aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o ↵Egor Homakov2012-06-131-3/+0
| | | | | | them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job.
* Merge branch 'master-sec'Aaron Patterson2012-06-121-2/+4
|\ | | | | | | | | * master-sec: Array parameters should not contain nil values.
| * Array parameters should not contain nil values.Aaron Patterson2012-06-121-2/+4
| |
* | content_type is already a Mime::Type objectSantiago Pastorino2012-06-121-1/+1
| |
* | This consider_all_requests_local doesn't make senseSantiago Pastorino2012-06-121-3/+2
|/ | | | | This middleware is only for Public Exceptions. This follows bd8c0b8a
* Return proper format on exceptionsSantiago Pastorino2012-06-111-14/+36
|
* both string and sumbol will be interpolated as string no need to convert to_sganesh2012-06-111-3/+3
|
* Merge pull request #6588 from nbibler/polymorphic_to_modelJosé Valim2012-06-011-1/+7
| | | | Correct the use of to_model in polymorphic routing
* Include routes.mounted_helpers into integration testsPiotr Sarnacki2012-06-012-3/+6
| | | | | | | | | | | | | | | In integration tests, you might want to use helpers from engines that you mounted in your application. It's not hard to add it by yourself, but it's unneeded boilerplate. mounted_helpers are now included by default. That means that given engine mounted like: mount Foo::Engine => "/foo", :as => "foo" you will be able to use paths from this engine in tests this way: foo.root_path #=> "/foo" (closes #6573)
* Merge branch 'master-sec'Aaron Patterson2012-05-311-0/+22
|\ | | | | | | | | | | * master-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
| * Strip [nil] from parameters hash.Aaron Patterson2012-05-301-0/+22
| | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* | Simplify logic to initialize valid conditions in RouteSetCarlos Antonio da Silva2012-05-311-7/+3
| | | | | | | | | | | | Remove :to_sym call from public_instance_methods iteration, as such methods in Ruby 1.9 already return symbols. Initialize valid conditions with controller/action instead of setting them afterwards.
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-05-261-4/+3
|\ \
| * | references to the old behavior removedMikhail Vaysman2012-05-251-4/+3
| | |
* | | Remove implicit dependency on pathnameJosé Valim2012-05-251-3/+3
|/ /
* / Added ActionDispatch::Request::Session#keys and ↵Philip Arndt2012-05-231-0/+8
|/ | | | ActionDispatch::Request::Session#values
* Fix bug when Rails.application is defined but is nil. See #881Marc-Andre Lafortune2012-05-211-1/+1
|
* Merge pull request #2549 from trek/RoutingErrorForMissingControllersAaron Patterson2012-05-211-3/+7
|\ | | | | When a route references a missing controller, raise ActionController::RoutingError with clearer message
| * When a route references a missing controller, raise ↵Trek Glowacki2011-08-161-3/+7
| | | | | | | | ActionController::RoutingError with a clearer message
* | Return 400 Bad Request for URL paths with invalid encoding.Andrew White2012-05-202-0/+18
| | | | | | | | | | | | | | | | | | Passing path parameters with invalid encoding is likely to trigger errors further on like `ArgumentError (invalid byte sequence in UTF-8)`. This will result in a 500 error whereas the better error to return is a 400 error which allows exception notification libraries to filter it out if they wish. Closes #4450
* | Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-202-4/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* | Correct order of expected and actual argumentsAndrew White2012-05-201-1/+1
| |
* | Raise Assertion instead of RoutingError for routing assertion failures.David Chelimsky2012-05-201-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, assert_recognizes, assert_generates, and assert_routing raised ActionController::RoutingError when they failed to recognize the route. This commit changes them to raise Assertion instead. This aligns with convention for logical failures, and supports reporting tools that care about the difference between logical failures and errors e.g. the summary at the end of a test run. - Fixes #5899
* | Improve `rake routes` output for redirects - closes #6369.Andrew White2012-05-191-12/+22
| |
* | Fix inspecting route redirections, closes #6369Łukasz Strzałkowski2012-05-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | This commit fixes route inspection in `rake routes` Before: foo /foo(.:format) :controller#:action" After: foo /foo(.:format) Redirect (301)
* | Add the #unshift method to the middleware stackRich Healey2012-05-181-0/+5
| | | | | | | | | | | | The docs suggest that the middleware stack is an Array, so I've added the unshift method to it. Originally I added some more Array methods, but it was agreed that they lacked usecases.
