| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| |
|
|
|
| |
* Fixes typos in error message and release notes.
* Removes unused template test file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Conceptually revert #20276
The feature was implemented for the `responders` gem. In the end,
they did not need that feature, and have found a better fix (see
plataformatec/responders#131).
`ImplicitRender` is the place where Rails specifies our default
policies for the case where the user did not explicitly tell us
what to render, essentially describing a set of heuristics. If
the gem (or the user) knows exactly what they want, they could
just perform the correct `render` to avoid falling through to
here, as `responders` did (the user called `respond_with`).
Reverting the patch allows us to avoid exploding the complexity
and defining “the fallback for a fallback” policies.
2. `respond_to` and templates are considered exhaustive enumerations
If the user specified a list of formats/variants in a `respond_to`
block, anything that is not explicitly included should result
in an `UnknownFormat` error (which is then caught upstream to
mean “406 Not Acceptable” by default). This is already how it
works before this commit.
Same goes for templates – if the user defined a set of templates
(usually in the file system), that set is now considered exhaustive,
which means that “missing” templates are considered `UnknownFormat`
errors (406).
3. To keep API endpoints simple, the implicit render behavior for
actions with no templates defined at all (regardless of formats,
locales, variants, etc) are defaulted to “204 No Content”. This
is a strictly narrower version of the feature landed in #19036 and
#19377.
4. To avoid confusion when interacting in the browser, these actions
will raise an `UnknownFormat` error for “interactive” requests
instead. (The precise definition of “interactive” requests might
change – the spirit here is to give helpful messages and avoid
confusions.)
Closes #20666, #23062, #23077, #23564
[Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
|
| |
|
|
| |
- Fixes #23822.
|
| |\
| |
| |
| | |
Give Sessions Indifferent Access
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Abstract Controller is the common component between Action Mailer and
Action Controller so if we need to share the caching component it need
to be there.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
and ActionController to include it
|
| | |
| |
| |
| | |
action_dispatch/caching/fragments
|
| | |
| |
| |
| |
| |
| | |
After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem.
Closes #23766
|
| |\ \
| | |
| | | |
Improve the performance of string xor operation
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use `each_byte` instead of `bytes` to speed up string xor operation and
reduce object allocations.
Inspired by commit 02c3867882d6d23b10df262a6db5f937ca69fb53.
``` ruby
require 'benchmark/ips'
require 'allocation_tracer'
a = 32.times.map { rand(256) }.pack('C*')
b = 32.times.map { rand(256) }.pack('C*')
def xor_byte_strings1(s1, s2)
s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*')
end
def xor_byte_strings2(s1, s2)
s2_bytes = s2.bytes
s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*')
end
def xor_byte_strings3(s1, s2)
s2_bytes = s2.bytes
s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 }
s2_bytes.pack('C*')
end
fail if xor_byte_strings1(a, b) != xor_byte_strings2(a, b)
fail if xor_byte_strings1(a, b) != xor_byte_strings3(a, b)
Benchmark.ips do |x|
x.report('xor_byte_strings1') { xor_byte_strings1(a, b) }
x.report('xor_byte_strings2') { xor_byte_strings2(a, b) }
x.report('xor_byte_strings3') { xor_byte_strings3(a, b) }
x.compare!
end
Tracer = ObjectSpace::AllocationTracer
Tracer.setup(%i{type})
p xor_byte_strings1: Tracer.trace { xor_byte_strings1(a, b) }
p xor_byte_strings2: Tracer.trace { xor_byte_strings2(a, b) }
p xor_byte_strings3: Tracer.trace { xor_byte_strings3(a, b) }
```
```
Warming up --------------------------------------
xor_byte_strings1 10.668k i/100ms
xor_byte_strings2 11.814k i/100ms
xor_byte_strings3 13.139k i/100ms
Calculating -------------------------------------
xor_byte_strings1 116.667k (± 3.1%) i/s - 586.740k
xor_byte_strings2 129.932k (± 4.3%) i/s - 649.770k
xor_byte_strings3 142.506k (± 4.2%) i/s - 722.645k
Comparison:
xor_byte_strings3: 142506.3 i/s
xor_byte_strings2: 129932.4 i/s - 1.10x slower
xor_byte_strings1: 116666.8 i/s - 1.22x slower
{:xor_byte_strings1=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}}
{:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}}
{:xor_byte_strings3=>{[:T_ARRAY]=>[1, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}}
```
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Creating a protected getter method for `@parameters`.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While iterating an AC::Parameters object, the object will mutate itself
and stick AC::Parameters objects where there used to be hashes:
https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632
If you use `permit` after this iteration, the `fields_for_style` method
wouldn't return true because the child objects are now AC::Parameters
objects rather than Hashes.
