aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/abstract_controller
Commit message (Collapse)AuthorAgeFilesLines
* Complete work on 3.2 for render_data_leak patch.Arthur Neves2016-02-291-2/+1
| | | | | | | | | | | | | | | | | | Render could leak access to external files before this patch. A previous patch(CVE-2016-0752), attempted to fix this. However the tests were miss-placed outside the TestCase subclass, so they were not running. We should allow :file to be outside rails root, but anything else must be inside the rails view directory. The implementation has changed a bit though. Now the patch is more similar with the 4.x series patches. Now `render 'foo/bar'`, will add a special key in the options hash, and not use the :file one, so when we look up that file, we don't set the fallbacks, and only lookup a template, to constraint the folders that can be accessed. CVE-2016-2097
* Only accept actions without File::SEPARATOR in the name.Rafael Mendonça França2014-05-051-3/+25
| | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130
* Shush uninitialized @_layout warningJeremy Kemper2012-09-281-1/+1
|
* Fix #5440 - multiple render_to_string breaks partials formatsPiotr Sarnacki2012-03-171-0/+1
| | | | | | | | | This fixes situation where rendering template to string sets `rendered_format` to the format rendered there. This is ok to have consistent formats rendered in partials, but it breaks on next renders if format is explicitly set or on last render where default format does not necessarily need to be the format of first rendered template.
* Fix layout method doc formattingAlexey Vakhov2012-03-131-2/+1
|
* Remove unecessary config_accessors.José Valim2011-12-241-7/+1
|
* Add a test case for layout nil.José Valim2011-12-201-1/+2
|
* Default relative_url_root to ENV["RAILS_RELATIVE_URL_ROOT"]. Fixes #3365Piotrek Okoński2011-12-121-1/+1
|
* Fix extend -> include.José Valim2011-12-091-1/+1
|
* Deprecate implicit layout lookup in favor of inheriting the _layout config.José Valim2011-12-091-32/+86
|
* Just use the proc if there is a chance of layout lookup.José Valim2011-12-081-5/+6
|
* Optimize layout lookup to avoid double calls.José Valim2011-12-082-25/+27
|
* Some small optimizations and improvements to benchmark code.José Valim2011-12-081-6/+1
|
* Allow layout fallback when using `layout` methodPrem Sichanugrist2011-12-061-25/+34
| | | | | | | | | | | | Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. For example, consider this snippet: class CarsController layout 'single_car', :only => :show end Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
* Rely on a public contract between railties instead of accessing railtie ↵José Valim2011-11-231-2/+2
| | | | methods directly.
* Fixed stale doc in AbstractController::LayoutsDalibor Nasevic2011-11-061-12/+5
|
* Fix comment in AbstractController callbacksAlexey Vakhov2011-10-061-2/+2
|
* Ensure default_asset_host_protocol is respected, closes #2980.José Valim2011-10-051-1/+2
|
* TestCase should respect the view_assigns API instead of pulling variables on ↵José Valim2011-10-021-2/+2
| | | | its own.
* Merge branch 'master' of github.com:lifo/docrailsXavier Noria2011-08-131-18/+102
|\ | | | | | | | | | | | | | | | | | | | | Conflicts: RELEASING_RAILS.rdoc actionpack/lib/sprockets/railtie.rb actionpack/test/template/sprockets_helper_test.rb activerecord/test/cases/calculations_test.rb railties/guides/source/3_1_release_notes.textile railties/guides/source/active_resource_basics.textile railties/guides/source/command_line.textile
| * update abstract_controller callbacks to document meta-programmed filtersgeemus2011-08-131-18/+102
| |
| * Remove unused use_sprockets configSantiago Pastorino2011-08-131-1/+1
| |
* | adding missing require to fist railties testsAaron Patterson2011-08-091-0/+2
| |
* | deprecating process_view_pathsAaron Patterson2011-08-091-1/+1
| |
* | avoid object creation via useless duping and freezingAaron Patterson2011-08-091-3/+2
| |
* | Array#+ automatically dups, no double dupingAaron Patterson2011-08-091-2/+2
| |
* | Remove unused use_sprockets configSantiago Pastorino2011-07-251-1/+1
|/
* Don't do remove_possible_method when delegate is used. Two reasons: 1) ↵Jon Leighton2011-07-181-1/+2
| | | | warnings should be shown, and fixed at the source and 2) the code is slow. Fixes #1937.
* use present tense on examplesMatt Jankowski2011-06-211-5/+5
|
* remove extra space and clarify how an exception is made for controller wide ↵Matt Jankowski2011-06-211-3/+3
| | | | layouts
* reorder layout selection examples to occur in the order that the code does, ↵Matt Jankowski2011-06-211-5/+6
| | | | and provide more detail on why each selection is made
* Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-232-2/+2
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-141-0/+6
|\ | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt
| * minor edits after going through what's new in docrailsXavier Noria2011-05-141-4/+4
| |
| * added docs for AbC::UrlFor and AC::UrlFor.Nick Sutterer2011-05-121-0/+6
| |
* | better styling on #available_action? docsSebastian Martinez2011-05-061-2/+2
| |
* | Revert to old semantics, use available_action? instead of action_method?.José Valim2011-05-062-15/+27
| |
* | More updates to ivars list.José Valim2011-05-062-4/+4
| |
* | Move variables to underscore format, update protected instance variables list.José Valim2011-05-062-7/+23
|/
* More AV::Base cleanup.José Valim2011-05-041-15/+3
|
* Move prefixes to view paths as they are now a lookup context dependency.José Valim2011-05-043-23/+24
|
* Also allow prefixes as third argument to lookup context.José Valim2011-05-041-3/+1
|
* no @controller dependency in Renderers.Nick Sutterer2011-05-041-1/+1
|
* controller's prefixes are now added to LookupContext.Nick Sutterer2011-05-031-2/+5
|
* Add a shared entry point for AV and AC render which can be used as extension ↵José Valim2011-05-031-5/+1
| | | | in the future.
* Introduce view renderer.José Valim2011-05-011-2/+11
|
* Make ActionController::Base.modules_for_helpers and ↵Piotr Sarnacki2011-04-251-11/+11
| | | | ActionController::Base.all_helpers_from_path public methods
* Do not inherit from Rack::Response, remove a shit-ton of unused code.José Valim2011-04-191-7/+1
|
* Slightly reorganize rendering stack.José Valim2011-04-181-6/+25
|
* render :once, YAGNI.José Valim2011-04-151-1/+1
|