Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | Remove header bloat introduced by BestStandardsSupport middleware | Edward Anderson | 2013-01-15 | 1 | -1/+3 | |
|/ | | | | The same headers were being duplicated on every request. | |||||
* | Fix regression introduced in pull request 8812 | Sam Ruby | 2013-01-11 | 1 | -1/+2 | |
| | | | | See https://github.com/rails/rails/pull/8812#commitcomment-2416514 | |||||
* | Fix json params parsing regression for non-object JSON content. | Dylan Smith | 2013-01-11 | 1 | -2/+2 | |
| | | | | Fixes #8845. | |||||
* | Merge pull request #8824 from mjtko/fix/cookie-store-inheritance | Santiago Pastorino | 2013-01-08 | 2 | -5/+26 | |
|\ | | | | | Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372] | |||||
| * | Revert cb3181e - no longer required. | Mark J. Titorenko | 2013-01-08 | 1 | -2/+0 | |
| | | ||||||
| * | Fix CookieStore middleware inheritance hierarchy s.t. it inherits from ↵ | Mark J. Titorenko | 2013-01-08 | 1 | -3/+26 | |
| | | | | | | | | Rack::Session::Abstract::ID rather than Rack::Session::Cookie. | |||||
* | | remove yaml as a param parser :burn: | Aaron Patterson | 2013-01-08 | 1 | -2/+0 | |
| | | | | | | | | | | If you revert this commit, I will hunt you down, I will make you regret ever terrible thing you've ever done, I will make you suffer. | |||||
* | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | |||||
* | | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 1 | -2/+2 | |
| | | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | |||||
* | | Merge branch 'master-sec' | Aaron Patterson | 2013-01-08 | 1 | -2/+2 | |
|\ \ | | | | | | | | | | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu | |||||
| * | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-07 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | |||||
* | | | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-01-09 | 2 | -9/+17 | |
|\ \ \ | | | | | | | | | | | | | | | | | Conflicts: guides/source/getting_started.md | |||||
| * | | | extract alert= and notice= examples to FlashHash#now [ci skip] | Francesco Rodriguez | 2013-01-03 | 1 | -17/+15 | |
| | | | | ||||||
| * | | | Add examples `alert=` and `notice=`, using memes | lambda_ | 2013-01-03 | 1 | -0/+10 | |
| | | | | ||||||
| * | | | Change `Example for` to `Example of` | lambda_ | 2013-01-03 | 1 | -2/+2 | |
| | | | | ||||||
* | | | | Eliminate Rack::File headers deprecation warning | Sam Ruby | 2013-01-08 | 1 | -1/+1 | |
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html rake test produces: "Rack::File headers parameter replaces cache_control after Rack 1.5." Despite what the message says, it appears that the hearders parameter change will be effective as of Rack 1.5: https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24 | |||||
* | | | Avoid Rack security warning no secret provided | Santiago Pastorino | 2013-01-08 | 1 | -0/+2 | |
| |/ |/| | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie." | |||||
* | | refactor ShowExceptions' #call to use def-rescue instead of begin-rescue | Gosha Arinich | 2013-01-07 | 1 | -7/+4 | |
| | | ||||||
* | | remove begin-rescue in favor of def-rescue | Gosha Arinich | 2013-01-07 | 1 | -10/+9 | |
| | | ||||||
* | | Fix operators precedence issue | Rafael Mendonça França | 2013-01-06 | 1 | -1/+1 | |
| | | ||||||
* | | Merge pull request #8787 from tank-bohr/master | Rafael Mendonça França | 2013-01-06 | 1 | -2/+2 | |
|\ \ | | | | | | | masgn and response variable | |||||
| * | | return multiple assingment and response variable | tank-bohr | 2013-01-07 | 1 | -2/+2 | |
| | | | ||||||
* | | | Merge pull request #8785 from goshakkk/refactor-debug-exceptions | Rafael Mendonça França | 2013-01-06 | 1 | -2/+1 | |
|\ \ \ | |/ / |/| | | Refactor DebugExceptions | |||||
| * | | refactor DebugExceptions by combining two conditionals into one | Gosha Arinich | 2013-01-07 | 1 | -2/+1 | |
| | | | ||||||
* | | | Reduce number of Strings a bit | Akira Matsuda | 2013-01-07 | 1 | -3/+3 | |
|/ / | ||||||
* | | fix for rbx | tank-bohr | 2013-01-07 | 1 | -2/+2 | |
