| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
This fixes a bug where session.keys and session.values return an empty
array unless one of the other methods that does lazy loading from the
underlying store is called first. #keys and #values should also
call #load_for_read!
|
| |
|
|
|
|
|
|
|
|
| |
This commit changes `parameter_encoding` to `skip_parameter_encoding`.
`skip_parameter_encoding` will set encoding on all parameters to
ASCII-8BIT for a given action on a particular controller. This allows
the controller to handle data when the encoding of that data is unknown,
for example file systems or truly binary parameters.
|
|\
| |
| | |
Add missing `+` around a some literals.
|
| |
| |
| |
| |
| |
| | |
Mainly around `nil`
[ci skip]
|
|/ |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding the `each` method is required for ensuring compatibility between
Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted
within Rails, and wish to use its session tooling. Prior to this, there
was an inconsistency between ActionDispatch::Request::Session and
Rack::Session::Cookie, due to the absence of the `each` method. This
should hopefully fix that error. :)
For a full integration test with Sinatra and a standalone Rack
application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470.
Solves #15843.
|
|
|
|
|
|
|
| |
This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing
changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39.
This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Converting nbsp(\u{00A0}) to the normal ASCII space(\u{0020})
[ci skip]
|
| |
|
| |
|
|
|
|
|
|
| |
Just include the modules necessary in the Request object to implement
the things we need. This should make it easier to build delegate
request objects because the API is smaller
|
|
|
|
|
| |
This commit allows us to use one request object rather than allocating
multiple request objects to deal with the session.
|
| |
|
|
|
|
|
| |
Now that we have encoding strategies, we can just walk the params hash
once to encode as HWIA, and remove nils.
|
|
|
|
| |
we'll refactor deep munge mostly out of existence shortly
|
|
|
|
| |
This should have been done along with 8f8ccb9901cab457c6e1d52bdb25acf658fd5777
|
|
|
|
|
| |
I want to decouple Rails from the rack ENV as much as possible. We
should try to keep as few references to the env as possible
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.
Also mentions in guides were added.
|
|\
| |
| |
| |
| |
| |
| | |
Add configuration option to optionally disable deep_munge
Conflicts:
actionpack/CHANGELOG.md
|
| | |
|
|/
|
|
|
|
| |
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
|
| |
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Request#deep_munge was introduced as a private method,
but was turned into a public one for the use of
ActionDispatch::ParamsParser.
I have extracted it into ActionDispatch::Request::Utils, so it does not
get mixed up with the Request public methods.
|
|
|
|
|
|
| |
All ActionPack and Railties tests are passing. Closes #8891.
[Carlos Antonio da Silva + Santiago Pastorino]
|
|\
| |
| | |
Properly reset the session on reset_session
|
| |
| |
| |
| |
| |
| |
| | |
Use load_for_write! to ensure a refresh of the session object.
This way the new session_id and the empty data will be stored properly.
E.g. in the case of the session cookie store this means that a new
digest will be returned to the user.
|
| | |
|
|/
|
|
| |
SessionHash isn't a thing, and tenses are wrong.
|
|
|
|
| |
ActionDispatch::Request::Session#values
|
| |
|
|
|