aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/request.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add RFC4791 MKCALENDAR methodkasper2014-05-151-1/+3
|
* [ci skip] Add documentation for original_fullpath.Lauro Caetano2014-03-111-0/+7
|
* Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
|
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* :scissors: [ci skip]Carlos Antonio da Silva2013-11-041-3/+0
|
* Code style for privacy indentionDavid Heinemeier Hansson2013-11-031-8/+8
|
* Ensure backwards compability after the #deep_munge extractionDavid Heinemeier Hansson2013-11-031-0/+10
|
* Normalize file parameters in same place as other parameters ↵robertomiranda2013-08-141-1/+0
| | | | (ActionDispatch::Http::Parameters#normalize_encode_params)
* Use helper method to get ENV['CONTENT_LENGTH']Paul Nikitochkin2013-07-081-1/+1
|
* Extract ActionDispatch::Request#deep_mungeGenadi Samokovarov2013-05-301-17/+2
| | | | | | | | | ActionDispatch::Request#deep_munge was introduced as a private method, but was turned into a public one for the use of ActionDispatch::ParamsParser. I have extracted it into ActionDispatch::Request::Utils, so it does not get mixed up with the Request public methods.
* Remove mentions of "app" from http request docs [ci skip]Carlos Antonio da Silva2013-03-191-12/+10
|
* UTF-8 encode all keys and values in nested params hash.Teo Hui Ming2013-03-151-2/+2
|
* Add extra clarifying line in docs. [ci skip]Steve Klabnik2013-03-131-0/+1
|
* Fix docs: response -> request.Steve Klabnik2013-03-131-2/+2
| | | | Even though I read it carefully, my brain tricked me. :cry:
* Add documentation to ActionDispatch::RequestGareth Rees2013-03-131-0/+16
|
* adding missing requiresAaron Patterson2013-01-091-0/+8
|
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-081-3/+4
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-081-4/+3
| | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-071-3/+4
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Needless requiresAkira Matsuda2013-01-061-4/+0
|
* Fix rewinding in ActionDispatch::Request#raw_postMatt Venables2012-12-111-2/+3
| | | | | | | | | If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to the result of #body (which will return env['rack.input'] if env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind the result of another call to #body. Since env['RAW_POST_DATA'] has already been set, the result of #body is not env['rack.input'] anymore. This causes env['rack.input'] to never be rewound.
* give access to the original exception raised in case of a parse errorAaron Patterson2012-10-251-2/+2
|
* do not lose backtrace information from the raised exceptionAaron Patterson2012-10-251-10/+6
|
* eagerly populate the http method loookup cache so we don't need locksAaron Patterson2012-10-181-1/+7
|
* Properly reset the session on reset_sessionSteve Klabnik2012-08-311-2/+5
| | | | Fixes #7478
* initialize instance variablesAaron Patterson2012-08-091-0/+11
|
* Remove ActionDispatch::Head middleware in favor of Rack::HeadSantiago Pastorino2012-07-231-2/+2
| | | | Closes #7110 there's more work to do on rack-cache issue 69
* These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o ↵Egor Homakov2012-06-131-3/+0
| | | | | | them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job.
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-2/+4
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-3/+10
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Autoload ActionDispatch::Request::Session to avoid circular require.Andrew White2012-05-131-1/+2
|
* bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookupsAaron Patterson2012-05-031-2/+3
|
* Revert "Return an actual boolean from xml_http_request?"Xavier Noria2012-03-251-1/+1
| | | | | | | | | | | | | | Reason: This commit changes code that was committed some year and a half ago. The original code is an ordinary predicate that delegates straight to a boolean operator with no further unnecessaru adorments, as clearly explained in #5329. This change also may confuse users who may now believe they can rely now on singletons, while predicates in Rails rely on standard Ruby semantics for boolean values and guarantee no singletons whatsover. This reverts commit 6349791d5aaf652631b29f1371701fc2985fda83.
* Return an actual boolean from xml_http_request?Tim Pope2012-03-231-1/+1
|
* reduced localhost check to two method callsAaron Patterson2012-02-281-2/+3
|
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-0/+6
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* remove checks for encodings availabilitySergey Nartimov2011-12-251-1/+1
|
* Add original_fullpath and original_url methods to RequestPiotr Sarnacki2011-12-211-0/+8
|
* Remove dead broken code from AD::RequestJosé Valim2011-12-081-8/+0
|
* Fix ActionDispatch::Request method explanationsTravis Pew2011-11-281-5/+5
| | | | | | | | The methods, "post?", "put?", "head?", etc. contain an incorrect explanation. They state that they are equivalent to request_method == :type, but this is not accurate because the methods convert the string to a symbol. They are actually equivalent to: request_method_symbol == :type
* refactor RemoteIp middlewareAndre Arko2011-11-111-18/+1
| | | | | | | | | | | - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
* Added X-Request-Id tracking and TaggedLogging to easily log that and other ↵David Heinemeier Hansson2011-10-191-0/+10
| | | | production concerns
* document meta methodVijay Dev2011-08-041-3/+3
|
* TODO fix explicitly loading exceptations, autoload removedVishnu Atrai2011-07-111-0/+1
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-05-251-3/+3
|\ | | | | | | | | | | Conflicts: actionmailer/lib/action_mailer/base.rb activesupport/lib/active_support/core_ext/kernel/requires.rb
| * Remove extra white spaces on ActionPack docs.Sebastian Martinez2011-05-231-3/+3
| |
* | removed deprecated methods, and related tests, from ActionPackJosh Kalderimis2011-05-241-7/+1
|/
* Only show dump of regular env methods on exception screen (not all the rack ↵David Heinemeier Hansson2011-05-041-4/+5
| | | | crap) [DHH]
* Add missing deprecation requireCarlos Antonio da Silva2011-02-111-0/+1
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 00:27:39 +0000