or set in has_many_relationship) - - `guitar.errors["tuning_pegs[1].pitch"] = ["is not a number"]` + # New style (if defined globally, or set in has_many_relationship) + guitar.errors["tuning_pegs[1].pitch"] = ["is not a number"] - *Michael Probber and Terence Sun* + *Michael Probber*, *Terence Sun* * Exit with non-zero status for failed database rake tasks. @@ -170,21 +170,23 @@ *Rafael Sales* -* Add ability to default to `uuid` as primary key when generating database migrations +* Add ability to default to `uuid` as primary key when generating database migrations. - config.generators do |g| - g.orm :active_record, primary_key_type: :uuid - end + Example: + + config.generators do |g| + g.orm :active_record, primary_key_type: :uuid + end *Jon McCartie* -* Don't cache arguments in #find_by if they are an ActiveRecord::Relation +* Don't cache arguments in `#find_by` if they are an `ActiveRecord::Relation`. Fixes #20817 *Hiroaki Izu* -* Qualify column name inserted by `group` in calculation +* Qualify column name inserted by `group` in calculation. Giving `group` an unqualified column name now works, even if the relation has `JOIN` with another table which also has a column of the name. @@ -209,7 +211,7 @@ *Jake Worth* * Add an immutable string type to help reduce memory usage for apps which do - not need mutation detection on Strings. + not need mutation detection on strings. *Sean Griffin* @@ -227,7 +229,7 @@ *Yves Senn* -* No longer pass depreacted option `-i` to `pg_dump`. +* No longer pass deprecated option `-i` to `pg_dump`. *Paul Sadauskas* @@ -242,7 +244,7 @@ *Matthew Draper*, *Jean Boussier* -* Remove unused `pk_and_sequence_for` in AbstractMysqlAdapter. +* Remove unused `pk_and_sequence_for` in `AbstractMysqlAdapter`. *Ryuta Kamizono* @@ -268,7 +270,7 @@ *Jimmy Bourassa* -* Fixed taking precision into count when assigning a value to timestamp attribute +* Fixed taking precision into count when assigning a value to timestamp attribute. Timestamp column can have less precision than ruby timestamp In result in how big a fraction of a second can be stored in the @@ -298,7 +300,7 @@ *Yves Senn*, *Matthew Draper* * Add `ActiveRecord::Base.ignored_columns` to make some columns - invisible from ActiveRecord. + invisible from Active Record. *Jean Boussier* diff --git a/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb b/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb index e2ef56798b..abf0124562 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb @@ -202,13 +202,9 @@ module ActiveRecord # end # end # - # The table definitions - # The Columns are stored as a ColumnDefinition in the #columns attribute. class TableDefinition include ColumnMethods - # An array of ColumnDefinition objects, representing the column changes - # that have been defined. attr_accessor :indexes attr_reader :name, :temporary, :options, :as, :foreign_keys, :native diff --git a/activesupport/lib/active_support/deprecation/reporting.rb b/activesupport/lib/active_support/deprecation/reporting.rb index bbe25c9260..f89fc0fe14 100644 --- a/activesupport/lib/active_support/deprecation/reporting.rb +++ b/activesupport/lib/active_support/deprecation/reporting.rb @@ -83,7 +83,7 @@ module ActiveSupport rails_gem_root = File.expand_path("../../../../..", __FILE__) + "/" offending_line = callstack.find { |frame| - !frame.absolute_path.start_with?(rails_gem_root) + frame.absolute_path && !frame.absolute_path.start_with?(rails_gem_root) } || callstack.first [offending_line.path, offending_line.lineno, offending_line.label] end diff --git a/activesupport/lib/active_support/log_subscriber/test_helper.rb b/activesupport/lib/active_support/log_subscriber/test_helper.rb index cbc20c103d..588ed67c81 100644 --- a/activesupport/lib/active_support/log_subscriber/test_helper.rb +++ b/activesupport/lib/active_support/log_subscriber/test_helper.rb @@ -10,8 +10,7 @@ module ActiveSupport # class SyncLogSubscriberTest < ActiveSupport::TestCase # include ActiveSupport::LogSubscriber::TestHelper # - # def setup - # super + # setup do # ActiveRecord::LogSubscriber.attach_to(:active_record) # end # diff --git a/guides/source/active_model_basics.md b/guides/source/active_model_basics.md index fe2501bd87..8f8256c983 100644 --- a/guides/source/active_model_basics.md +++ b/guides/source/active_model_basics.md @@ -8,10 +8,10 @@ classes. Active Model allows for Action Pack helpers to interact with plain Ruby objects. Active Model also helps build custom ORMs for use outside of the Rails framework. -After reading this guide, you will know: +After reading this guide, you will know: * How an Active Record model behaves. -* How Callbacks and validations work. +* How Callbacks and validations work. * How serializers work. * The Rails internationalization (i18n) framework. @@ -428,7 +428,7 @@ the Active Model API. class PersonTest < ActiveSupport::TestCase include ActiveModel::Lint::Tests - def setup + setup do @model = Person.new end end diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index 556b5ede3c..f6fc255c24 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -248,6 +248,13 @@ end @person.try { |p| "#{p.first_name} #{p.last_name}" } ``` +Note that `try` will swallow no-method errors, returning nil instead. If you want to protect against typos, use `try!` instead: + +```ruby +@number.try(:nest) # => nil +@number.try!(:nest) # NoMethodError: undefined method `nest' for 1:Fixnum +``` + NOTE: Defined in `active_support/core_ext/object/try.rb`. ### `class_eval(*args, &block)` diff --git a/guides/source/testing.md b/guides/source/testing.md index a07772036b..2f941a8280 100644 --- a/guides/source/testing.md +++ b/guides/source/testing.md @@ -908,12 +908,12 @@ require 'test_helper' class ArticlesControllerTest < ActionController::TestCase # called before every single test - def setup + setup do @article = articles(:one) end # called after every single test - def teardown + teardown do # when controller is using cache it may be a good idea to reset it afterwards Rails.cache.clear end diff --git a/railties/Rakefile b/railties/Rakefile index cf130a5f14..73d881b318 100644 --- a/railties/Rakefile +++ b/railties/Rakefile @@ -5,20 +5,33 @@ task :default => :test desc "Run all unit tests" task :test => 'test:isolated' +dash_i = [ + 'test', + 'lib', + "#{File.dirname(__FILE__)}/../activesupport/lib", + "#{File.dirname(__FILE__)}/../actionpack/lib", + "#{File.dirname(__FILE__)}/../activemodel/lib" +] + +dash_i.reverse_each do |x| + $:.unshift x unless $:.include? x +end +$-w = true + +require 'bundler/setup' unless defined?(Bundler) +require 'active_support' + namespace :test do task :isolated do dirs = (ENV["TEST_DIR"] || ENV["TEST_DIRS"] || "**").split(",") test_files = dirs.map { |dir| "test/#{dir}/*_test.rb" } Dir[*test_files].each do |file| next true if file.include?("fixtures") - dash_i = [ - 'test', - 'lib', - "#{File.dirname(__FILE__)}/../activesupport/lib", - "#{File.dirname(__FILE__)}/../actionpack/lib", - "#{File.dirname(__FILE__)}/../activemodel/lib" - ] - ruby "-w", "-I#{dash_i.join ':'}", file + puts "#{FileUtils::RUBY} -w -I#{dash_i.join ':'} #{file}" + + # We could run these in parallel, but pretty much all of the + # railties tests already run in parallel, so ¯\_(⊙︿⊙)_/¯ + Process.waitpid fork { ARGV.clear; load file } end end end |