diff options
Diffstat (limited to 'actionpack/CHANGELOG')
-rw-r--r-- | actionpack/CHANGELOG | 179 |
1 files changed, 173 insertions, 6 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 68076b794e..29992a36b1 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,4 +1,171 @@ -*Rails 3.1.0 (unreleased)* +*Rails 3.2.0 (unreleased)* + +* Limit the number of options for select_year to 1000. + + Pass the :max_years_allowed option to set your own limit. + + [Libo Cannici] + +* Passing formats or handlers to render :template and friends is deprecated. For example: [Nick Sutterer & José Valim] + + render :template => "foo.html.erb" + + Instead, you can provide :handlers and :formats directly as option: + + render :template => "foo", :formats => [:html, :js], :handlers => :erb + +* Changed log level of warning for missing CSRF token from :debug to :warn. [Mike Dillon] + +* content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block [Prem Sichanugrist] + + So instead of having to do this: + + @items.each do |item| + content_tag_for(:li, item) do + Title: <%= item.title %> + end + end + + You can now do this: + + content_tag_for(:li, @items) do |item| + Title: <%= item.title %> + end + +* send_file now guess the mime type [Esad Hajdarevic] + +* Mime type entries for PDF, ZIP and other formats were added [Esad Hajdarevic] + +* Generate hidden input before select with :multiple option set to true. + This is useful when you rely on the fact that when no options is set, + the state of select will be sent to rails application. Without hidden field + nothing is sent according to HTML spec [Bogdan Gusiev] + +* Refactor ActionController::TestCase cookies [Andrew White] + + Assigning cookies for test cases should now use cookies[], e.g: + + cookies[:email] = 'user@example.com' + get :index + assert_equal 'user@example.com', cookies[:email] + + To clear the cookies, use clear, e.g: + + cookies.clear + get :index + assert_nil cookies[:email] + + We now no longer write out HTTP_COOKIE and the cookie jar is + persistent between requests so if you need to manipulate the environment + for your test you need to do it before the cookie jar is created. + + +*Rails 3.1.1 (unreleased)* + +* javascript_path and stylesheet_path now refer to /assets if asset pipelining +is on. [Santiago Pastorino] + +* button_to support form option. Now you're able to pass for example +'data-type' => 'json'. [ihower] + +* image_path and image_tag should use /assets if asset pipelining is turned +on. Closes #3126 [Santiago Pastorino and christos] + +* Avoid use of existing precompiled assets during rake assets:precompile run. +Closes #3119 [Guillermo Iguaran] + +* Copy assets to nondigested filenames too [Santiago Pastorino] + +* Give precedence to `config.digest = false` over the existence of +manifest.yml asset digests [christos] + +* escape options for the stylesheet_link_tag method [Alexey Vakhov] + +* Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so +it works on Windows [cablegram] + +* env var passed to process shouldn't be modified in process method. [Santiago +Pastorino] + +* `rake assets:precompile` loads the application but does not initialize +it. + + To the app developer, this means configuration add in + config/initializers/* will not be executed. + + Plugins developers need to special case their initializers that are + meant to be run in the assets group by adding :group => :assets. [José Valim] + +* Sprockets uses config.assets.prefix for asset_path [asee] + +* FileStore key_file_path properly limit filenames to 255 characters. [phuibonhoa] + +* Fix Hash#to_query edge case with html_safe strings. [brainopia] + +* Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. +Useful for linking assets from static html files or from emails when the user +could probably look at an older html email with an older asset. [Santiago Pastorino] + +* Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko] + +* Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran] + +* Fix basic auth credential generation to not make newlines. GH #2882 + +* Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. + Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran] + +* CookieJar is now Enumerable. Fixes #2795 + +* Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran] + +* Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran] + +* Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. [Guillermo Iguaran] + + +*Rails 3.1.0 (August 30, 2011)* + +* Param values are `paramified` in controller tests. [David Chelimsky] + +* x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. [Santiago Pastorino] + +* The submit form helper does not generate an id "object_name_id" anymore. [fbrusatti] + +* Make sure respond_with with :js tries to render a template in all cases [José Valim] + +* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove] + +* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist] + +* Fix escape_js to work correctly with the new SafeBuffer restriction [Paul Gallagher] + +* Brought back alternative convention for namespaced models in i18n [thoefer] + + Now the key can be either "namespace.model" or "namespace/model" until further deprecation. + +* It is prohibited to perform a in-place SafeBuffer mutation [tenderlove] + + The old behavior of SafeBuffer allowed you to mutate string in place via + method like `sub!`. These methods can add unsafe strings to a safe buffer, + and the safe buffer will continue to be marked as safe. + + An example problem would be something like this: + + <%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %> + + In the above example, an untrusted string (`params[:xss]`) is added to the + safe buffer returned by `link_to`, and the untrusted content is successfully + sent to the client without being escaped. To prevent this from happening + `sub!` and other similar methods will now raise an exception when they are called on a safe buffer. + + In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example: + + <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %> + + The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe. + + You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb * Warn if we cannot verify CSRF token authenticity [José Valim] @@ -17,7 +184,7 @@ class PostsController < ActionController::Base stream :only => :index end - + Please read the docs at `ActionController::Streaming` for more information. * Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter [José Valim] @@ -36,11 +203,11 @@ For example if you have this route: - map '*pages' => 'pages#show' + match '*pages' => 'pages#show' by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this: - map '*pages' => 'pages#show', :format => false + match '*pages' => 'pages#show', :format => false * Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH] @@ -2203,7 +2370,7 @@ superclass' view_paths. [Rick Olson] * Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net] -* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info] +* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com] * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com] @@ -2800,7 +2967,7 @@ superclass' view_paths. [Rick Olson] * Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas] -* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info] +* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com] * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com] |