1 files changed, 176 insertions, 5 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 15abfb8369..a7a47bf930 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,4 +1,175 @@
-*Rails 3.1.0 (unreleased)*
+*Rails 3.2.0 (unreleased)*
+
+* Responders now return 204 No Content for API requests without a response body (as in the new scaffold) [José Valim]
+
+* Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog [DHH]
+
+* Limit the number of options for select_year to 1000.
+
+  Pass the :max_years_allowed option to set your own limit.
+
+  [Libo Cannici]
+
+* Passing formats or handlers to render :template and friends is deprecated. For example: [Nick Sutterer & José Valim]
+
+    render :template => "foo.html.erb"
+
+  Instead, you can provide :handlers and :formats directly as option:
+  
+    render :template => "foo", :formats => [:html, :js], :handlers => :erb
+
+* Changed log level of warning for missing CSRF token from :debug to :warn. [Mike Dillon]
+
+* content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block [Prem Sichanugrist]
+
+  So instead of having to do this:
+
+    @items.each do |item|
+      content_tag_for(:li, item) do
+         Title: <%= item.title %>
+      end
+    end
+
+  You can now do this:
+
+    content_tag_for(:li, @items) do |item|
+      Title: <%= item.title %>
+    end
+
+* send_file now guess the mime type [Esad Hajdarevic]
+
+* Mime type entries for PDF, ZIP and other formats were added [Esad Hajdarevic]
+
+* Generate hidden input before select with :multiple option set to true.
+  This is useful when you rely on the fact that when no options is set,
+  the state of select will be sent to rails application. Without hidden field
+  nothing is sent according to HTML spec [Bogdan Gusiev]
+
+* Refactor ActionController::TestCase cookies [Andrew White]
+
+  Assigning cookies for test cases should now use cookies[], e.g:
+
+    cookies[:email] = 'user@example.com'
+    get :index
+    assert_equal 'user@example.com', cookies[:email]
+
+  To clear the cookies, use clear, e.g:
+
+    cookies.clear
+    get :index
+    assert_nil cookies[:email]
+
+  We now no longer write out HTTP_COOKIE and the cookie jar is
+  persistent between requests so if you need to manipulate the environment
+  for your test you need to do it before the cookie jar is created.
+
+
+*Rails 3.1.1 (unreleased)*
+
+* javascript_path and stylesheet_path now refer to /assets if asset pipelining
+is on. [Santiago Pastorino]
+
+* button_to support form option. Now you're able to pass for example
+'data-type' => 'json'. [ihower]
+
+* image_path and image_tag should use /assets if asset pipelining is turned
+on. Closes #3126 [Santiago Pastorino and christos]
+
+* Avoid use of existing precompiled assets during rake assets:precompile run.
+Closes #3119 [Guillermo Iguaran]
+
+* Copy assets to nondigested filenames too [Santiago Pastorino]
+
+* Give precedence to `config.digest = false` over the existence of
+manifest.yml asset digests [christos]
+
+* escape options for the stylesheet_link_tag method [Alexey Vakhov]
+
+* Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so
+it works on Windows [cablegram]
+
+* env var passed to process shouldn't be modified in process method. [Santiago
+Pastorino]
+
+* `rake assets:precompile` loads the application but does not initialize
+it.
+
+  To the app developer, this means configuration add in
+	config/initializers/* will not be executed.
+
+  Plugins developers need to special case their initializers that are
+  meant to be run in the assets group by adding :group => :assets. [José Valim]
+
+* Sprockets uses config.assets.prefix for asset_path [asee]
+
+* FileStore key_file_path properly limit filenames to 255 characters. [phuibonhoa]
+
+* Fix Hash#to_query edge case with html_safe strings. [brainopia]
+
+* Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
+Useful for linking assets from static html files or from emails when the user
+could probably look at an older html email with an older asset. [Santiago Pastorino]
+
+* Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. [Mark J. Titorenko]
+
+* Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 [Guillermo Iguaran]
+
+* Fix basic auth credential generation to not make newlines. GH #2882
+
+* Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
+  Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. [Guillermo Iguaran]
+
+* CookieJar is now Enumerable. Fixes #2795
+
+* Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 [Guillermo Iguaran]
+
+* Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 [Guillermo Iguaran]
+
+* Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. [Guillermo Iguaran]
+
+
+*Rails 3.1.0 (August 30, 2011)*
+
+* Param values are `paramified` in controller tests. [David Chelimsky]
+
+* x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. [Santiago Pastorino]
+
+* The submit form helper does not generate an id "object_name_id" anymore. [fbrusatti]
+
+* Make sure respond_with with :js tries to render a template in all cases [José Valim]
+
+* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove]
+
+* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist]
+
+* Fix escape_js to work correctly with the new SafeBuffer restriction [Paul Gallagher]
+
+* Brought back alternative convention for namespaced models in i18n [thoefer]
+
+  Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
+
+* It is prohibited to perform a in-place SafeBuffer mutation [tenderlove]
+
+  The old behavior of SafeBuffer allowed you to mutate string in place via
+  method like `sub!`. These methods can add unsafe strings to a safe buffer,
+  and the safe buffer will continue to be marked as safe.
+
+  An example problem would be something like this:
+
+    <%= link_to('hello world', @user).sub!(/hello/, params[:xss])  %>
+
+  In the above example, an untrusted string (`params[:xss]`) is added to the
+  safe buffer returned by `link_to`, and the untrusted content is successfully
+  sent to the client without being escaped.  To prevent this from happening
+  `sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
+
+  In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
+
+     <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
+
+  The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
+
+  You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
 
 * Warn if we cannot verify CSRF token authenticity [José Valim]
 
@@ -36,11 +207,11 @@
 
   For example if you have this route:
 
-    map '*pages' => 'pages#show'
+    match '*pages' => 'pages#show'
 
   by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
 
-    map '*pages' => 'pages#show', :format => false
+    match '*pages' => 'pages#show', :format => false
 
 * Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
 
@@ -2203,7 +2374,7 @@ superclass' view_paths.  [Rick Olson]
 
 * Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
 
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
 
 * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
 
@@ -2800,7 +2971,7 @@ superclass' view_paths.  [Rick Olson]
 
 * Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
 
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
 
 * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]