aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-10-211-17/+42
|\ | | | | | | | | | | Conflicts: activesupport/lib/active_support/core_ext/hash/slice.rb guides/source/active_support_core_extensions.md
| * add a nested attributes example into Strong Parameters documentation [ci skip]Francesco Rodriguez2012-10-181-6/+31
| |
| * remove some non-breaking spaces [ci skip]Francesco Rodriguez2012-10-181-13/+13
| |
* | There is already a Set of non-hidden action_names lying around.thedarkone2012-10-181-8/+2
| |
* | Permit string and float values in the multiparameter attributesRafael Mendonça França2012-10-181-1/+1
| |
* | warning removed: shadowing outer local variable - valueArun Agrawal2012-10-121-2/+2
| |
* | update AC::Parameters#permit documentation [ci skip]Francesco Rodriguez2012-10-111-0/+22
| | | | | | | | bdd105d changes the behaviour of AC::Parameters#permit.
* | When executing permit with just a key that points to a hash, DO NOT allow ↵Santiago Pastorino2012-10-121-1/+4
|/ | | | | | | | | | | | | | all the hash params.require(:person).permit(:projects_attributes) was returning => {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}} When should return => {} You should be doing ... params.require(:person).permit(projects_attributes: :name) to get just the projects attributes you want to allow
* We don't need the each call since grep take a block and yield each matchRafael Mendonça França2012-10-061-1/+1
| | | | | | to the block. Thanks @tenderlove
* Allow parameter filters to match multi-parameter attributesRafael Mendonça França2012-10-051-0/+1
| | | | | | | This will make easier to permit date/time attributes generated by helpers like date_select. [Sven Schwyn + Rafael Mendonça França]
* ActionController::Parameters#permit! is recursiveBrendan Loudermilk2012-10-041-0/+5
|
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-09-282-30/+34
|\ | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/asset_tag_helper.rb
| * update AC::ConditionalGet documentation [ci skip]Francesco Rodriguez2012-09-221-27/+31
| |
| * remove AC::Parameters reference [ci skip]Francesco Rodriguez2012-09-211-1/+1
| |
| * fix typos in AC::StrongParameters documentation [ci skip]Francesco Rodriguez2012-09-211-2/+2
| |
* | Is not needed to wrap name inside an array hereSantiago Pastorino2012-09-271-1/+1
| |
* | Change key not found to param not foundSantiago Pastorino2012-09-271-6/+6
|/
* fix typos and improve AC::StrongParameters documentation [ci skip]Francesco Rodriguez2012-09-201-6/+8
|
* update AC::StrongParameters documentationFrancesco Rodriguez2012-09-191-8/+53
|
* define permitted? method instead of use an alias to fix rdocFrancesco Rodriguez2012-09-191-2/+12
|
* update AC::Parameters documentation [ci skip]Francesco Rodriguez2012-09-191-1/+149
|
* update AC::ParameterMissing documentation [ci skip]Francesco Rodriguez2012-09-191-2/+9
|
* update AC::ParamsWrapper documentation [ci skip]Francesco Rodriguez2012-09-191-3/+4
|
* fix shadowing outer local variable warningSergey Nartimov2012-09-191-3/+3
|
* AC::ParameterMissing inherits from KeyError since it's more appropiated than ↵Guillermo Iguaran2012-09-161-1/+1
| | | | IndexError
* Support fields_for attributes, which may have numeric symbols as hash keysGuillermo Iguaran2012-09-161-0/+4
|
* Add config.action_controller.permit_all_attributes to bypass ↵Guillermo Iguaran2012-09-161-1/+2
| | | | StrongParameters protection
* Remove integration between attr_accessible/protected and ↵Guillermo Iguaran2012-09-161-7/+2
| | | | AC::Metal::ParamsWrapper
* Integrate ActionController::Parameters from StrongParameters gemGuillermo Iguaran2012-09-161-0/+120
|
* Build fix for ActionMailerArun Agrawal2012-09-141-0/+1
| | | | | | See http://travis-ci.org/#!/rails/rails/jobs/2444632
* Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-22/+70
| | | | | | | | It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does).
* Use merge! to merge additional options onto default optionsCarlos Antonio da Silva2012-09-071-4/+3
|
* Fix example code: use tasks instead of commentsErik Behrends2012-09-021-1/+1
|
* Sprockets-rails tests failDmitry Vorotilin2012-09-011-13/+0
| | | | | | | Method invalid_asset_host! was delegated to controller but sprockets compile assets in their own scope without controller. And if we set asset_host with second parameter it should raise error through invalid_asset_host!. But since controller is nil it cannot be reached.
