Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Complete work on 3.2 for render_data_leak patch. | Arthur Neves | 2016-02-29 | 1 | -2/+1 |
| | | | | | | | | | | | | | | | | | | Render could leak access to external files before this patch. A previous patch(CVE-2016-0752), attempted to fix this. However the tests were miss-placed outside the TestCase subclass, so they were not running. We should allow :file to be outside rails root, but anything else must be inside the rails view directory. The implementation has changed a bit though. Now the patch is more similar with the 4.x series patches. Now `render 'foo/bar'`, will add a special key in the options hash, and not use the :file one, so when we look up that file, we don't set the fallbacks, and only lookup a template, to constraint the folders that can be accessed. CVE-2016-2097 | ||||
* | Only accept actions without File::SEPARATOR in the name. | Rafael Mendonça França | 2014-05-05 | 1 | -3/+25 |
| | | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130 | ||||
* | Shush uninitialized @_layout warning | Jeremy Kemper | 2012-09-28 | 1 | -1/+1 |
| | |||||
* | Fix #5440 - multiple render_to_string breaks partials formats | Piotr Sarnacki | 2012-03-17 | 1 | -0/+1 |
| | | | | | | | | | This fixes situation where rendering template to string sets `rendered_format` to the format rendered there. This is ok to have consistent formats rendered in partials, but it breaks on next renders if format is explicitly set or on last render where default format does not necessarily need to be the format of first rendered template. | ||||
* | Fix layout method doc formatting | Alexey Vakhov | 2012-03-13 | 1 | -2/+1 |
| | |||||
* | Remove unecessary config_accessors. | José Valim | 2011-12-24 | 1 | -7/+1 |
| | |||||
* | Add a test case for layout nil. | José Valim | 2011-12-20 | 1 | -1/+2 |
| | |||||
* | Default relative_url_root to ENV["RAILS_RELATIVE_URL_ROOT"]. Fixes #3365 | Piotrek Okoński | 2011-12-12 | 1 | -1/+1 |
| | |||||
* | Fix extend -> include. | José Valim | 2011-12-09 | 1 | -1/+1 |
| | |||||
* | Deprecate implicit layout lookup in favor of inheriting the _layout config. | José Valim | 2011-12-09 | 1 | -32/+86 |
| | |||||
* | Just use the proc if there is a chance of layout lookup. | José Valim | 2011-12-08 | 1 | -5/+6 |
| | |||||
* | Optimize layout lookup to avoid double calls. | José Valim | 2011-12-08 | 2 | -25/+27 |
| | |||||
* | Some small optimizations and improvements to benchmark code. | José Valim | 2011-12-08 | 1 | -6/+1 |
| | |||||
* | Allow layout fallback when using `layout` method | Prem Sichanugrist | 2011-12-06 | 1 | -25/+34 |
| | | | | | | | | | | | | Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. For example, consider this snippet: class CarsController layout 'single_car', :only => :show end Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions. | ||||
* | Rely on a public contract between railties instead of accessing railtie ↵ | José Valim | 2011-11-23 | 1 | -2/+2 |
| | | | | methods directly. | ||||
* | Fixed stale doc in AbstractController::Layouts | Dalibor Nasevic | 2011-11-06 | 1 | -12/+5 |
| | |||||
* | Fix comment in AbstractController callbacks | Alexey Vakhov | 2011-10-06 | 1 | -2/+2 |
| | |||||
* | Ensure default_asset_host_protocol is respected, closes #2980. | José Valim | 2011-10-05 | 1 | -1/+2 |
| | |||||
* | TestCase should respect the view_assigns API instead of pulling variables on ↵ | José Valim | 2011-10-02 | 1 | -2/+2 |
| | | | | its own. | ||||
* | Merge branch 'master' of github.com:lifo/docrails | Xavier Noria | 2011-08-13 | 1 | -18/+102 |
