aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+3
| | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* Merge pull request #8907 from rubys/masterRafael Mendonça França2013-01-121-1/+2
| | | | Fix regression introduced in pull 8812
* Remove unnecessary caching of ParameterFilterAndrew White2013-01-121-3/+1
|
* Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-2/+2
| | | | Backports #8855.
* Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-082-8/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-8/+6
| | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
| * Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Merge pull request #8812 from rubys/masterCarlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | Eliminate Rack::File headers deprecation warning
* | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
| | | | | | | | | | | | | | | | (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2) [ci skip] Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
* | Backport #8701, do not append a second slash with `trailing_slash: true`Yves Senn2013-01-021-1/+5
| |
* | Clear url helper methods when routes are reloadedAndrew White2012-12-141-6/+12
| | | | | | | | | | | | | | | | Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak. Closes #8488.
* | Merge pull request #8490 from mattv/fix_request_raw_postRafael Mendonça França2012-12-111-2/+3
| | | | | | | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-11-161-5/+10
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-11-161-2/+2
| |
* | Fix redirect example blockCarlos Antonio da Silva2012-11-091-3/+3
| | | | | | | | See #8160. [ci skip]
* | Merge pull request #8093 from nikitug/keep_app_x_ua_compatibleCarlos Antonio da Silva2012-11-081-1/+7
| | | | | | | | | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md
* | backport, handle trailing slash with enginesYves Senn2012-11-081-1/+1
|/ | | | this is a backport of #8115 to fix #7842
* Clear url helpers when reloading routesSantiago Pastorino2012-11-021-0/+1
|
* Revert "Merge pull request #7668 from Draiken/fix_issue_6497"Rafael Mendonça França2012-11-021-1/+1
| | | | | | | | | This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135. Conflicts: actionpack/CHANGELOG.md REASON: This added a backward incompatible change.
* Merge pull request #7789 from senny/7777_resource_functions_modify_optionsRafael Mendonça França2012-10-011-2/+2
| | | | resource and resources do no longer modify passed options
* Since File instance doesn't respond to #open use a double to test theRafael Mendonça França2012-09-301-1/+1
| | | | behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb
* Merge pull request #7668 from Draiken/fix_issue_6497Rafael Mendonça França2012-09-191-1/+1
| | | | | | Removing to_shorthand to fix #6497 Conflicts: actionpack/CHANGELOG.md
* log 404 status when ActiveRecord::RecordNotFound was raised (#7646)Yves Senn2012-09-171-2/+6
| | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_controller/log_subscriber.rb
* Fix bug when Rails.application is defined but is nil. See #881Marc-Andre Lafortune2012-08-281-1/+1
|
* Dont stream back cookie value if it was set to the same valuebrainopia2012-08-101-4/+6
|
* Revert "Revert "Merge pull request #6084 from ↵brainopia2012-08-101-0/+7
| | | | | | brainopia/support_for_magic_domain_on_all_stores"" This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4.
* Remove references to old behavior with headers atRafael Mendonça França2012-08-071-4/+3
| | | | | | | | | | | ActionDispatch::Integration::ResquestHelpers. The behavior has removed at 4a6f4b92ad2f48dc7906d223fe4708d36624bd50 to increase the compatibility with Rack::Test Closes #7136 [ci skip]
* Revert "Merge pull request #6084 from ↵Rafael Mendonça França2012-08-051-7/+0
| | | | | | | | brainopia/support_for_magic_domain_on_all_stores" This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186. This commit was supposed to fix a bug but it add more failures.
* Merge pull request #6084 from brainopia/support_for_magic_domain_on_all_storesJosé Valim2012-08-021-0/+7
| | | | Support cookie jar options for all cookie stores
* adds a missing require from Active SupportXavier Noria2012-07-281-0/+1
| | | | This file uses mattr_accessor.
* Add support for optional root segments containing slashesAndrew White2012-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Optional segments with a root scope need to have the leading slash outside of the parentheses, otherwise the generated url will be empty. However if the route has non-optional elements then the leading slash needs to remain inside the parentheses otherwise the generated url will have two leading slashes, e.g: Blog::Application.routes.draw do get '/(:category)', :to => 'posts#index', :as => :root get '/(:category)/author/:name', :to => 'posts#author', :as => :author end $ rake routes root GET /(:category)(.:format) posts#index author GET (/:category)/author/:name(.:format) posts#author This change adds support for optional segments that contain a slash, allowing support for urls like /page/2 for the root path, e.g: Blog::Application.routes.draw do get '/(page/:page)', :to => 'posts#index', :as => :root end $ rake routes root GET /(page/:page)(.:format) posts#index Fixes #7073 (cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
* Array parameters should not contain nil values.Aaron Patterson2012-06-111-2/+4
|
* Revert "fix the Flash middleware loading the session on every request (very ↵Rafael Mendonça França2012-06-051-3/+6
| | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request).
* Merge pull request #6588 from nbibler/polymorphic_to_modelJosé Valim2012-06-011-1/+7
|\ | | | | Correct the use of to_model in polymorphic routing
| * Use to_model delegates for polymorphic route generationNathaniel Bibler2012-06-011-1/+7
| |
* | Include routes.mounted_helpers into integration testsPiotr Sarnacki2012-06-011-2/+5
|/ | | | | | | | | | | | | | | In integration tests, you might want to use helpers from engines that you mounted in your application. It's not hard to add it by yourself, but it's unneeded boilerplate. mounted_helpers are now included by default. That means that given engine mounted like: mount Foo::Engine => "/foo", :as => "foo" you will be able to use paths from this engine in tests this way: foo.root_path #=> "/foo" (closes #6573)
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* remove unnecessary memcache equire in ActionDispatch::Session::CacheStoreBrian Durand2012-05-261-1/+0
|
* Don't ignore nil positional arguments for url helpers - fixes #6196.Andrew White2012-05-101-1/+1
|
* Refactor the handling of default_url_options in integration testsAndrew White2012-05-101-7/+24
| | | | | | | | | | | | This commit improves the handling of default_url_options in integration tests by making behave closer to how a real application operates. Specifically the following issues have been addressed: * Options specified in routes.rb are used (fixes #546) * Options specified in controllers are used * Request parameters are recalled correctly * Tests can override default_url_options directly
* Reset the request parameters after a constraints checkAndrew White2012-05-032-0/+6
| | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510. (cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
* fix the Flash middleware loading the session on every request (very ↵Will Bryant2012-04-301-6/+3
| | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
* Restore interpolation of path option in redirect routesAndrew White2012-04-291-0/+10
|
* Add missing require from b608cdd64c95d0d16eb98d86562e22f3b01be9e3Andrew White2012-04-291-0/+1
|
* Escape interpolated params when redirecting - fixes #5688Andrew White2012-04-291-1/+6
|
* Fix the redirect when it receive blocks with arity of 1.Rafael Mendonça França2012-03-311-1/+2
| | | | Closes #5677
* Remove the leading \n added by textarea on assert_selectSantiago Pastorino2012-03-301-0/+1
|
* Return the same session data object when setting session idCarlos Antonio da Silva2012-03-241-1/+1
| | | | | | | | Make sure to return the same hash object instead of returning a new one. Returning a new one causes failures on cookie store tests, where it tests for the 'Set-Cookie' header with the session signature. This is due to the hash ordering changes on Ruby 1.8.7-p358.
* Merge pull request #5456 from brianmario/redirect-sanitizationAaron Patterson2012-03-151-1/+1
| | | | Strip null bytes from Location header