aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | | | | | | Remove default match without specified methodJose and Yehuda2012-04-2457-455/+463
| |_|_|_|_|_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* | | | | | | | | Merge pull request #5966 from oscardelben/fix_secure_password_setterJosé Valim2012-04-242-1/+7
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix secure_password setter
| * | | | | | | | | Fix secure_password setterOscar Del Ben2012-04-242-1/+7
| | | | | | | | | |
* | | | | | | | | | Merge pull request #5929 from FLOChip/notesJeremy Kemper2012-04-242-4/+14
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | `rake notes` and `rake notes:custom` now support css, scss, and css.
| * | | | | | | | | | `rake notes` and `rake notes:custom` now supportTeng Siong Ong2012-04-222-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | css, scss and css.
* | | | | | | | | | | Merge pull request #5965 from oscardelben/refactor_secure_password_authenticateJosé Valim2012-04-241-5/+1
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Refactor SecurePassword#authenticate
| * | | | | | | | | | | Refactor SecurePassword#authenticateOscar Del Ben2012-04-241-5/+1
| | |/ / / / / / / / / | |/| | | | | | | | |
* | | | | | | | | | | Merge pull request #5963 from kennyj/fix_build_20120425Jeremy Kemper2012-04-242-3/+9
|\ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / |/| | | | | | | | | | Fix build. It seems that the Mocha's behavior was changed.
| * | | | | | | | | | Fix build. It seems that the Mocha's behavior were changed.kennyj2012-04-252-3/+9
|/ / / / / / / / / /
* | | | | | | | | | Merge pull request #5961 from bogdan/routesJeremy Kemper2012-04-241-20/+26
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Refactor ActionDispatch::HTTP::Url#url_for
| * | | | | | | | | | ActionDispatch::HTTP::Url#url_for refactor methodBogdan Gusiev2012-04-241-20/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separated right side url generation(before query string) from left side url generation(after query string)
* | | | | | | | | | | Merge pull request #5927 from avakhov/distance_of_time_in_words-swapJeremy Kemper2012-04-242-16/+41
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Distance of time in words should work correctly if from_time > to_time
| * | | | | | | | | | | Use leap years trick in distance_of_time_in_words only for distances between ↵Alexey Vakhov2012-04-242-12/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | real date points
| * | | | | | | | | | | fixed non matching documentation behaviour with method semantics on ↵Marcelo Casiraghi2012-04-242-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | distance_of_time_in_words
| * | | | | | | | | | | Distance of time in words should work correct if from time > to_timeAlexey Vakhov2012-04-242-2/+4
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #5956 from arunagw/mocha_upgradeJeremy Kemper2012-04-241-1/+1
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Upgrading to Mocha 0.11.2 to fix Object#method override
| * | | | | | | | | | | | Upgrading mocha 0.11.2Arun Agrawal2012-04-241-1/+1
| | |_|_|_|_|/ / / / / / | |/| | | | | | | | | |
* | | | | | | | | | | | Merge pull request #5960 from homakov/patch-3José Valim2012-04-241-5/+2
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Delete insecure and "bad practice" code.
| * | | | | | | | | | | | Deleting insecure and "bad practice" code. related: ↵Egor Homakov2012-04-241-5/+2
|/ / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://homakov.blogspot.com/2012/04/whitelist-your-routes-match-is-evil.html
* | | | | | | | | | | | Merge pull request #5959 from carlosantoniodasilva/refactor-route_setAaron Patterson2012-04-241-3/+4
|\ \ \ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / / / |/| | | | | | | | | | | Refactor hash creation in routeset
| * | | | | | | | | | | Refactor hash creation in routesetCarlos Antonio da Silva2012-04-241-3/+4
|/ / / / / / / / / / /
* | | | | | | | | | | Merge pull request #5957 from bogdan/routesJosé Valim2012-04-241-26/+20
|\ \ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / / |/| | | | | | | | | | RouteSet: decomplecting a way to handle positional args
| * | | | | | | | | | RouteSet: decomplecting a way to handle positional argsBogdan Gusiev2012-04-241-26/+20
|/ / / / / / / / / /
* | | | | | | | | | Merge pull request #5955 from bogdan/routesJosé Valim2012-04-241-13/+21
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | RouteSet: simplify routes helpers generation code
| * | | | | | | | | | RouteSet: simplify routes helpers generation codeBogdan Gusiev2012-04-241-13/+21
|/ / / / / / / / / /
* | | | | | | | | | Merge pull request #5954 from bogdan/routesJosé Valim2012-04-242-0/+3
|\ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / |/| | | | | | | | | Add missing requires in routes
| * | | | | | | | | Add missing requires in routesBogdan Gusiev2012-04-232-0/+3
| | | | | | | | | |
* | | | | | | | | | Only include Rake::DSL if it's defined.Joe Van Dyk2012-04-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rake < 0.9 doesn't define Rake::DSL.