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-05-1510-42/+2
|\ \ | | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/asset_tag_helper.rb
| * | Removing ==Examples and last blank lines of docs from actionpackFrancesco Rodriguez2012-05-1510-42/+2
| | |
* | | add tests and external file backtrace for Routing::Mapper#drawKornelius Kalnbach2012-05-151-3/+4
| | |
* | | Autoload ActionDispatch::Request::Session to avoid circular require.Andrew White2012-05-131-1/+2
|/ /
* | Move require to where it's neededSantiago Pastorino2012-05-111-1/+2
| |
* | Copy literal route constraints to defaults - fixes #3571 and #6224.Andrew White2012-05-111-0/+19
| |
* | Don't ignore nil positional arguments for url helpers - fixes #6196.Andrew White2012-05-101-1/+1
| |
* | Refactor the handling of default_url_options in integration testsAndrew White2012-05-101-7/+24
| | | | | | | | | | | | | | | | | | | | | | | | This commit improves the handling of default_url_options in integration tests by making behave closer to how a real application operates. Specifically the following issues have been addressed: * Options specified in routes.rb are used (fixes #546) * Options specified in controllers are used * Request parameters are recalled correctly * Tests can override default_url_options directly
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-05-091-5/+10
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-05-091-2/+2
| |
* | Fix that optimized named routes should also work as singleton methods on the ↵Jeremy Kemper2012-05-061-1/+2
| | | | | | | | url_helpers module
* | doc edits [ci skip]Vijay Dev2012-05-061-3/+2
| |
* | Merge pull request #5924 from cjolly/signed-cookies-docsVijay Dev2012-05-061-3/+5
|\ \ | | | | | | Improve signed cookies documentation
| * | Improve signed cookies documentationChad Jolly2012-04-211-3/+5
| | |
* | | Raise a rescuable exception when Rails doesn't know what to do with the ↵Steven Soroka2012-05-061-0/+1
| | | | | | | | | | | | format, rather than responding with a head :not_acceptable (406)
* | | Try to convert object passed to debug_hash to hashPiotr Sarnacki2012-05-051-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SessionStore was recently changed to delegate to hash object instead of inherit from it. Since we don't want to extend SessionStore with every method implemented in Hash, it's better to just convert any object passed to debug_hash (which is also better as we don't require to pass Hash instance there, it can be any object that can be converted to Hash).
* | | need to dup the default options so that mutations will not impact usAaron Patterson2012-05-041-1/+1
| | |
* | | make sure the superclass matches so load order does not matterAaron Patterson2012-05-042-2/+2
| | |
* | | Merge pull request #6160 from ↵Aaron Patterson2012-05-041-2/+3
|\ \ \ | | | | | | | | | | | | | | | | carlosantoniodasilva/resource-route-canonical-action Force given path to http methods in mapper to skip canonical action checking
| * | | Force given path to http methods in mapper to skip canonical action checkingCarlos Antonio da Silva2012-05-041-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following scenario: resources :contacts do post 'new', action: 'new', on: :collection, as: :new end Where the /new path is not generated because it's considered a canonical action, part of the normal resource actions: new_contacts POST /contacts(.:format) contacts#new Fixes #2999
* | | | session creation methods to a moduleAaron Patterson2012-05-043-24/+11
|/ / /
* | | create a request session in the cookie storesAaron Patterson2012-05-041-0/+8
| | |
* | | create a request::session object in the memecache store middlewareAaron Patterson2012-05-041-0/+10
| | |
* | | Merge branch 'master' into sessionAaron Patterson2012-05-048-44/+55
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (55 commits) extract deprecated dynamic methods Add some docs and changelog entry Allow overriding exception handling in threaded consumer Allow configuring a different queue consumer actually don't need to expand the aggregates at all #to_sym is unnecessary de-globalise method extract code from AR::Base clean up implementation of dynamic methods. use method compilation etc. Fix ActiveModel README example mention database mapping in getting started guide Remove vestiges of the http_only! config from configuring guide Remove content-length as well Make ActionController#head pass rack-link RouteSet: optimize routes generation when globbing is used Allows assert_redirected_to to accept a regular expression use extract_options! No need to force conversion to Symbol since case ensures it's already one. No need to work around 1.8 warnings anymore. Update command line guide ...