aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | | | | Added failing test for json_escape striping quotation marksGodfrey Chan2013-12-041-0/+45
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | Expanded test coverage for html_escape and json_escape
* | | | | | | Merge pull request #13171 from kuldeepaggarwal/test-case-updationRafael Mendonça França2013-12-041-1/+0
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | removed duplicate test case
| * | | | | | | removed duplicate test caseKuldeep Aggarwal2013-12-041-1/+0
| | | | | | | |
* | | | | | | | Merge pull request #13170 from acapilleri/remove_return_nilRafael Mendonça França2013-12-041-3/+1
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | remove nil in NullType#ref.
| * | | | | | | remove nil in NullType#ref.Angelo capilleri2013-12-041-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return Nil is implicit in a method and this syntax is used in the others classes
* | | | | | | | mention Active Record enums as major feature for 4.1. [ci skip]Yves Senn2013-12-041-0/+23
|/ / / / / / /
* | | | | | | Merge pull request #13167 from fluxusfrequency/patch-3Carlos Antonio da Silva2013-12-041-13/+17
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Formatting, capitalization, and punctuation fixes [ci skip]
| * | | | | | | Formatting, capitalization, and punctuation fixes [ci skip]Ben Lewis2013-12-041-13/+17
|/ / / / / / / | | | | | | | | | | | | | | Second try on this commit.
* | | | | | | Merge pull request #13152 from mariovisic/text_helper_missing_raw_methodCarlos Antonio da Silva2013-12-042-0/+7
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | TextHelper#simple_format attempts to call undefined raw method
| * | | | | | | Fix issue where TextHelper#simple_format was calling missing 'raw' methodMario Visic2013-12-052-0/+7
| | | | | | | |
* | | | | | | | Merge pull request #12403 from thedarkone/attr-method-missing-fixRafael Mendonça França2013-12-042-3/+51
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix AR#method_missing re-dispatching into overwritten attribute methods Conflicts: activerecord/lib/active_record/attribute_methods.rb
| * | | | | | | Fix AR#method_missing re-dispatching into overwritten attribute methods.thedarkone2013-09-292-3/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was happening when a `super` call in an overwritten attribute method was triggering a method_missing fallback, because attribute methods haven't been generated yet. class Topic < ActiveRecord::Base def title # `super` would re-invoke this method if define_attribute_methods # hasn't been called yet resulting in double '!' appending super + '!' end end
* | | | | | | | Fix documentation of number_to_currency helperRafael Mendonça França2013-12-041-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now users have to explicit mark the unit as safe if they trust it. Closes #13161 Conflicts: actionpack/lib/action_view/helpers/number_helper.rb actionpack/test/template/number_helper_i18n_test.rb
* | | | | | | | remove variants paragraph indent in release notes. [ci skip]Yves Senn2013-12-041-23/+24
| | | | | | | |
* | | | | | | | add Spring as major feature in the 4.1 release notes. [ci skip]Yves Senn2013-12-042-0/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow up to #12958.
* | | | | | | | Merge pull request #12958 from jonleighton/springJon Leighton2013-12-045-7/+71
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Install Spring preloader when generating new applications
| * | | | | | | | Install Spring preloader when generating new applicationsJon Leighton2013-12-035-7/+71
| | | | | | | | |
* | | | | | | | | minor 4_1_release_notes changes. [ci skip]Yves Senn2013-12-041-22/+11
| | | | | | | | |
* | | | | | | | | Merge pull request #13109 from chancancode/json_guidesJeremy Kemper2013-12-033-0/+93
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Added JSON related items to the 4.1 release notes
| * | | | | | | | | Added JSON release notes [ci skip]Godfrey Chan2013-12-032-0/+89
| | | | | | | | | |
| * | | | | | | | | Backfilled CHANGELOG for AS::JSON::Variable removal (6f3e01e8) [ci skip]Godfrey Chan2013-12-031-0/+4
| | |_|/ / / / / / | |/| | | | | | |
* | | | | | | | | Improve a couple exception messages related to variants and mime typesCarlos Antonio da Silva2013-12-033-15/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid one-liner conditionals when they are too big. Avoid concatenating strings to build error messages. Improve messages a bit.
