aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
Commit message (Collapse)AuthorAgeFilesLines
...
* | remove yaml as a param parser :burn:Aaron Patterson2013-01-081-2/+0
| | | | | | | | | | If you revert this commit, I will hunt you down, I will make you regret ever terrible thing you've ever done, I will make you suffer.
* | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* | Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-081-2/+2
| | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* | Merge branch 'master-sec'Aaron Patterson2013-01-081-2/+2
|\ \ | | | | | | | | | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-01-092-9/+17
|\ \ \ | | | | | | | | | | | | | | | | Conflicts: guides/source/getting_started.md
| * | | extract alert= and notice= examples to FlashHash#now [ci skip]Francesco Rodriguez2013-01-031-17/+15
| | | |
| * | | Add examples `alert=` and `notice=`, using memeslambda_2013-01-031-0/+10
| | | |
| * | | Change `Example for` to `Example of`lambda_2013-01-031-2/+2
| | | |
* | | | Eliminate Rack::File headers deprecation warningSam Ruby2013-01-081-1/+1
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html rake test produces: "Rack::File headers parameter replaces cache_control after Rack 1.5." Despite what the message says, it appears that the hearders parameter change will be effective as of Rack 1.5: https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24
* | | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| |/ |/| | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | refactor ShowExceptions' #call to use def-rescue instead of begin-rescueGosha Arinich2013-01-071-7/+4
| |
* | remove begin-rescue in favor of def-rescueGosha Arinich2013-01-071-10/+9
| |
* | Fix operators precedence issueRafael Mendonça França2013-01-061-1/+1
| |
* | Merge pull request #8787 from tank-bohr/masterRafael Mendonça França2013-01-061-2/+2
|\ \ | | | | | | masgn and response variable
| * | return multiple assingment and response variabletank-bohr2013-01-071-2/+2
| | |
* | | Merge pull request #8785 from goshakkk/refactor-debug-exceptionsRafael Mendonça França2013-01-061-2/+1
|\ \ \ | |/ / |/| | Refactor DebugExceptions
| * | refactor DebugExceptions by combining two conditionals into oneGosha Arinich2013-01-071-2/+1
| | |
* | | Reduce number of Strings a bitAkira Matsuda2013-01-071-3/+3
|/ /
* | fix for rbxtank-bohr2013-01-071-2/+2
| | | | | | | | | | | | | | | | | | Rubinius returns a boolean after such assingment response = (_, headers, body = @app.call(env)) see https://github.com/rubinius/rubinius/issues/2117 get rid of a local variable
* | Rename route_wrapper partial layout to tableCarlos Antonio da Silva2013-01-061-0/+0
| | | | | | | | | | | | It is used by the table formatter only, and it's already inside a routes directory that namespaces it properly, so calling it just "table" seems simpler.
* | Move table routes formatter class to the inspector and rename itCarlos Antonio da Silva2013-01-062-19/+1
| | | | | | | | | | | | | | It feels more consistent to have this class called "HtmlTableFormatter", and to have it here with the routes inspector and console formatter, since it's used for both routing error exceptions and the rails info page.
* | Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
| |
* | Close container div tag in routing error pageCarlos Antonio da Silva2013-01-051-9/+11
| |
* | Move style to head to make routes page valid html5Carlos Antonio da Silva2013-01-052-4/+6
| |
* | display mountable engine routes on RoutingError.Yves Senn2013-01-052-8/+23
| |
* | Allow use of durations for ActionDispatch::SSL configurationAndrew White2013-01-041-1/+1
| |
* | Remove unnecessary `ERB::Util::h`Ryunosuke SATO2013-01-057-17/+17
| | | | | | | | It is automatically applied when strings is unsafe for html.
* | Suppress warning about IO#lines in Ruby 2.0Ryunosuke SATO2013-01-041-1/+1
| | | | | | | | actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:99: IO#lines is deprecated; use #each_line instead
* | move error page js into script tagGosha Arinich2013-01-043-5/+27
| |
* | Merge pull request #8713 from goshakkk/better-error-pageGuillermo Iguaran2013-01-032-12/+10
|\ \ | | | | | | Fix env toggling, improve error page styling
| * | fix env toggling, improve error page stylingGosha Arinich2013-01-032-12/+10
| | |
* | | Explain the possible precautionsAndre Arko2013-01-021-3/+4
| | |
* | | Restore original remote_ip algorithm.Andre Arko2013-01-021-53/+112
|/ / | | | | | | | | | | | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* | Fixing closing </p>Guillermo Iguaran2013-01-021-1/+1
| |
* | Fix a number of validation/style errors:Sam Ruby2013-01-022-8/+7
| | | | | | | | | | | | | | | | | | | | * <pre> is not allowed to be nested inside of <p> elements in HTML * Indentation of </p> doesn't match corresponding <p> * <p> element not explicitly closed * One more </div> than <div> In each case, the template was fixed to match how a HTML5 parser would "see" the resulting page.
* | Merge pull request #8688 from goshakkk/error-page-toggleGuillermo Iguaran2013-01-021-3/+3
|\ \ | | | | | | Allow toggling dumps on error page
| * | allow toggling dumps instead of just showingGosha Arinich2013-01-021-3/+3
| | |
* | | Cleanup some unnecessary CSS on the new error page and reformat some lines.Lucas Mazza2013-01-021-12/+13
| | |
* | | add source line paddingGosha Arinich2013-01-021-0/+4
|/ /
* | remove meaningless AS::FrozenObjectErrorAkira Matsuda2013-01-021-1/+0
| |
* | Fix indent in UnknownAction templateGuillermo Iguaran2013-01-011-1/+1
|/
* Summary and Details HTML elements aren't supported in all modern browsersGuillermo Iguaran2012-12-312-12/+12
|
* Add style to AV::Template::Error exception pageGuillermo Iguaran2012-12-312-14/+42
|
* Improve line-height to have better line spacing in exception messageGuillermo Iguaran2012-12-311-0/+1
|
* Add new style to Routing Error pageGuillermo Iguaran2012-12-311-19/+22
|
* Styling for exception pageGuillermo Iguaran2012-12-316-29/+150
|
* Add source extract to detailed exception pageGuillermo Iguaran2012-12-314-2/+34
|
* Define [], []=, permanent, signed and encrypted as the only allowed methods ↵Santiago Pastorino2012-12-301-9/+57
| | | | for the non Raw Cookie classes
* We need to check explictly that env['action_dispatch.show_exceptions']Rafael Mendonça França2012-12-261-1/+1
| | | | | | is false. If it is nil we can't raise the exception
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 21:28:46 +0000