aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
* make sure both headers are set before checking for ip spoofingTamir Duberstein2013-10-011-1/+1
|
* pass the extra params to the rack test environment so that routes with block ↵Brian Hahn2013-09-062-4/+5
| | | | constraints have access
* Fix `assert_redirected_to` does not show user-supplied message.Alexey Chernenkov2013-07-181-1/+1
| | | | | | Issue: when `assert_redirected_to` fails due to the response redirect not matching the expected redirect the user-supplied message (second parameter) is not shown. This message is only shown if the response is not a redirect.
* Add missing requireSantiago Pastorino2013-07-021-0/+1
|
* Fix shorthand routes where controller and action are in the scopeAndrew White2013-06-251-0/+8
| | | | | | | | | | | Merge `:action` from routing scope and assign endpoint if both `:controller` and `:action` are present. The endpoint assignment only occurs if there is no `:to` present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path). Fixes #9856 Backport of 37b4276
* just clear the caches on clear! rather than replacing. fixes #10251Aaron Patterson2013-04-171-8/+4
|
* Backport fixes about #7774 to 3-2-stablemaximerety2013-03-051-2/+2
| | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string.
* remove unused path_without_format variableKornelius Kalnbach2013-03-031-2/+0
| | | Was forgotten in a72dab0.
* determine the match shorthand target early.Yves Senn2013-02-221-9/+12
| | | | | | | | | Backport #9361. Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Duplicate possible frozen string from routeAndrew White2013-01-211-2/+3
| | | | | | | | | | | | | Ruby 1.9 freezes Hash string keys by default so where a route is defined like this: get 'search' => 'search' then the Mapper will derive the action from the key. This blows up later when the action is added to the parameters hash and the encoding is forced. Closes #3429
* fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ↵Aditya Sanghi2013-01-161-1/+6
| | | | dispatch logic
* Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+3
| | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* Merge pull request #8907 from rubys/masterRafael Mendonça França2013-01-121-1/+2
| | | | Fix regression introduced in pull 8812
* Remove unnecessary caching of ParameterFilterAndrew White2013-01-121-3/+1
|
* Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-2/+2
| | | | Backports #8855.
* Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-082-8/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-8/+6
| | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
| * Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Merge pull request #8812 from rubys/masterCarlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | Eliminate Rack::File headers deprecation warning
* | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
| | | | | | | | | | | | | | | | (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2) [ci skip] Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
* | Backport #8701, do not append a second slash with `trailing_slash: true`Yves Senn2013-01-021-1/+5
| |
* | Clear url helper methods when routes are reloadedAndrew White2012-12-141-6/+12
| | | | | | | | | | | | | | | | Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak. Closes #8488.
* | Merge pull request #8490 from mattv/fix_request_raw_postRafael Mendonça França2012-12-111-2/+3
| | | | | | | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-11-161-5/+10
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-11-161-2/+2
| |
* | Fix redirect example blockCarlos Antonio da Silva2012-11-091-3/+3
| | | | | | | | See #8160. [ci skip]
* | Merge pull request #8093 from nikitug/keep_app_x_ua_compatibleCarlos Antonio da Silva2012-11-081-1/+7
| | | | | | | | | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md
* | backport, handle trailing slash with enginesYves Senn2012-11-081-1/+1
|/ | | | this is a backport of #8115 to fix #7842
* Clear url helpers when reloading routesSantiago Pastorino2012-11-021-0/+1
|
* Revert "Merge pull request #7668 from Draiken/fix_issue_6497"Rafael Mendonça França2012-11-021-1/+1
| | | | | | | | | This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135. Conflicts: actionpack/CHANGELOG.md REASON: This added a backward incompatible change.
* Merge pull request #7789 from senny/7777_resource_functions_modify_optionsRafael Mendonça França2012-10-011-2/+2
| | | | resource and resources do no longer modify passed options
* Since File instance doesn't respond to #open use a double to test theRafael Mendonça França2012-09-301-1/+1
| | | | behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb
* Merge pull request #7668 from Draiken/fix_issue_6497Rafael Mendonça França2012-09-191-1/+1
| | | | | | Removing to_shorthand to fix #6497 Conflicts: actionpack/CHANGELOG.md
* log 404 status when ActiveRecord::RecordNotFound was raised (#7646)Yves Senn2012-09-171-2/+6
| | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_controller/log_subscriber.rb
* Fix bug when Rails.application is defined but is nil. See #881Marc-Andre Lafortune2012-08-281-1/+1
|
* Dont stream back cookie value if it was set to the same valuebrainopia2012-08-101-4/+6
|
* Revert "Revert "Merge pull request #6084 from ↵brainopia2012-08-101-0/+7
| | | | | | brainopia/support_for_magic_domain_on_all_stores"" This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4.
* Remove references to old behavior with headers atRafael Mendonça França2012-08-071-4/+3
| | | | | | | | | | | ActionDispatch::Integration::ResquestHelpers. The behavior has removed at 4a6f4b92ad2f48dc7906d223fe4708d36624bd50 to increase the compatibility with Rack::Test Closes #7136 [ci skip]
* Revert "Merge pull request #6084 from ↵Rafael Mendonça França2012-08-051-7/+0
| | | | | | | | brainopia/support_for_magic_domain_on_all_stores" This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186. This commit was supposed to fix a bug but it add more failures.
* Merge pull request #6084 from brainopia/support_for_magic_domain_on_all_storesJosé Valim2012-08-021-0/+7
| | | | Support cookie jar options for all cookie stores
* adds a missing require from Active SupportXavier Noria2012-07-281-0/+1
| | | | This file uses mattr_accessor.
* Add support for optional root segments containing slashesAndrew White2012-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Optional segments with a root scope need to have the leading slash outside of the parentheses, otherwise the generated url will be empty. However if the route has non-optional elements then the leading slash needs to remain inside the parentheses otherwise the generated url will have two leading slashes, e.g: Blog::Application.routes.draw do get '/(:category)', :to => 'posts#index', :as => :root get '/(:category)/author/:name', :to => 'posts#author', :as => :author end $ rake routes root GET /(:category)(.:format) posts#index author GET (/:category)/author/:name(.:format) posts#author This change adds support for optional segments that contain a slash, allowing support for urls like /page/2 for the root path, e.g: Blog::Application.routes.draw do get '/(page/:page)', :to => 'posts#index', :as => :root end $ rake routes root GET /(page/:page)(.:format) posts#index Fixes #7073 (cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
* Array parameters should not contain nil values.Aaron Patterson2012-06-111-2/+4
|
* Revert "fix the Flash middleware loading the session on every request (very ↵Rafael Mendonça França2012-06-051-3/+6
| | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request).
* Merge pull request #6588 from nbibler/polymorphic_to_modelJosé Valim2012-06-011-1/+7
|\ | | | | Correct the use of to_model in polymorphic routing
| * Use to_model delegates for polymorphic route generationNathaniel Bibler2012-06-011-1/+7
| |
* | Include routes.mounted_helpers into integration testsPiotr Sarnacki2012-06-011-2/+5
|/ | | | | | | | | | | | | | | In integration tests, you might want to use helpers from engines that you mounted in your application. It's not hard to add it by yourself, but it's unneeded boilerplate. mounted_helpers are now included by default. That means that given engine mounted like: mount Foo::Engine => "/foo", :as => "foo" you will be able to use paths from this engine in tests this way: foo.root_path #=> "/foo" (closes #6573)
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 08:49:09 +0000