| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Now users have to explicit mark the unit as safe if they trust it.
Closes #13161
Conflicts:
actionpack/lib/action_view/helpers/number_helper.rb
actionpack/test/template/number_helper_i18n_test.rb
|
| | |
|
| |
|
|
| |
Follow up to #12958.
|
| |\
| |
| | |
Install Spring preloader when generating new applications
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Added JSON related items to the 4.1 release notes
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Avoid one-liner conditionals when they are too big. Avoid concatenating
strings to build error messages. Improve messages a bit.
|
| |/ / |
|
| |\ \
| | |
| | | |
Action Pack Variants
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
| |
This reads a lot better, and we won't need to try start_with? for blank
delimiters.
Also rename method name to read better.
|
| |
|
|
|
| |
The conversion without area code already changed the passed number in
place, so change the other method to do the same.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
number
|
| | |
|
| |
|
|
| |
skip]
|
| |\
| |
| | |
Improve formatting of ActiveRecord migration exception messages
|
| | | |
|
| |\ \
| | |
| | | |
Fix offset with last.
|
| | |/
| |
| |
| | |
Closes #7441
|
| | |
| |
| |
| |
| | |
We are generating safe strings in the paragraph, so we can escape the
tags
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| | |
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
|
| | |
| |
| |
| |
| |
| | |
Previously the unit values were trusted leading to potential XSS vulnerabilities.
Fixes: CVE-2013-6415
|
| | |
| |
| |
| | |
CVE-2013-6414
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Closes #13146.
This fixes an error when using:
```
change_colum :table, :column, :bigint, array: true
```
|
| | | |
|
| |\ \
| | |
| | | |
Added Date#all_week/month/quarter/year for generating date ranges
|
| |/ / |
|
| |\ \
| | |
| | | |
Add support for localized date references
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ruby's Date class automatically gives us #yesterday, #today,
and #tomorrow. And ActiveSupport has a handy Time.zone.today
for getting a localized version. But there was no localized
version of #yesterday or #tomorrow. Until now.
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
fix email regex example code [ci skip]
|
| | | |
| | |
| | |
| | | |
different from the regex in EmailValidator
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
joker1007/fix_active_record_callbacks_document_bug
Fix ActiveRecord::Callbacks sample code [ci skip]
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Callback caller class uses `after_initialize`,
but Callback callee defines `after_find`.
Current sample code causes following error.
NoMethodError: undefined method `after_initialize' for #<EncryptionWrapper:0x007fe4931fa5c0>
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Fix QueryCache to work with nested blocks
|
