Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Backport fixes about #7774 to 3-2-stable | maximerety | 2013-03-05 | 1 | -2/+2 |
| | | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string. | ||||
* | fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ↵ | Aditya Sanghi | 2013-01-16 | 1 | -1/+6 |
| | | | | dispatch logic | ||||
* | Remove unnecessary caching of ParameterFilter | Andrew White | 2013-01-12 | 1 | -3/+1 |
| | |||||
* | Merge branch '3-2-sec' into 3-2-secmerge | Aaron Patterson | 2013-01-08 | 1 | -6/+4 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md | ||||
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -6/+4 |
| | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu | ||||
* | | Backport #8701, do not append a second slash with `trailing_slash: true` | Yves Senn | 2013-01-02 | 1 | -1/+5 |
| | | |||||
* | | Merge pull request #8490 from mattv/fix_request_raw_post | Rafael Mendonça França | 2012-12-11 | 1 | -2/+3 |
|/ | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md | ||||
* | Since File instance doesn't respond to #open use a double to test the | Rafael Mendonça França | 2012-09-30 | 1 | -1/+1 |
| | | | | behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb | ||||
* | Array parameters should not contain nil values. | Aaron Patterson | 2012-06-11 | 1 | -2/+4 |
| | |||||
* | Strip [nil] from parameters hash. | Aaron Patterson | 2012-05-30 | 1 | -0/+22 |
| | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660 | ||||
* | Reset the request parameters after a constraints check | Andrew White | 2012-05-03 | 1 | -0/+4 |
| | | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510. (cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b) | ||||
* | backporting #4918 to 3.2 stable; adding extra test for accept header given ↵ | Aditya Sanghi | 2012-02-17 | 1 | -1/+3 |
| | | | | by googlebot | ||||
* | Add original_fullpath and original_url methods to Request | Piotr Sarnacki | 2012-01-10 | 1 | -0/+8 |
| | |||||
* | Allow symbols to be passed for extension aliases | Justin Campbell | 2011-12-17 | 1 | -1/+1 |
| | |||||
* | Fix url_for options[:subdomain] to allow objects as values | choonkeat | 2011-12-14 | 1 | -1/+1 |
| | | | | * e.g. blog_url(subdomain: current_user) instead of blog_url(subdomain: current_user.to_param) | ||||
* | use Array#join so that file encoding doesn't impact returned string. | Aaron Patterson | 2011-12-12 | 1 | -3/+3 |
| | | | | Fixes #3957 | ||||
* | Remove dead broken code from AD::Request | José Valim | 2011-12-08 | 1 | -8/+0 |
| | |||||
* | Use freezed string constant. Some string literals is used repeatedly. | kennyj | 2011-12-08 | 3 | -24/+40 |
| | |||||
* | Use default charset when we read content type without charset. | kennyj | 2011-12-07 | 1 | -1/+1 |
| | |||||
* | Fix ActionDispatch::Request method explanations | Travis Pew | 2011-11-28 | 1 | -5/+5 |
| | | | | | | | | The methods, "post?", "put?", "head?", etc. contain an incorrect explanation. They state that they are equivalent to request_method == :type, but this is not accurate because the methods convert the string to a symbol. They are actually equivalent to: request_method_symbol == :type | ||||
* | Merge pull request #3617 from indirect/remote_ip | José Valim | 2011-11-13 | 1 | -18/+1 |
|\ | | | | | refactor RemoteIp middleware | ||||
| * | refactor RemoteIp middleware | Andre Arko | 2011-11-11 | 1 | -18/+1 |
| | | | | | | | | | | | | | | | | | | | | | | - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. | ||||
* | | Unneeded require memoizable | Akira Matsuda | 2011-11-12 | 1 | -2/+0 |
|/ | |||||