* | | | | | | | | | Merge pull request #5887 from mcrowe/document-relation-mergeVijay Dev2012-04-231-0/+14
|\ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / |/| | | | | | | | | Add documentation to the SpawnMethods#merge method.
| * | | | | | | | | Add documentation to the SpawnMethods#merge method.Mitch Crowe2012-04-171-0/+14
| | | | | | | | | |
* | | | | | | | | | Merge pull request #5930 from carlosantoniodasilva/generated-attribute-refactorJosé Valim2012-04-221-7/+10
|\ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / |/| | | | | | | | | Refactor GeneratedAttributes
| * | | | | | | | | Refactor GeneratedAttributesCarlos Antonio da Silva2012-04-221-7/+10
|/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move reference? method to class to remove duplicated code * Move to_sym typecast from #initialize to .parse method (make it easier to refactor reference?), remove AS object/blank require * Use []= instead of merge!({}) * Remove in? in favor of include?, remove AS object/inclusion require
* | | | | | | | | Merge pull request #5917 from oscardelben/masterPiotr Sarnacki2012-04-211-1/+0
|\ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / |/| | | | | | | | Remove circular require warning
| * | | | | | | | Remove circular require of time/zonesOscar Del Ben2012-04-211-1/+0
| | | | | | | | |
* | | | | | | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-04-2139-314/+391
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | |
| * | | | | | | | Revert "in feedback solicitation text, correct that docrails is fork, not ↵Vijay Dev2012-04-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | branch" This reverts commit 7b7cc1341bd41106c0e6c5eb399f8aff39b43f52. Reason: docrails isn't a rails fork. See 5444ed56ab38a742b3ddf6612eadd8cf50d8d517 [ci skip]
| * | | | | | | | Merge branch 'master' of github.com:lifo/docrailsOscar Del Ben2012-04-212-2/+2
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Comma missedAlexey Vakhov2012-04-211-1/+1
| | | | | | | | | |
| | * | | | | | | | in feedback solicitation text, correct that docrails is fork, not branchRory O’Kane2012-04-201-1/+1
| | | | | | | | | |
| * | | | | | | | | Add validation code to getting started guide and improve validationOscar Del Ben2012-04-214-10/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | section
| * | | | | | | | | Add model validation section to Getting Started guideOscar Del Ben2012-04-2111-96/+93
| |/ / / / / / / /
| * | | | | | | | Merge branch 'master' of github.com:lifo/docrailsOscar Del Ben2012-04-202-2/+2
| |\ \ \ \ \ \ \ \
| | * | | | | | | | Fix example in ActionView::Helpers::FormHelperThibaut Courouble2012-04-201-1/+1
| | | | | | | | | |
| | * | | | | | | | removed extra "you"Kevin Musiorski2012-04-191-1/+1
| | | | | | | | | |
| * | | | | | | | | Add index and links section to Getting started guideOscar Del Ben2012-04-2011-24/+123
| | | | | | | | | |
| * | | | | | | | | Add show action in getting started guideOscar Del Ben2012-04-206-27/+63
| | | | | | | | | |
| * | | | | | | | | New Getting started guide wont have tagsOscar Del Ben2012-04-206-36/+1
| | | | | | | | | |
| * | | | | | | | | Adapt "Getting started guide" code sampleOscar Del Ben2012-04-208-129/+36
| | | | | | | | | |
| * | | | | | | | | Add "Saving data in the controller" sectionOscar Del Ben2012-04-201-0/+27
| |/ / / / / / / /
| * | | | | | | | Add model creation step to getting started guideOscar Del Ben2012-04-191-6/+27
| | | | | | | | |