* | | | | | | | | Add nodoc to added VariantFilter classCarlos Antonio da Silva2013-12-031-3/+3
|/ / / / / / / /
* | | | | | | | Merge pull request #12977 from strzalek/action-pack-variantsJeremy Kemper2013-12-0316-18/+227
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Action Pack Variants
| * | | | | | | | Add variants to release notesŁukasz Strzałkowski2013-12-041-0/+33
| | | | | | | | |
| * | | | | | | | Action Pack VariantsŁukasz Strzałkowski2013-12-0415-18/+194
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* / / / / / / / optimize string literals in erb templatesAaron Patterson2013-12-031-2/+2
|/ / / / / / /
* | | | | | | Remove earlier return in favor of conditionalCarlos Antonio da Silva2013-12-031-6/+9
| | | | | | |
* | | | | | | Change delimiter check order: first check if it is presentCarlos Antonio da Silva2013-12-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reads a lot better, and we won't need to try start_with? for blank delimiters. Also rename method name to read better.
* | | | | | | Make both conversion methods work similarlyCarlos Antonio da Silva2013-12-031-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The conversion without area code already changed the passed number in place, so change the other method to do the same.
* | | | | | | Remove useless empty stringCarlos Antonio da Silva2013-12-031-2/+1
| | | | | | |
* | | | | | | No need for #tapCarlos Antonio da Silva2013-12-031-4/+3
| | | | | | |
* | | | | | | Avoid a hash creation since defaults is a new hash alreadyCarlos Antonio da Silva2013-12-031-1/+1
| | | | | | |
* | | | | | | Stop using local variables everywhere, make use of the readerCarlos Antonio da Silva2013-12-036-20/+20
| | | | | | |
* | | | | | | Refactor to avoid earlier returnsCarlos Antonio da Silva2013-12-031-5/+9
| | | | | | |
* | | | | | | Rename variable that holds whether or not the class should validate a float ↵Carlos Antonio da Silva2013-12-035-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | number
* | | | | | | Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
| | | | | | |
* | | | | | | Improve AR changelog, add entry for migration error improvements #12462 [ci ↵Carlos Antonio da Silva2013-12-031-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | skip]
* | | | | | | Merge pull request #12462 from jjb/improve_ar_exception_message_formattingCarlos Antonio da Silva2013-12-031-8/+15
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Improve formatting of ActiveRecord migration exception messages
| * | | | | | | ActiveRecord migration exception message formattingJohn Joseph Bachir2013-12-031-8/+15
| | | | | | | |
* | | | | | | | Merge pull request #13149 from laurocaetano/fix_offset_lastCarlos Antonio da Silva2013-12-033-1/+16
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix offset with last.
| * | | | | | | | Fix offset with last.Lauro Caetano2013-12-033-1/+16
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | Closes #7441
* | | | | | | | Remove the escaping skipRafael Mendonça França2013-12-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are generating safe strings in the paragraph, so we can escape the tags
* | | | | | | | Merge branch 'master-sec'Aaron Patterson2013-12-038-18/+38
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * | | | | | | Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-022-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
| * | | | | | | Stop using i18n's built in HTML error handling.Michael Koziarski2013-12-022-14/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491
| * | | | | | | Ensure simple_format escapes its html attributesMichael Koziarski2013-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
| * | | | | | | Escape the unit value provided to number_to_currencyMichael Koziarski2013-12-022-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415
| * | | | | | | Only use valid mime type symbols as cache keysAaron Patterson2013-12-021-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2013-6414
* | | | | | | | `connection.type_to_sql` returns a `String` for unmapped types.Yves Senn2013-12-033-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #13146. This fixes an error when using: ``` change_colum :table, :column, :bigint, array: true ```
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 06:55:28 +0000