* Instrumentation requires RackDelegationJosé Valim2012-08-301-0/+1
| | | Since it uses request and response methods
* Fixes warning: & interpreted as argument prefixkennyj2012-08-301-1/+1
|
* Use class_attribute so we dont bleedDavid Heinemeier Hansson2012-08-291-1/+6
|
* Added controller-level etag additions that will be part of the action etag ↵David Heinemeier Hansson2012-08-291-4/+34
| | | | computation *Jeremy Kemper/DHH*
* Add Missing Keys from Journey on failed URL formatschneems2012-08-281-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Many named routes have keys that are required to successfully resolve. If a key is left off like this: <%= link_to 'user', user_path %> This will produce an error like this: No route matches {:action=>"show", :controller=>"users"} Since we know that the :id is missing, we can add extra debugging information to the error message. No route matches {:action=>"show", :controller=>"users"} missing required keys: [:id] This will help new and seasoned developers look closer at their parameters. I've also subclassed the routing error to be clear that this error is a result of attempting to generate a url and not because the user is trying to visit a bad url. While this may sound trivial this error message is misleading and confuses most developers. The important part isn't what's in the options its's what's missing. Adding this information to the error message will make debugging much more obvious. This is the sister pull request of https://github.com/rails/journey/pull/44 which will be required to get they missing keys into the correct error message. Example Development Error in Rails: http://cl.ly/image/3S0T0n1T3421
* No need to use included hook for includePiotr Sarnacki2012-08-281-3/+1
| | | | | When module is extended ActiveSupport::Concern, include calls are lazily loaded, so there is no need to wrap it with included hook.
* Remove dependency on actionpack in ActionView::AssetPathsPiotr Sarnacki2012-08-281-0/+15
| | | | | | Since Action View should not depend on actionpack, it's best to delegate invalid_asset_host! to controller and just rely on such simple contract instead of raising ActionController::RoutingError directly.
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-08-161-2/+2
|\
| * Minor language fix. [ci skip]Erich Menge2012-08-151-2/+2
| |
* | push header merge down to a private method so that live responses can have ↵Aaron Patterson2012-08-131-5/+4
| | | | | | | | their own header object
* | live response headers can be merged with a hashAaron Patterson2012-08-131-0/+4
| |
* | Missing closing tagEllis Berner2012-08-121-1/+1
| |
* | Fix handling SCRIPT_NAME from within mounted engine'sPiotr Sarnacki2012-08-111-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you mount your application at a path, for example /myapp, server should set SCRIPT_NAME to /myapp. With such information, rails application knows that it's mounted at /myapp path and it should generate routes relative to that path. Before this patch, rails handled SCRIPT_NAME correctly only for regular apps, but it failed to do it for mounted engines. The solution was to hardcode default_url_options[:script_name], which is not the best answer - it will work only when application is mounted at a fixed path. This patch fixes the situation by respecting original value of SCRIPT_NAME when generating application's routes from engine and the other way round - when you generate engine's routes from application. This is done by using one of 2 pieces of information in env - current SCRIPT_NAME or SCRIPT_NAME for a corresponding router. This is because we have 2 cases to handle: - generating engine's route from application: in this situation SCRIPT_NAME is basically SCRIPT_NAME set by the server and it indicates the place where application is mounted, so we can just pass it as :original_script_name in url_options. :original_script_name is used because if we use :script_name, router will ignore generating prefix for engine - generating application's route from engine: in this situation we already lost information about the SCRIPT_NAME that server used. For example if application is mounted at /myapp and engine is mounted at /blog, at this point SCRIPT_NAME is equal /myapp/blog. Because of that we need to keep reference to /myapp SCRIPT_NAME by binding it to the current router. Later on we can extract it and use when generating url Please note that starting from now you *should not* use default_url_options[:script_name] explicitly if your server already passes correct SCRIPT_NAME to rack env. (closes #6933)
* | use a sized buffer to prevent the queue being too largeAaron Patterson2012-08-081-10/+10
| |
* | removes usage of Object#in? from the code base (the method remains defined ↵Xavier Noria2012-08-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by Active Support) Selecting which key extensions to include in active_support/rails made apparent the systematic usage of Object#in? in the code base. After some discussion in https://github.com/rails/rails/commit/5ea6b0df9a36d033f21b52049426257a4637028d we decided to remove it and use plain Ruby, which seems enough for this particular idiom. In this commit the refactor has been made case by case. Sometimes include? is the natural alternative, others a simple || is the way you actually spell the condition in your head, others a case statement seems more appropriate. I have chosen the one I liked the most in each case.
* | Renamed _path_segments to _recallBogdan Gusiev2012-08-041-1/+1
|/