| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.
Also mentions in guides were added.
|
| |\
| |
| |
| |
| |
| |
| | |
Add configuration option to optionally disable deep_munge
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
|
| |/
|
|
|
|
| |
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
ActionDispatch::Request#deep_munge was introduced as a private method,
but was turned into a public one for the use of
ActionDispatch::ParamsParser.
I have extracted it into ActionDispatch::Request::Utils, so it does not
get mixed up with the Request public methods.
|
| |
|
|
|
|
| |
All ActionPack and Railties tests are passing. Closes #8891.
[Carlos Antonio da Silva + Santiago Pastorino]
|
| |\
| |
| | |
Properly reset the session on reset_session
|
| | |
| |
| |
| |
| |
| |
| | |
Use load_for_write! to ensure a refresh of the session object.
This way the new session_id and the empty data will be stored properly.
E.g. in the case of the session cookie store this means that a new
digest will be returned to the user.
|
| | | |
|
| |/
|
|
| |
SessionHash isn't a thing, and tenses are wrong.
|
| |
|
|
| |
ActionDispatch::Request::Session#values
|
| | |
|
| |
|
