aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http
Commit message (Collapse)AuthorAgeFilesLines
* These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o ↵Egor Homakov2012-06-131-3/+0
| | | | | | them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job.
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-2/+4
|
* both string and sumbol will be interpolated as string no need to convert to_sganesh2012-06-111-3/+3
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-3/+10
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-05-151-3/+0
|\ | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/asset_tag_helper.rb
| * Removing ==Examples and last blank lines of docs from actionpackFrancesco Rodriguez2012-05-151-3/+0
| |
* | Autoload ActionDispatch::Request::Session to avoid circular require.Andrew White2012-05-131-1/+2
|/
* Merge branch 'master' into sessionAaron Patterson2012-05-042-7/+12
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (55 commits) extract deprecated dynamic methods Add some docs and changelog entry Allow overriding exception handling in threaded consumer Allow configuring a different queue consumer actually don't need to expand the aggregates at all #to_sym is unnecessary de-globalise method extract code from AR::Base clean up implementation of dynamic methods. use method compilation etc. Fix ActiveModel README example mention database mapping in getting started guide Remove vestiges of the http_only! config from configuring guide Remove content-length as well Make ActionController#head pass rack-link RouteSet: optimize routes generation when globbing is used Allows assert_redirected_to to accept a regular expression use extract_options! No need to force conversion to Symbol since case ensures it's already one. No need to work around 1.8 warnings anymore. Update command line guide ...
| * Reset the request parameters after a constraints checkAndrew White2012-05-021-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510.
| * Enable ActionDispatch::Http::Headers to support fetchMark Turner2012-05-021-7/+8
| |
* | bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookupsAaron Patterson2012-05-031-2/+3
|/
* Fix rdoc formatting in Mime::TypeMark Rushakoff2012-04-291-5/+5
|
* Remove unnecessary empty line José Valim2012-04-251-1/+0
|
* ActionDispatch::HTTP::Url#url_for refactor methodBogdan Gusiev2012-04-241-20/+26
| | | | | Separated right side url generation(before query string) from left side url generation(after query string)
* Add missing requires in routesBogdan Gusiev2012-04-231-0/+2
|
* Fix comment in AD http responseAlexey Vakhov2012-04-131-1/+1
| | | | response in integration test accessible without @ via attr_reader
* Fix example action dispatch in mime typeAlexey Vakhov2012-04-071-1/+1
|
* adds delegetion for eof? to AD::Http::UploadedFileJens Fahnenbruck2012-03-271-1/+1
| | | | | if you want to read the file you may need to ask if there is something to read from
* Revert "Return an actual boolean from xml_http_request?"Xavier Noria2012-03-251-1/+1
| | | | | | | | | | | | | | Reason: This commit changes code that was committed some year and a half ago. The original code is an ordinary predicate that delegates straight to a boolean operator with no further unnecessaru adorments, as clearly explained in #5329. This change also may confuse users who may now believe they can rely now on singletons, while predicates in Rails rely on standard Ruby semantics for boolean values and guarantee no singletons whatsover. This reverts commit 6349791d5aaf652631b29f1371701fc2985fda83.
* Return an actual boolean from xml_http_request?Tim Pope2012-03-231-1/+1
|
* Add ActionController::HTTPSantiago Pastorino2012-03-141-2/+7
| | | | | | More info http://edgeguides.rubyonrails.org/api_app.html [Carlos Antonio da Silva & Santiago Pastorino]
* Refactor AD::UploadedFile, and raise sooner if tempfile is not presentCarlos Antonio da Silva2012-03-061-8/+6
|
* Added parsing of arbitrary media type parameters.Steve Klabnik2012-03-051-3/+3
| | | | | | Based on #4918. Related to #4127.
* Optimize path helpers.José Valim2012-03-021-1/+3
|
* reduced localhost check to two method callsAaron Patterson2012-02-281-2/+3
|
* Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-0/+6
| | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* Merge pull request #3479 from arvida/ensure-date-header-on-expires-inJosé Valim2012-02-181-0/+14
|\ | | | | Ensure Date header on expires_in
| * Added accessor methods for Date headerarvida2011-10-311-0/+14
| |
* | Merge pull request #3305 from cjolly/request_filtered_envJeremy Kemper2012-02-131-1/+1
|\ \ | | | | | | Exclude rack.request.form_vars from request.filtered_env
| * | Exclude rack.request.form_vars from request.filtered_envChad Jolly2012-01-181-1/+1
| | |
* | | Correctly handle single media with q value. Fixes #736.Scott W. Bradley2012-02-061-1/+3
| | |
* | | Add 'image/pjpeg' format used by IE Antonio Tapiador2012-01-291-1/+1
|/ / | | | | http://msdn.microsoft.com/en-us/library/ms775147%28v=vs.85%29.aspx#_replace
* | Deprecate RAILS_CACHE constant.kennyj2012-01-181-3/+2
| |
* | Delegate subdomain method to the URL module, removing duplicationCarlos Antonio da Silva2012-01-121-1/+1
| |
* | Simplify named host logic and missing host condition checkCarlos Antonio da Silva2012-01-121-2/+2
| |
* | Extract ip host regexp to a constantCarlos Antonio da Silva2012-01-121-1/+3
| |
* | Change more Array.wrap to Kernel#ArrayRafael Mendonça França2012-01-051-1/+1
| |
* | remove checks for encodings availabilitySergey Nartimov2011-12-251-1/+1
| |
* | deprecate String#encoding_aware? and remove its usageSergey Nartimov2011-12-242-4/+2
| |
* | Merge pull request #4094 from lest/remove-1-8-codeJosé Valim2011-12-211-8/+1
|\ \ | | | | | | remove check for string from request body setter
| * | remove check for string from request body setterlest2011-12-211-8/+1
| | | | | | | | | | | | it was required on ruby 1.8
* | | Add original_fullpath and original_url methods to RequestPiotr Sarnacki2011-12-211-0/+8
|/ /
* | Allow symbols to be passed for extension aliasesJustin Campbell2011-12-171-1/+1
| |
* | Fix url_for options[:subdomain] to allow objects as valueschoonkeat2011-12-141-1/+1
| | | | | | | | * e.g. blog_url(subdomain: current_user) instead of blog_url(subdomain: current_user.to_param)
* | use Array#join so that file encoding doesn't impact returned string.Aaron Patterson2011-12-121-3/+3
| | | | | | | | Fixes #3957
* | Remove dead broken code from AD::RequestJosé Valim2011-12-081-8/+0
| |
* | Use freezed string constant. Some string literals is used repeatedly.kennyj2011-12-083-24/+40
| |
* | Use default charset when we read content type without charset.kennyj2011-12-071-1/+1
| |
* | Fix ActionDispatch::Request method explanationsTravis Pew2011-11-281-5/+5
| | | | | | | | | | | | | | | | The methods, "post?", "put?", "head?", etc. contain an incorrect explanation. They state that they are equivalent to request_method == :type, but this is not accurate because the methods convert the string to a symbol. They are actually equivalent to: request_method_symbol == :type