| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Remove header bloat introduced by BestStandardsSupport middleware
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
| |
Fix regression introduced in pull 8812
|
| |
|
|
|
|
| |
Backports #8855.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| |
| |
| |
| | |
dealing with empty hashes. Thanks Damien Mathieu
|
| |
| |
| |
| | |
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
|
| |
| |
| |
| | |
Eliminate Rack::File headers deprecation warning
|
| |
| |
| |
| | |
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
|
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2)
[ci skip]
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Clear url helper methods when routes are reloaded by removing the
methods explicitly rather than just clearing the module because it
didn't work properly and could be the source of a memory leak.
Closes #8488.
|
| |
| |
| |
| |
| |
| | |
Fix rewinding in ActionDispatch::Request#raw_post
Conflicts:
actionpack/CHANGELOG.md
|
| | |
|
| | |
|
| |
| |
| |
| | |
See #8160. [ci skip]
|
| |
| |
| |
| |
| |
| |
| | |
Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header)
Conflicts:
actionpack/CHANGELOG.md
|
|/
|
|
| |
this is a backport of #8115 to fix #7842
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135.
Conflicts:
actionpack/CHANGELOG.md
REASON: This added a backward incompatible change.
|
|
|
|
| |
resource and resources do no longer modify passed options
|
|
|
|
| |
behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb
|
|
|
|
|
|
| |
Removing to_shorthand to fix #6497
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
| |
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/log_subscriber.rb
|
| |
|
| |
|
|
|
|
|
|
| |
brainopia/support_for_magic_domain_on_all_stores""
This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4.
|
|
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Integration::ResquestHelpers.
The behavior has removed at 4a6f4b92ad2f48dc7906d223fe4708d36624bd50 to
increase the compatibility with Rack::Test
Closes #7136
[ci skip]
|
|
|
|
|
|
|
|
| |
brainopia/support_for_magic_domain_on_all_stores"
This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186.
This commit was supposed to fix a bug but it add more failures.
|
|
|
|
| |
Support cookie jar options for all cookie stores
|
|
|
|
| |
This file uses mattr_accessor.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Optional segments with a root scope need to have the leading slash
outside of the parentheses, otherwise the generated url will be empty.
However if the route has non-optional elements then the leading slash
needs to remain inside the parentheses otherwise the generated url
will have two leading slashes, e.g:
Blog::Application.routes.draw do
get '/(:category)', :to => 'posts#index', :as => :root
get '/(:category)/author/:name', :to => 'posts#author', :as => :author
end
$ rake routes
root GET /(:category)(.:format) posts#index
author GET (/:category)/author/:name(.:format) posts#author
This change adds support for optional segments that contain a slash,
allowing support for urls like /page/2 for the root path, e.g:
Blog::Application.routes.draw do
get '/(page/:page)', :to => 'posts#index', :as => :root
end
$ rake routes
root GET /(page/:page)(.:format) posts#index
Fixes #7073
(cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
|
| |
|
|
|
|
|
|
|
|
|
| |
dangerous especially with Rack::Cache), it should only be loaded when the flash method is called"
This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa.
Reason: This add a non-backward compatible change in the way that flash
works now (swept in every request).
|
|\
| |
| | |
Correct the use of to_model in polymorphic routing
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
|
|
|
|
|
| |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.
Specifically the following issues have been addressed:
* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.
To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.
Fixes #2510.
(cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
|
|
|
|
| |
dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
|
| |
|
| |
|
| |
|
|
|
|
| |
Closes #5677
|
| |
|
|
|
|
|
|
|
|
| |
Make sure to return the same hash object instead of returning a new one.
Returning a new one causes failures on cookie store tests, where it
tests for the 'Set-Cookie' header with the session signature.
This is due to the hash ordering changes on Ruby 1.8.7-p358.
|
|
|
|
| |
Strip null bytes from Location header
|