| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
| |
|
| |
|
| |
|
|
|
|
| |
This is version of #8640 for master
|
| |
|
|
|
|
|
|
|
| |
1) Failure:
test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]:
Expected: "image/png"
Actual: "image/png; charset=utf-8"
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a request has an unknown format, the methods html?, xml?, json? ...etc
not raise an Exception.
This patch add a class Mime::NullType, that is returned when request.format is unknown
and it responds false to the methods that ends with '?' and true to 'nil?'.
It refers to #7837, this issue is considered a improvement not a bug.
|
|
|
| |
I missed attribution on this :flushed:
|
|
|
|
|
|
|
|
| |
Move the Journey code underneath the ActionDispatch namespace so
that we don't pollute the global namespace with names that may
be used for models.
Fixes rails/journey#49.
|
| |
|
|
|
|
|
|
| |
Removes support for :encode, :replace_at, and :replace_dot
options from the mail_to helper. Support for these options
has been extracted to the 'actionview-encoded_mail_to' gem.
|
|
|
|
| |
closes #8388
|
| |
|
|\
| |
| |
| | |
Removed :if / :unless conditions to fragment cache in favour of *cache_i...
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cache_if(condition, option, &block) and cache_unless(condition, option, &block).
In the PR #8371 was introduced conditional options :if and :unless in
the cache method.
Example:
<%= cache @model, if: some_condition(@model) do %>
...
<%end%>
This is a good feature but *cache_if* and and *cache_unless*
are more concise and close to the standard of rails view helpers
(ex: link_to_if and link_to_unless).
Example:
<%= cache_if condition, @model do %>
...
<%end%>
|
| |
| |
| |
| |
| | |
Remove all the old url helper methods when clear! is called on the
route set because it's possible that some routes have been removed.
|
|/
|
|
|
|
|
|
|
|
| |
This doesn't actually remove old url helper methods as they are
defined in a different module.
This reverts commit 96bcef947bf713b7d9fc88f26dff69f568111262.
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
| |
If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to
the result of #body (which will return env['rack.input'] if
env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind
the result of another call to #body. Since env['RAW_POST_DATA'] has
already been set, the result of #body is not env['rack.input'] anymore.
This causes env['rack.input'] to never be rewound.
|
| |
|
|\
| |
| | |
Prevent raising EOFError on multipart GET request.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.
It's similar fix to Rack's one:
https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224
|
| | |
|
|/ |
|
|
|
|
| |
This reverts commit c59734f756b79c39486c45273d2cc5d42cd0c864.
|
|
|
|
|
|
|
|
|
|
| |
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes #6421
|
|
|
|
| |
[Stephen Ausman + Fabrizio Regini]
|
| |
|
|
|
|
|
|
| |
be ignored. A regular expression constraint gets overwritten when the
routes.rb file is processed. Changed the overwriting to an ||= instead
of an = assignment.
|
| |
|
|
|
|
| |
[ci skip]
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This was forgotten when we did the merge.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
For instance, it prevents false positive in this case:
file = nil
get :index
assert_template("#{file}")
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Was surprising found that this example doesn't work:
scope :api do
resources :users
end
and the right form to use it is:
scope 'api' do
resources :users
end
I think this should work similary as `namespace` where both are allowed.
These two are equivalent:
namespace :api do
resources :users
end
namespace 'api' do
resources :user
end
|
|
|
|
| |
Merge url for tests and add changelog entry for #8233.
|
|
|
|
|
|
|
|
| |
This resolves issues when rendering nested partials.
Previously the `PartialRenderer` was reused which led to
situations where the state of the renderer was reset.
Closes #8197
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a list of mime types where template text is not html escaped
by default. It prevents `Jack & Joe` from rendering as
`Jack & Joe` for the whitelisted mime types. The default whitelist
contains text/plain.
This follows a whitelist approach where plain text templates are
not escaped, and all the others (json, xml) are. The mime type is
assumed to be set by the abstract controller.
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit f4ad0ebe7a6b17658bddfeb996e3c34835b75623, reversing
changes made to 8b2cbb3a832101f0e672ee309beca0f8c555b292.
Conflicts:
actionpack/CHANGELOG.md
REASON: This added introduced a bug when you have a shorthand route
inside a nested namespace.
See
https://github.com/rafaelfranca/rails/commit/281367eb770faf8077c1fd6194188e92ed1637a1
|