| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
them [nil] turns into [] and that is quite innocent.
generated SQL - `IN (NULL)`
compact! did all the job.
|
| |
|
| |
|
|
|
|
|
|
| |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.
The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.
Closes #3051
|
|\
| |
| |
| |
| | |
Conflicts:
actionpack/lib/action_view/helpers/asset_tag_helper.rb
|
| | |
|
|/ |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master: (55 commits)
extract deprecated dynamic methods
Add some docs and changelog entry
Allow overriding exception handling in threaded consumer
Allow configuring a different queue consumer
actually don't need to expand the aggregates at all
#to_sym is unnecessary
de-globalise method
extract code from AR::Base
clean up implementation of dynamic methods. use method compilation etc.
Fix ActiveModel README example
mention database mapping in getting started guide
Remove vestiges of the http_only! config from configuring guide
Remove content-length as well
Make ActionController#head pass rack-link
RouteSet: optimize routes generation when globbing is used
Allows assert_redirected_to to accept a regular expression
use extract_options!
No need to force conversion to Symbol since case ensures it's already one.
No need to work around 1.8 warnings anymore.
Update command line guide
...
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.
To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.
Fixes #2510.
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
| |
Separated right side url generation(before query string)
from left side url generation(after query string)
|
| |
|
|
|
|
| |
response in integration test accessible without @ via attr_reader
|
| |
|
|
|
|
|
| |
if you want to read the file you may need to ask if there is something
to read from
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reason: This commit changes code that was committed some year
and a half ago. The original code is an ordinary predicate
that delegates straight to a boolean operator with no further
unnecessaru adorments, as clearly explained in #5329.
This change also may confuse users who may now believe they can
rely now on singletons, while predicates in Rails rely on
standard Ruby semantics for boolean values and guarantee no
singletons whatsover.
This reverts commit 6349791d5aaf652631b29f1371701fc2985fda83.
|
| |
|
|
|
|
|
|
| |
More info http://edgeguides.rubyonrails.org/api_app.html
[Carlos Antonio da Silva & Santiago Pastorino]
|
| |
|
|
|
|
|
|
| |
Based on #4918.
Related to #4127.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PATCH is the correct HTML verb to map to the #update action. The
semantics for PATCH allows for partial updates, whereas PUT requires a
complete replacement.
Changes:
* adds config.default_method_for_update you can set to :patch
* optionally use PATCH instead of PUT in resource routes and forms
* adds the #patch verb to routes to detect PATCH requests
* adds #patch? to Request
* changes documentation and comments to indicate support for PATCH
This change maintains complete backwards compatibility by keeping :put
as the default for config.default_method_for_update.
|
|\
| |
| | |
Ensure Date header on expires_in
|
| | |
|
|\ \
| | |
| | | |
Exclude rack.request.form_vars from request.filtered_env
|
| | | |
|
| | | |
|
|/ /
| |
| | |
http://msdn.microsoft.com/en-us/library/ms775147%28v=vs.85%29.aspx#_replace
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
remove check for string from request body setter
|
| | |
| | |
| | |
| | | |
it was required on ruby 1.8
|
|/ / |
|
| | |
|
| |
| |
| |
| | |
* e.g. blog_url(subdomain: current_user) instead of blog_url(subdomain: current_user.to_param)
|
| |
| |
| |
| | |
Fixes #3957
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The methods, "post?", "put?", "head?", etc. contain an incorrect
explanation. They state that they are equivalent to request_method ==
:type, but this is not accurate because the methods convert the string
to a symbol. They are actually equivalent to:
request_method_symbol == :type
|