aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/request.rb
Commit message (Collapse)AuthorAgeFilesLines
* edit pass over all warningsXavier Noria2014-10-281-1/+1
| | | | | | | | | | | | | | | This patch uniformizes warning messages. I used the most common style already present in the code base: * Capitalize the first word. * End the message with a full stop. * "Rails 5" instead of "Rails 5.0". * Backticks for method names and inline code. Also, converted a few long strings into the new heredoc convention.
* Request#check_method no longer breaks when :en is not available localeStefan Henzen2014-10-091-1/+1
| | | | | | | | Request#check_method would use to_sentence(locale: :en), which breaks when I18n.available_locales does not include :en and I18n.enforce_available_locales is true (default). Inlined to_sentence functionality to solve this.
* Rescue Rack::Utils::ParameterTypeError instead of TypeErrorYuki Nishijima2014-09-131-2/+2
| | | | | | | | As of rack/rack@167b6480235ff00ed5f355698bf00ec2f250f72e, Rack raises Rack::Utils::ParameterTypeError which inherits TypeError. In terms of the behavior, Rescuing TypeError still works but this method shouldn't rescue if TypeError is raised for other reasons.
* Avoid duplicating routes for HEAD requests.Guo Xiang Tan2014-08-211-0/+6
| | | | | | | | Follow up to rails#15321 Instead of duplicating the routes, we will first match the HEAD request to HEAD routes. If no match is found, we will then map the HEAD request to GET routes.
* Protect against error when parsing parameters with Bad RequestRafael Mendonça França2014-08-191-2/+2
| | | | Related with #11795.
* use 'based on' instead of 'based off' [ci skip]Akshay Vishnoi2014-08-121-1/+1
|
* LOCALHOST definition should match any 127.0.0.0/8 addressEarl J St Sauver2014-07-181-1/+1
| | | | | | | | | | | | | | | The entire 127.0.0.0/8 range is assigned to the loopback address, not only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8 loopback address. The only place that the #local? method was previously under test was in the show_expectations_test.rb file. I don't particularly like that that's implicitly where this code is under test, and I feel like I should move some of that testing code into the test/dispatch/request_test.rb file, but I wanted some feedback first. Credit goes to @sriedel for discovering the issue and adding the patch.
* makes it sound less misleadingShunsukeAida2014-07-021-2/+2
|
* Merge pull request #15349 from tgxworld/remove_duplicated_method_callRafael Mendonça França2014-06-031-2/+2
|\ | | | | Remove duplicated HashWithIndifferentAccess#with_indifferent_access.
| * Remove duplicated HashWithIndifferentAccess#with_indifferent_access.Guo Xiang Tan2014-05-261-2/+2
| |
* | move path_parameter encoding check to the request objectAaron Patterson2014-05-271-0/+11
|/
* Add RFC4791 MKCALENDAR methodkasper2014-05-151-1/+3
|
* [ci skip] Add documentation for original_fullpath.Lauro Caetano2014-03-111-0/+7
|
* Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
|
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* :scissors: [ci skip]Carlos Antonio da Silva2013-11-041-3/+0
|
* Code style for privacy indentionDavid Heinemeier Hansson2013-11-031-8/+8
|
* Ensure backwards compability after the #deep_munge extractionDavid Heinemeier Hansson2013-11-031-0/+10
|
* Normalize file parameters in same place as other parameters ↵robertomiranda2013-08-141-1/+0
| | | | (ActionDispatch::Http::Parameters#normalize_encode_params)
* Use helper method to get ENV['CONTENT_LENGTH']Paul Nikitochkin2013-07-081-1/+1
|
* Extract ActionDispatch::Request#deep_mungeGenadi Samokovarov2013-05-301-17/+2
| | | | | | | | | ActionDispatch::Request#deep_munge was introduced as a private method, but was turned into a public one for the use of ActionDispatch::ParamsParser. I have extracted it into ActionDispatch::Request::Utils, so it does not get mixed up with the Request public methods.
* Remove mentions of "app" from http request docs [ci skip]Carlos Antonio da Silva2013-03-191-12/+10
|
* UTF-8 encode all keys and values in nested params hash.Teo Hui Ming2013-03-151-2/+2
|
* Add extra clarifying line in docs. [ci skip]Steve Klabnik2013-03-131-0/+1
|
* Fix docs: response -> request.Steve Klabnik2013-03-131-2/+2
| | | | Even though I read it carefully, my brain tricked me. :cry:
* Add documentation to ActionDispatch::RequestGareth Rees2013-03-131-0/+16
|
* adding missing requiresAaron Patterson2013-01-091-0/+8
|
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-081-3/+4
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-081-4/+3
| | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-071-3/+4
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Needless requiresAkira Matsuda2013-01-061-4/+0
|
* Fix rewinding in ActionDispatch::Request#raw_postMatt Venables2012-12-111-2/+3
| | | | | | | | | If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to the result of #body (which will return env['rack.input'] if env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind the result of another call to #body. Since env['RAW_POST_DATA'] has already been set, the result of #body is not env['rack.input'] anymore. This causes env['rack.input'] to never be rewound.
* give access to the original exception raised in case of a parse errorAaron Patterson2012-10-251-2/+2
|
* do not lose backtrace information from the raised exceptionAaron Patterson2012-10-251-10/+6
|
* eagerly populate the http method loookup cache so we don't need locksAaron Patterson2012-10-181-1/+7
|
* Properly reset the session on reset_sessionSteve Klabnik2012-08-311-2/+5
| | | | Fixes #7478
* initialize instance variablesAaron Patterson2012-08-091-0/+11
|
* Remove ActionDispatch::Head middleware in favor of Rack::HeadSantiago Pastorino2012-07-231-2/+2
| | | | Closes #7110 there's more work to do on rack-cache issue 69
* These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o ↵Egor Homakov2012-06-131-3/+0
| | | | | | them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job.
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-2/+4
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-3/+10
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Autoload ActionDispatch::Request::Session to avoid circular require.Andrew White2012-05-131-1/+2
|
* bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookupsAaron Patterson2012-05-031-2/+3
|
* Revert "Return an actual boolean from xml_http_request?"Xavier Noria2012-03-251-1/+1
| | | | | | | | | | | | | | Reason: This commit changes code that was committed some year and a half ago. The original code is an ordinary predicate that delegates straight to a boolean operator with no further unnecessaru adorments, as clearly explained in #5329. This change also may confuse users who may now believe they can rely now on singletons, while predicates in Rails rely on standard Ruby semantics for boolean values and guarantee no singletons whatsover. This reverts commit 6349791d5aaf652631b29f1371701fc2985fda83.
* Return an actual boolean from xml_http_request?Tim Pope2012-03-231-1/+1
|
* reduced localhost check to two method callsAaron Patterson2012-02-281-2/+3
|
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-0/+6
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* remove checks for encodings availabilitySergey Nartimov2011-12-251-1/+1
|
* Add original_fullpath and original_url methods to RequestPiotr Sarnacki2011-12-211-0/+8
|