| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Close the meta tag with '/>' instead of '>'
|
| |/
|
|
|
|
|
|
|
| |
This change fixes the 42 instances of `end tag for "meta" omitted, but
OMITTAG NO was specified` error message that comes up when the full
railsguides are validated.
Full error list at
https://gist.github.com/prakashmurthy/9086679.
|
| |
|
| |
The errors were introduced in e220a34e39
|
| |\
| |
| | |
Update Docs in favor to use render plain instead of text option
|
| |/
|
|
| |
ref #14062
|
| |\
| |
| | |
Typo fix for unscope [ci skip]
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
actionview/CHANGELOG.md
activerecord/CHANGELOG.md
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Thanks Godfrey Chan for reporting this!
Fixes: CVE-2014-0080
|
| | |
| |
| |
| |
| |
| |
| | |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| |\ \
| | |
| | | |
Sync 4.1 release notes with changes since 7f648bc7
|
| |/ / |
|
| |\ \
| | |
| | | |
Introduce `:plain`, `:html`, and `:body` render options.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* Introduces `:plain`, `:html`, `:body` render option.
* Update guide to use `render :plain` instead of `render :text`.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This test were assuming that the list of render options will always be
the same. Fixing that so this doesn't break when we add/remove render
option in the future.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
| |\ \
| | |
| | | |
Document `default_scope` changes
|
| | | |
| | |
| | |
| | | |
[ci skip]
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
and upgrating guides
[ci skip]
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Fix parameter naming in RemoteIp middleware constructor method [ci skip]
|
| | |/ /
| | |
| | |
| | |
| | | |
Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Upgrade Doc: assets:precompile:all was removed on 4
|
| | |/ / |
|
| |/ / |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rails applications are expected to be always aware of the application
time zone.
To be consistent with that contract, we have to assume that a bare
date passed to time helpers is a date in the application time zone,
not in the system time zone. The system time zone is irrelevant, we
should totally ignore it.
For example,
travel_to user.birth_date + 40.years
should make that user be 40th years old regardless of the system
time zone. Without this patch that may not be true.
|
| |\ \
| | |
| | | |
streaming should change status of response when exception is caught
|
| | | |
| | |
| | |
| | |
| | |
| | | |
if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)
|
| |\ \ \
| | | |
| | | | |
Fix coffeescript sample [ci skip]
|
| | | | |
| | | |
| | | | |
Replace bind() with on() as suggested by the JQuery bind() documentation: https://api.jquery.com/bind/
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 3ea840355409dc205a9e0d027fc09f1452636969, reversing
changes made to e4cde5d58cbb09d1843796f96ba86225ff94fe05.
Conflicts:
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/query_methods.rb
Reason: using `from` without `select` should not change the select list
to SELECT * because it can lead different query results. If it is needed
to change the table to a subquery or a view you can pass a table alias
in the `from` call or use `select('subquery.*')`.
Fixes #14049.
|
| | | | | |
|
| | | | | |
|