|\ | | | | | | | | | | | | | | | | | | | | | Conflicts: RELEASING_RAILS.rdoc actionpack/lib/sprockets/railtie.rb actionpack/test/template/sprockets_helper_test.rb activerecord/test/cases/calculations_test.rb railties/guides/source/3_1_release_notes.textile railties/guides/source/active_resource_basics.textile railties/guides/source/command_line.textile | ||||
| * | update abstract_controller callbacks to document meta-programmed filters | geemus | 2011-08-13 | 1 | -18/+102 |
| | | |||||
| * | Remove unused use_sprockets config | Santiago Pastorino | 2011-08-13 | 1 | -1/+1 |
| | | |||||
* | | adding missing require to fist railties tests | Aaron Patterson | 2011-08-09 | 1 | -0/+2 |
| | | |||||
* | | deprecating process_view_paths | Aaron Patterson | 2011-08-09 | 1 | -1/+1 |
| | | |||||
* | | avoid object creation via useless duping and freezing | Aaron Patterson | 2011-08-09 | 1 | -3/+2 |
| | | |||||
* | | Array#+ automatically dups, no double duping | Aaron Patterson | 2011-08-09 | 1 | -2/+2 |
| | | |||||
* | | Remove unused use_sprockets config | Santiago Pastorino | 2011-07-25 | 1 | -1/+1 |
|/ | |||||
* | Don't do remove_possible_method when delegate is used. Two reasons: 1) ↵ | Jon Leighton | 2011-07-18 | 1 | -1/+2 |
| | | | | warnings should be shown, and fixed at the source and 2) the code is slow. Fixes #1937. | ||||
* | use present tense on examples | Matt Jankowski | 2011-06-21 | 1 | -5/+5 |
| | |||||
* | remove extra space and clarify how an exception is made for controller wide ↵ | Matt Jankowski | 2011-06-21 | 1 | -3/+3 |
| | | | | layouts | ||||
* | reorder layout selection examples to occur in the order that the code does, ↵ | Matt Jankowski | 2011-06-21 | 1 | -5/+6 |
| | | | | and provide more detail on why each selection is made | ||||
* | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 2 | -2/+2 |
| | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-05-14 | 1 | -0/+6 |
|\ | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt | ||||
| * | minor edits after going through what's new in docrails | Xavier Noria | 2011-05-14 | 1 | -4/+4 |
| | | |||||
| * | added docs for AbC::UrlFor and AC::UrlFor. | Nick Sutterer | 2011-05-12 | 1 | -0/+6 |
| | | |||||
* | | better styling on #available_action? docs | Sebastian Martinez | 2011-05-06 | 1 | -2/+2 |
| | | |||||
* | | Revert to old semantics, use available_action? instead of action_method?. | José Valim | 2011-05-06 | 2 | -15/+27 |
| | | |||||
* | | More updates to ivars list. | José Valim | 2011-05-06 | 2 | -4/+4 |
| | | |||||
* | | Move variables to underscore format, update protected instance variables list. | José Valim | 2011-05-06 | 2 | -7/+23 |
|/ | |||||
* | More AV::Base cleanup. | José Valim | 2011-05-04 | 1 | -15/+3 |
| | |||||
* | Move prefixes to view paths as they are now a lookup context dependency. | José Valim | 2011-05-04 | 3 | -23/+24 |
| | |||||
* | Also allow prefixes as third argument to lookup context. | José Valim | 2011-05-04 | 1 | -3/+1 |
| | |||||
* | no @controller dependency in Renderers. | Nick Sutterer | 2011-05-04 | 1 | -1/+1 |
| | |||||
* | controller's prefixes are now added to LookupContext. | Nick Sutterer | 2011-05-03 | 1 | -2/+5 |
| | |||||
* | Add a shared entry point for AV and AC render which can be used as extension ↵ | José Valim | 2011-05-03 | 1 | -5/+1 |
| | | | | in the future. | ||||
* | Introduce view renderer. | José Valim | 2011-05-01 | 1 | -2/+11 |
| | |||||
* | Make ActionController::Base.modules_for_helpers and ↵ | Piotr Sarnacki | 2011-04-25 | 1 | -11/+11 |
| | | | | ActionController::Base.all_helpers_from_path public methods | ||||
* | Do not inherit from Rack::Response, remove a shit-ton of unused code. | José Valim | 2011-04-19 | 1 | -7/+1 |
| | |||||
* | Slightly reorganize rendering stack. | José Valim | 2011-04-18 | 1 | -6/+25 |
| | |||||
* | render :once, YAGNI. | José Valim | 2011-04-15 | 1 | -1/+1 |
| |