aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-054-0/+35
|
* Merge pull request #13109 from chancancode/json_guidesJeremy Kemper2013-12-033-0/+93
|\ | | | | Added JSON related items to the 4.1 release notes
| * Added JSON release notes [ci skip]Godfrey Chan2013-12-032-0/+89
| |
| * Backfilled CHANGELOG for AS::JSON::Variable removal (6f3e01e8) [ci skip]Godfrey Chan2013-12-031-0/+4
| |
* | Improve a couple exception messages related to variants and mime typesCarlos Antonio da Silva2013-12-033-15/+19
| | | | | | | | | | Avoid one-liner conditionals when they are too big. Avoid concatenating strings to build error messages. Improve messages a bit.
* | Add nodoc to added VariantFilter classCarlos Antonio da Silva2013-12-031-3/+3
|/
* Merge pull request #12977 from strzalek/action-pack-variantsJeremy Kemper2013-12-0316-18/+227
|\ | | | | Action Pack Variants
| * Add variants to release notesŁukasz Strzałkowski2013-12-041-0/+33
| |
| * Action Pack VariantsŁukasz Strzałkowski2013-12-0415-18/+194
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* optimize string literals in erb templatesAaron Patterson2013-12-031-2/+2
|
* Remove earlier return in favor of conditionalCarlos Antonio da Silva2013-12-031-6/+9
|
* Change delimiter check order: first check if it is presentCarlos Antonio da Silva2013-12-031-3/+3
| | | | | | | This reads a lot better, and we won't need to try start_with? for blank delimiters. Also rename method name to read better.
* Make both conversion methods work similarlyCarlos Antonio da Silva2013-12-031-1/+2
| | | | | The conversion without area code already changed the passed number in place, so change the other method to do the same.
* Remove useless empty stringCarlos Antonio da Silva2013-12-031-2/+1
|
* No need for #tapCarlos Antonio da Silva2013-12-031-4/+3
|
* Avoid a hash creation since defaults is a new hash alreadyCarlos Antonio da Silva2013-12-031-1/+1
|
* Stop using local variables everywhere, make use of the readerCarlos Antonio da Silva2013-12-036-20/+20
|
* Refactor to avoid earlier returnsCarlos Antonio da Silva2013-12-031-5/+9
|
* Rename variable that holds whether or not the class should validate a float ↵Carlos Antonio da Silva2013-12-035-9/+9
| | | | number
* Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
|
* Improve AR changelog, add entry for migration error improvements #12462 [ci ↵Carlos Antonio da Silva2013-12-031-2/+12
| | | | skip]
* Merge pull request #12462 from jjb/improve_ar_exception_message_formattingCarlos Antonio da Silva2013-12-031-8/+15
|\ | | | | Improve formatting of ActiveRecord migration exception messages
| * ActiveRecord migration exception message formattingJohn Joseph Bachir2013-12-031-8/+15
| |
* | Merge pull request #13149 from laurocaetano/fix_offset_lastCarlos Antonio da Silva2013-12-033-1/+16
|\ \ | | | | | | Fix offset with last.
