| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master: (32 commits)
Typo fix for unscope
Use the reference for the mime type to get the format
Preparing for 4.1.0.beta2 release
Correctly escape PostgreSQL arrays.
Escape format, negative_format and units options of number helpers
Sync 4.1 release notes with changes since 7f648bc7 [ci skip]
Update upgrading guide regarding `render :text`
Add `#no_content_type` attribute to `AD::Response`
Add missing CHANGELOG entry to Action View
Update guides for new rendering options
Cleanup `ActionController::Rendering`
Fix a fragile test on `action_view/render`
Introduce `render :html` for render HTML string
Introduce `render :plain` for render plain text
Update hash format for render_text_test
Introduce `render :body` for render raw content
Don't use `# =>` when it is not the expression values
Fix the column name [ci skip]
Document the default scopes change on the release notes, CHANGELOG and upgrating guides
Move changelog entry to the top, fix examples indent [ci skip]
...
|
| | |\
| | |
| | | |
Typo fix for unscope [ci skip]
|
| | |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
| | |\
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionview/CHANGELOG.md
activerecord/CHANGELOG.md
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Thanks Godfrey Chan for reporting this!
Fixes: CVE-2014-0080
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| | |\ \
| | | |
| | | | |
Sync 4.1 release notes with changes since 7f648bc7
|
| | |/ / |
|
| | |\ \
| | | |
| | | | |
Introduce `:plain`, `:html`, and `:body` render options.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
* Introduces `:plain`, `:html`, `:body` render option.
* Update guide to use `render :plain` instead of `render :text`.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This test were assuming that the list of render options will always be
the same. Fixing that so this doesn't break when we add/remove render
option in the future.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| | | | | |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
| | |\ \
| | | |
| | | | |
Document `default_scope` changes
|
| | | | |
| | | |
| | | |
| | | | |
[ci skip]
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
and upgrating guides
[ci skip]
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | | |
Fix parameter naming in RemoteIp middleware constructor method [ci skip]
|
| | | |/ /
| | | |
| | | |
| | | |
| | | | |
Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | |
| | | | | |
Upgrade Doc: assets:precompile:all was removed on 4
|
| | | |/ / |
|
| | |/ / |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Rails applications are expected to be always aware of the application
time zone.
To be consistent with that contract, we have to assume that a bare
date passed to time helpers is a date in the application time zone,
not in the system time zone. The system time zone is irrelevant, we
should totally ignore it.
For example,
travel_to user.birth_date + 40.years
should make that user be 40th years old regardless of the system
time zone. Without this patch that may not be true.
|
| | |\ \
| | | |
| | | | |
streaming should change status of response when exception is caught
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)
|
| | | | | |
|
| | | | | |
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* master:
Revert "Merge pull request #13344 from ccutrer/fix-from-default-select"
No need to use symbols
Don't skip tests if they are not broken. Just don't define they
Fix typo [ci skip]
Resolve encoding issues with arrays of hstore (bug 11135).
Fix coffeescript sample [ci skip]
|
| | |\ \ \
| | | | |
| | | | | |
Fix coffeescript sample [ci skip]
|
| | | | | |
| | | | |
| | | | | |
Replace bind() with on() as suggested by the JQuery bind() documentation: https://api.jquery.com/bind/
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 3ea840355409dc205a9e0d027fc09f1452636969, reversing
changes made to e4cde5d58cbb09d1843796f96ba86225ff94fe05.
Conflicts:
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/query_methods.rb
Reason: using `from` without `select` should not change the select list
to SELECT * because it can lead different query results. If it is needed
to change the table to a subquery or a view you can pass a table alias
in the `from` call or use `select('subquery.*')`.
Fixes #14049.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