| | | | | | | | | | | | | | | | | | | Rubinius returns a boolean after such assingment response = (_, headers, body = @app.call(env)) see https://github.com/rubinius/rubinius/issues/2117 get rid of a local variable | |||||
* | | Rename route_wrapper partial layout to table | Carlos Antonio da Silva | 2013-01-06 | 1 | -0/+0 | |
| | | | | | | | | | | | | It is used by the table formatter only, and it's already inside a routes directory that namespaces it properly, so calling it just "table" seems simpler. | |||||
* | | Move table routes formatter class to the inspector and rename it | Carlos Antonio da Silva | 2013-01-06 | 2 | -19/+1 | |
| | | | | | | | | | | | | | | It feels more consistent to have this class called "HtmlTableFormatter", and to have it here with the routes inspector and console formatter, since it's used for both routing error exceptions and the rails info page. | |||||
* | | Remove suggestion that Procs can be used as session secrets. | James Coglan | 2013-01-05 | 1 | -7/+4 | |
| | | ||||||
* | | Close container div tag in routing error page | Carlos Antonio da Silva | 2013-01-05 | 1 | -9/+11 | |
| | | ||||||
* | | Move style to head to make routes page valid html5 | Carlos Antonio da Silva | 2013-01-05 | 2 | -4/+6 | |
| | | ||||||
* | | display mountable engine routes on RoutingError. | Yves Senn | 2013-01-05 | 2 | -8/+23 | |
| | | ||||||
* | | Allow use of durations for ActionDispatch::SSL configuration | Andrew White | 2013-01-04 | 1 | -1/+1 | |
| | | ||||||
* | | Remove unnecessary `ERB::Util::h` | Ryunosuke SATO | 2013-01-05 | 7 | -17/+17 | |
| | | | | | | | | It is automatically applied when strings is unsafe for html. | |||||
* | | Suppress warning about IO#lines in Ruby 2.0 | Ryunosuke SATO | 2013-01-04 | 1 | -1/+1 | |
| | | | | | | | | actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:99: IO#lines is deprecated; use #each_line instead | |||||
* | | move error page js into script tag | Gosha Arinich | 2013-01-04 | 3 | -5/+27 | |
| | | ||||||
* | | Merge pull request #8713 from goshakkk/better-error-page | Guillermo Iguaran | 2013-01-03 | 2 | -12/+10 | |
|\ \ | | | | | | | Fix env toggling, improve error page styling | |||||
| * | | fix env toggling, improve error page styling | Gosha Arinich | 2013-01-03 | 2 | -12/+10 | |
| | | | ||||||
* | | | Explain the possible precautions | Andre Arko | 2013-01-02 | 1 | -3/+4 | |
| | | | ||||||
* | | | Restore original remote_ip algorithm. | Andre Arko | 2013-01-02 | 1 | -53/+112 | |
|/ / | | | | | | | | | | | | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979 | |||||
* | | Fixing closing </p> | Guillermo Iguaran | 2013-01-02 | 1 | -1/+1 | |
| | | ||||||
* | | Fix a number of validation/style errors: | Sam Ruby | 2013-01-02 | 2 | -8/+7 | |
| | | | | | | | | | | | | | | | | | | | | * <pre> is not allowed to be nested inside of <p> elements in HTML * Indentation of </p> doesn't match corresponding <p> * <p> element not explicitly closed * One more </div> than <div> In each case, the template was fixed to match how a HTML5 parser would "see" the resulting page. | |||||
* | | Merge pull request #8688 from goshakkk/error-page-toggle | Guillermo Iguaran | 2013-01-02 | 1 | -3/+3 | |
|\ \ | | | | | | | Allow toggling dumps on error page | |||||
| * | | allow toggling dumps instead of just showing | Gosha Arinich | 2013-01-02 | 1 | -3/+3 | |
| | | | ||||||
* | | | Cleanup some unnecessary CSS on the new error page and reformat some lines. | Lucas Mazza | 2013-01-02 | 1 | -12/+13 | |
| | | | ||||||
* | | | add source line padding | Gosha Arinich | 2013-01-02 | 1 | -0/+4 | |
|/ / | ||||||
* | | remove meaningless AS::FrozenObjectError | Akira Matsuda | 2013-01-02 | 1 | -1/+0 | |
| | | ||||||
* | | Fix indent in UnknownAction template | Guillermo Iguaran | 2013-01-01 | 1 | -1/+1 | |
|/ | ||||||
* | Summary and Details HTML elements aren't supported in all modern browsers | Guillermo Iguaran | 2012-12-31 | 2 | -12/+12 | |
| | ||||||
* | Add style to AV::Template::Error exception page | Guillermo Iguaran | 2012-12-31 | 2 | -14/+42 | |
| |