| * | Fix offset with last.Lauro Caetano2013-12-033-1/+16
| |/ | | | | | | Closes #7441
* | Remove the escaping skipRafael Mendonça França2013-12-031-1/+1
| | | | | | | | | | We are generating safe strings in the paragraph, so we can escape the tags
* | Merge branch 'master-sec'Aaron Patterson2013-12-038-18/+38
|\ \ | |/ |/| | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-022-2/+17
| | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
| * Stop using i18n's built in HTML error handling.Michael Koziarski2013-12-022-14/+10
| | | | | | | | | | | | | | | | | | i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491
| * Ensure simple_format escapes its html attributesMichael Koziarski2013-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | The previous behavior equated the sanitize option for simple_format with the escape option of content_tag, however these are two distinct concepts. This fixes CVE-2013-6416 Conflicts: actionview/lib/action_view/helpers/text_helper.rb
| * Escape the unit value provided to number_to_currencyMichael Koziarski2013-12-022-1/+3
| | | | | | | | | | | | Previously the unit values were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2013-6415
| * Only use valid mime type symbols as cache keysAaron Patterson2013-12-021-0/+7
| | | | | | | | CVE-2013-6414
* | `connection.type_to_sql` returns a `String` for unmapped types.Yves Senn2013-12-033-1/+16
| | | | | | | | | | | | | | | | | | | | Closes #13146. This fixes an error when using: ``` change_colum :table, :column, :bigint, array: true ```
* | Changelog improvements [ci skip]Carlos Antonio da Silva2013-12-032-6/+6
| |
* | Merge pull request #9685 from dimko/patch-2Carlos Antonio da Silva2013-12-034-21/+42
|\ \ | | | | | | Added Date#all_week/month/quarter/year for generating date ranges
| * | Added Date#all_week/month/quarter/year for generating date rangesDimko2013-12-034-21/+42
|/ /
* | Merge pull request #12822 from cbartlett/masterCarlos Antonio da Silva2013-12-033-4/+43
|\ \ | | | | | | Add support for localized date references
| * | Add support for localized date referencesColin Bartlett2013-12-033-0/+39
| | | | | | | | | | | | | | | | | | | | | Ruby's Date class automatically gives us #yesterday, #today, and #tomorrow. And ActiveSupport has a handy Time.zone.today for getting a localized version. But there was no localized version of #yesterday or #tomorrow. Until now.
| * | Use travel_to convention in existing testColin Bartlett2013-12-031-4/+4
| | |
* | | Merge pull request #13145 from acapilleri/fix_email_exampleCarlos Antonio da Silva2013-12-031-1/+1
|\ \ \ | |/ / |/| | fix email regex example code [ci skip]
| * | fix email regex example code [ci skip]Angelo capilleri2013-12-031-1/+1
| | | | | | | | | | | | different from the regex in EmailValidator
* | | Merge pull request #13143 from ↵Rafael Mendonça França2013-12-031-2/+2
|\ \ \ | | | | | | | | | | | | | | | | joker1007/fix_active_record_callbacks_document_bug Fix ActiveRecord::Callbacks sample code [ci skip]
| * | | Fix ActiveRecord::Callbacks sample code [ci skip]joker10072013-12-031-2/+2
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Callback caller class uses `after_initialize`, but Callback callee defines `after_find`. Current sample code causes following error. NoMethodError: undefined method `after_initialize' for #<EncryptionWrapper:0x007fe4931fa5c0>
* | | Fix bad usage of #select with hashCarlos Antonio da Silva2013-12-031-1/+1
| | |
* | | Merge pull request #11643 from vipulnsward/query_cache_clearCarlos Antonio da Silva2013-12-033-1/+15
|\ \ \ | | | | | | | | Fix QueryCache to work with nested blocks
| * | | Currently, we clear query_cache in cache block finish, even if we may ↵Vipul A M2013-12-033-1/+15
|/ / / | | | | | | | | | | | | | | | already have cache true. This commit takes into account the last cache_enabled value, before clearing query_cache.
* | | Merge pull request #13022 from pwnall/fixture_contextYves Senn2013-12-036-1/+116
|\ \ \ | | | | | | | | Introduce a context for rendering fixtures ERB.
| * | | Introduce a context for rendering fixtures ERB.Victor Costan2013-12-036-1/+116
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixture files are passed through an ERB renderer before being read as YAML. The rendering is currently done in the context of the main object, so method definitons leak into other fixtures, and there is no clean place to define fixture helpers. After this commit, the ERB renderer will use a new subclass of ActiveRecord::FixtureSet.context_class each time a fixture is rendered.
* | | Convert Mime::NullType in a singletonGuillermo Iguaran2013-12-031-1/+4
| | |
* | | Cleanups in comment about conditionalGuillermo Iguaran2013-12-031-1/+2
| | |