fixes #23701
|
| | | |
| | |
| | |
| | |
| | | |
we need to continue setting the body on the request object because of
Fiber based streaming templates. Fixes #23659
|
| |/ /
| |
| |
| | |
Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
|
| | |
| |
| |
| | |
`NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
|
| | |
| |
| |
| |
| | |
We don't need to use active support in this case because we know the
type that will be returned.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
[aaron@TC rails (master)]$ cat xor.rb
a = "\x14b\"\xB4P8\x05\x8D\xC74\xC3\xEC}\xFDf\x8E!h\xCF^\xBF\xA5%\xC6\xF0\xA9\xF9x\x04\xFA\xF1\x82"
b = "O.\xF7\x01\xA9D\xA3\xE1D\x7FU\x85\xFC\x8Ak\e\x04\x8A\x97\x91\xD01\x02\xA4G\x1EIf:Y\x0F@"
def xor_byte_strings(s1, s2)
s1.bytes.zip(s2.bytes).map { |(c1,c2)| c1 ^ c2 }.pack('c*')
end
def xor_byte_strings2(s1, s2)
s2_bytes = s2.bytes
s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*')
end
require 'benchmark/ips'
require 'allocation_tracer'
Benchmark.ips do |x|
x.report 'xor_byte_strings' do
xor_byte_strings a, b
end
x.report 'xor_byte_strings2' do
xor_byte_strings2 a, b
end
end
ObjectSpace::AllocationTracer.setup(%i{type})
result = ObjectSpace::AllocationTracer.trace do
xor_byte_strings a, b
end
p :xor_byte_strings => result
ObjectSpace::AllocationTracer.clear
result = ObjectSpace::AllocationTracer.trace do
xor_byte_strings2 a, b
end
p :xor_byte_strings2 => result
[aaron@TC rails (master)]$ ruby -I~/git/allocation_tracer/lib xor.rb
Calculating -------------------------------------
xor_byte_strings 10.087k i/100ms
xor_byte_strings2 11.339k i/100ms
-------------------------------------------------
xor_byte_strings 108.386k (± 5.8%) i/s - 544.698k
xor_byte_strings2 122.239k (± 3.0%) i/s - 612.306k
{:xor_byte_strings=>{[:T_ARRAY]=>[38, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}}
{:xor_byte_strings2=>{[:T_ARRAY]=>[3, 0, 0, 0, 0, 0], [:T_DATA]=>[1, 0, 0, 0, 0, 0], [:T_IMEMO]=>[2, 0, 0, 0, 0, 0], [:T_STRING]=>[2, 0, 0, 0, 0, 0]}}
```
|
| |\ \
| | |
| | | |
fix 'method redefined' warnings
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| | |
Most importantly, the original request thread must yield its share lock
while waiting for the live thread to commit -- otherwise a request's
base and live threads can deadlock against each other.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Referencing Rails.env without checking if it's defined couples
us to Railties.
Fix by avoiding the line breaks if we don't have an env check
to rely on.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Tests can (and do) access the database from the main thread. In this
case they were starting a transaction, then making a request. The
request would create a new thread, which would allocate a new database
connection. Since the main thread started a transaction that contains
data that the new thread wants to see, the new thread would not see it
due to data visibility from transactions. Spawning the new thread in
production is fine because middleware should not be doing database
manipulation similar to the test harness. Before 603fe20c it was
possible to set the database connection id based on a thread local, but
603fe20c changes the connection lookup code to never look at the
"connection id" but only at the thread object itself. Without that
indirection, we can't force threads to use the same connection pool as
another thread.
Fixes #23483
|
| | |
| |
| |
| | |
- Fixes #23428.
|
| |/
|
|
|
|
|
|
|
| |
There are some cases when the `body` in `response_body=` can be set to
nil. One of those cases is in `actionpack-action_caching` which I found
while upgrading it for Rails 5.
It's not possible to run `body.each` on a `nil` body so we have to
return after we run `response.reset_body!`.
|
| |
|
| |
and remove unecessary spaces in string interpolation.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| | |
| |
| |
| |
| |
| | |
this will avoid timing attacks against applications that use basic auth.
CVE-2015-7576
|
| | |
| |
| |
| |
| |
| |
| | |
[ci skip]
Fixes #20808
[Vipul A M & Julio Lopez]
|
| |\ \
| | |
| | | |
Fix `ActionController::Parameters#==` bug
|
| | | |
| | |
| | |
| | | |
See bug #21032.
|
| | | | |
|
| | | | |
|
| |/ /
| |
| |
| |
| | |
- Fixes bug #23142.
- Bug was occurring only with ActionController::API, because `_process_options` wasn't being run for API requests, even though it was being run for normal app requests.
|
| | | |
|
| | |
| |
| | |
It's reasonable to expose different value readers.
|
| | |
| |
| |
| | |
We can provide a more flexible upgrade experience by warning users they are using unsafe methods instead of forcing the safe API by deprecating before removal. This PR provides this functionality.
|
| | |
| |
| |
| |
| | |
Empty strings / data structures should be treated differently than nils.
We don't really need these calls here (don't pass in blank strings).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of checking whether the class has recycle! or not, we can just
always add the method to all controller classes when the test harness is
loaded. Technically this means that the controller test harness will
not work with controllers that do not inherit from AC::Metal, but then,
I'm not sure that is supported anyway.
Mixing in the module one will ensure that we don't break method caches,
and eliminates a runtime check so it should speed up tests (slightly).
|
| | |
| |
| |
| |
| |
| | |
Fixes #23026
See discussion at #23026
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Per-form CSRF tokens
|
