| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
It is automatically applied when strings is unsafe for html.
|
|
|
|
| |
actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:99: IO#lines is deprecated; use #each_line instead
|
| |
|
|\
| |
| | |
Fix env toggling, improve error page styling
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* <pre> is not allowed to be nested inside of <p> elements in HTML
* Indentation of </p> doesn't match corresponding <p>
* <p> element not explicitly closed
* One more </div> than <div>
In each case, the template was fixed to match how a HTML5 parser would "see"
the resulting page.
|
|\
| |
| | |
Allow toggling dumps on error page
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
for the non Raw Cookie classes
|
|
|
|
|
|
| |
is false.
If it is nil we can't raise the exception
|
| |
|
|
|
|
| |
Remove/add ; where necessary, fix indentation.
|
|
|
|
|
|
|
|
|
| |
When someone gets a routing exception, the routes are rendered (starting in Rails 4.0). This PR brings parity between the html routes in the `rails/info/routes` path and when rendered from an exception. This is the continuation of #8521 which brought html formatted routes.
In addition to bringing parity to the two views, we're keeping our views DRY by rendering off of the same partials. In this case Railties depends on partials provided by ActionDispatch. I'm open to alternative implementations. Ideally both views will use the same code so any improvements or updates to it will be reproduced on both.
<hr />
![](http://f.cl.ly/items/3O1D0K1v0j0i343O3T3T/Screen%20Shot%202012-12-17%20at%203.07.20%20PM.png)
|
| |
|
| |
|
|
|
|
| |
This reverts commit 90c887fa7d0c454b7533e208daefc342dea4d5f3.
|
| |
|
|\
| |
| | |
Store FlashHashes in the session as plain hashes
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
with unstable class names and instance variables.
Refactor FlashHash to take values for its ivars in the constructor, to pretty up FlashHash.from_session_value.
Remove stale comment on FlashHash: it is no longer Marshaled in the session so we can change its implementation.
Remove blank lines I introduced in controller/test_case.rb.
Unit tests for FlashHash#to_session_value.
Put in a compatibility layer to accept FlashHash serializations from Rails 3.0+.
Test that Rails 3.2 session flashes are correctly converted to the new format.
Remove code path for processing Rails 3.0 FlashHashes since they can no longer deserialize.
Fix session['flash'] deletion condition: it will never be empty?, it will either be nil or a hash with 'discard' and 'flashes' keys.
|
| | |
|
| |
| |
| |
| |
| | |
I suck at English, please help me reviewing this <3 <3 <3
[ci skip]
|
| |
| |
| |
| |
| |
| | |
This allows easy upgrading from the old signed Cookie Store <= 3.2
or the deprecated one in 4.0 (the ones that doesn't use key derivation)
to the new one that signs using key derivation
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Encrypted cookies
|
| | |
| | |
| | |
| | |
| | | |
Developers must set config.secret_key_base in
config/initializers/secret_token.rb
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
How to use it?
cookies.encrypted[:discount] = 45
=> Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
cookies.encrypted[:discount]
=> 45
|
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 36376560fdd02f955ae3bf6b7792b784443660ad, reversing
changes made to 3148ed9a4bb7efef30b846dc945d73ceebcc3f0f.
Conflicts:
actionpack/lib/action_dispatch/middleware/flash.rb
Reason: it broke Sam's CI
https://github.com/rails/rails/pull/8017#issuecomment-10210655
|
| | |
|
|\ \
| | |
| | | |
Store FlashHashes in the session as plain hashes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
with unstable class names and instance variables.
Refactor FlashHash to take values for its ivars in the constructor, to pretty up FlashHash.from_session_value.
Remove stale comment on FlashHash: it is no longer Marshaled in the session so we can change its implementation.
Remove blank lines I introduced in controller/test_case.rb.
Unit tests for FlashHash#to_session_value.
Put in a compatibility layer to accept FlashHash serializations from Rails 3.0+.
Test that Rails 3.2 session flashes are correctly converted to the new format.
Remove code path for processing Rails 3.0 FlashHashes since they can no longer deserialize.
|