* | Fix trouble using :subdomain in development environment when using ↵ | Bradford Folkens | 2011-11-08 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | numeric addresses. See-also pull request #3561 from 3-1-stable Otherwise the following occurs: TypeError: can't convert nil into String /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:75:in host_or_subdomain_and_domain' /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:37:in url_for' /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/routing/url_for.rb:147:in test_subdomain_may_be_accepted_with_numeric_host' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/testing/setup_and_teardown.rb:67:in run' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:426:in send' /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:81:in run' | ||||
* | Added X-Request-Id tracking and TaggedLogging to easily log that and other ↵ | David Heinemeier Hansson | 2011-10-19 | 1 | -0/+10 |
| | | | | production concerns | ||||
* | / is allowed in URI fragments | Jeremy Kemper | 2011-10-13 | 1 | -1/+1 |
| | |||||
* | Clean up subdomain code a bit. | José Valim | 2011-10-04 | 1 | -2/+2 |
| | |||||
* | :subdomain can now be specified with a value of false in url_for, allowing ↵ | Kamil Sobieraj | 2011-10-04 | 1 | -3/+5 |
| | | | | for subdomain(s) removal from the host during link generation. Closes #2025 | ||||
* | Implement Mime::Type#respond_to? (consistently with #method_missing) | Evgeniy Dolzhenko | 2011-09-25 | 1 | -0/+4 |
| | |||||
* | removing backwards compatibility module | Aaron Patterson | 2011-09-12 | 1 | -1/+1 |
| | |||||
* | Refactor ActionDispatch::Http::UploadedFile | Daniel Schierbeck | 2011-08-28 | 1 | -14/+3 |
| | |||||
* | document meta method | Vijay Dev | 2011-08-04 | 1 | -3/+3 |
| | |||||
* | Check Accept and Content-Type headers before evaluating them in xhr ↵ | ogeidix | 2011-07-19 | 1 | -1/+2 |
| | | | | | | requests. Closes #2119 An xhr request must have an "Accept" or "Content-type" header in order to be considered a request with valid_accept_header. | ||||
* | TODO fix explicitly loading exceptations, autoload removed | Vishnu Atrai | 2011-07-11 | 1 | -0/+1 |
| | |||||
* | Fix test to use Mime::Zip | Arun Agrawal | 2011-06-28 | 1 | -3/+3 |
| | |||||
* | Register some commonly used mime types (png, jpeg, pdf, zip etc.) per default | Esad Hajdarevic | 2011-06-28 | 1 | -0/+12 |
| | |||||
* | Remove usage of memoizable from ActionPack. | José Valim | 2011-06-16 | 1 | -3/+3 |
| | |||||
* | all requests are utf-8. Don't use the external encoding. | Damien Mathieu | 2011-06-14 | 1 | -3/+2 |
| | |||||
* | encode the uploaded file's name in the default external encoding - Closes #869 | Damien Mathieu | 2011-06-14 | 1 | -1/+12 |
| | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-05-25 | 2 | -5/+5 |
|\ | | | | | | | | | | | Conflicts: actionmailer/lib/action_mailer/base.rb activesupport/lib/active_support/core_ext/kernel/requires.rb | ||||
| * | Remove extra white spaces on ActionPack docs. | Sebastian Martinez | 2011-05-23 | 2 | -5/+5 |
| | | |||||
* | | removed deprecated methods, and related tests, from ActionPack | Josh Kalderimis | 2011-05-24 | 2 | -30/+1 |
| | | |||||
* | | Make :status an attr_reader to avoid unnecessary warning when replacing status= | wycats | 2011-05-22 | 1 | -1/+2 |
|/ | |||||
* | Dump and load rack-cache stuff. | José Valim | 2011-05-17 | 1 | -2/+6 |
| | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-05-14 | 1 | -1/+1 |
|\ | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt | ||||
| * | minor correction to the ActionDispatch::Http::URL subdomain docs | Josh Kalderimis | 2011-05-04 | 1 | -1/+1 |
| | | |||||
* | | Fix previous commit by allowing a proc to be given as response_body. This is ↵ | José Valim | 2011-05-10 | 2 | -29/+53 |
| | | | | | | | | deprecated and is going to be removed in future releases. | ||||
* | | Only show dump of regular env methods on exception screen (not all the rack ↵ | David Heinemeier Hansson | 2011-05-04 | 1 | -4/+5 |
|/ | | | | crap) [DHH] | ||||
* | Fix .subdomain regression. | José Valim | 2011-05-04 | 1 | -1/+1 |
| | |||||
* | More performance optimizations. | José Valim | 2011-05-03 | 1 | -5/+0 |
| |