aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
|
* Merge branch 'master-sec'Aaron Patterson2013-12-031-2/+2
|\ | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* | Convert Mime::NullType in a singletonGuillermo Iguaran2013-12-031-1/+4
|/
* Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-033-3/+3
|
* Try to escape each part of a path redirect route correctlyAndrew White2013-12-021-8/+25
| | | | | | | | | | | | | A path redirect may contain any and all parts of a url which have different escaping rules for each part. This commit tries to escape each part correctly by splitting the string into three chunks - path (which may also include a host), query and fragment; then it applies the correct escape pattern to each part. Whilst using `URI.parse` would be better, unfortunately the possible presence of %{name} parameters in the path redirect string prevents us from using it so we have to use a regular expression instead. Fixes #13110.
* [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-2/+2
|
* Better error message for typos in assert_response argument.Victor Costan2013-11-251-0/+3
| | | | | This commit makes it really easy to debug errors due to typos like "assert_response :succezz".
* Merge remote-tracking branch 'docrails/master'Xavier Noria2013-11-241-1/+1
|\ | | | | | | | | | | Conflicts: activesupport/lib/active_support/core_ext/hash/deep_merge.rb activesupport/lib/active_support/core_ext/hash/keys.rb
| * Change syntax format for example returned valuesPrem Sichanugrist2013-11-111-1/+1
| | | | | | | | | | | | | | | | | | According to our guideline, we leave 1 space between `#` and `=>`, so we want `# =>` instead of `#=>`. Thanks to @fxn for the suggestion. [ci skip]
* | Revert "Merge pull request #12990 from vipulnsward/remove_visualizer_param"Rafael Mendonça França2013-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | This reverts commit 5a19346d2855ecb1c791cdef3af92589566d00db, reversing changes made to d82588ee4756b03025813b3997f4db171ee0fcdc. This argument is being used in the view https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/visualizer/index.html.erb#L4 It is being set using the binding https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/gtg/transition_table.rb#L108
* | Remove unused param `title`to `TransitionTable#visualizer`Vipul A M2013-11-221-1/+1
| |
* | Fix for routes taskSıtkı Bağdat2013-11-211-1/+2
| | | | | | | | This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
* | Avoid hash lookups for building an array of required defaultsCarlos Antonio da Silva2013-11-151-2/+3
| | | | | | | | Only set the value once after it's calculated.
* | Get rid of useless temp variableCarlos Antonio da Silva2013-11-151-2/+1
| |
* | Set values instead of building hashes with single values for mergingCarlos Antonio da Silva2013-11-151-2/+2
| |
* | Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+2
| |
* | avoiding next statementsAkshay Vishnoi2013-11-151-9/+12
| |
* | class methods moved to already defined class<<self blockAkshay Vishnoi2013-11-151-6/+6
| |
* | Merge pull request #12740 from gaurish/patch-1Rafael Mendonça França2013-11-101-2/+4
|\ \ | |/ |/| Improve Errors when Controller Name or Action isn't specfied
| * Improve Errors when Controller Name or Action isn't specfiedGaurish Sharma2013-11-051-2/+4
| | | | | | | | | | | | | | | | | | | | These errors occur when, there routes are wrongly defined. example, the following line would cause a missing :action error root "welcomeindex" Mostly beginners are expected to hit these errors, so lets improve the error message a bit to make their learning experience bit better.
* | Eliminate `JSON.{parse,load,generate,dump}` and `def to_json`Godfrey Chan2013-11-051-5/+3
|/ | | | | | | | | | | | | | | JSON.{dump,generate} offered by the JSON gem is not compatiable with Rails at the moment and can cause a lot of subtle bugs when passed certain data structures. This changed all direct usage of the JSON gem in internal Rails code to always go through AS::JSON.{decode,encode}. We also shouldn't be implementing `to_json` most of the time, and these occurances are replaced with an equivilent `as_json` implementation to avoid problems down the road. See [1] for all the juicy details. [1]: intridea/multi_json#138 (comment)
* :scissors: [ci skip]Carlos Antonio da Silva2013-11-041-3/+0
|
* Code style for privacy indentionDavid Heinemeier Hansson2013-11-031-8/+8
|
* Ensure backwards compability after the #deep_munge extractionDavid Heinemeier Hansson2013-11-031-0/+10
|
* Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-021-2/+1
| | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* Merge pull request #9660 from ↵Guillermo Iguaran2013-11-011-1/+2
|\ | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-111-1/+2
| | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | Warnings removed for ruby trunkArun Agrawal2013-11-011-1/+1
| | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
* | add the fetch method to sessionsDamien Mathieu2013-10-291-0/+12
| |
* | Remove surprise if from show_exception middlewarePrem Sichanugrist2013-10-271-2/+5
| | | | | | This increase the readability within the rescue block.
* | Correct error in Utils.normalize_path that changed paths improperlyJosh Symonds2013-10-231-1/+1
| |
* | Respect `SCRIPT_NAME` when using `redirect` with a relative pathAndrew White2013-10-101-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example: # application routes.rb mount BlogEngine => '/blog' # engine routes.rb get '/admin' => redirect('admin/dashboard') This now redirects to the path `/blog/admin/dashboard`, whereas before it would've generated an invalid url because there would be no slash between the host name and the path. It also allows redirects to work where the application is deployed to a subdirectory of a website. Fixes #7977
* | Merge branch 'fix-ip-spoof-errors' of https://github.com/tamird/rails into ↵Andrew White2013-09-301-1/+1
|\ \ | | | | | | | | | tamird-fix-ip-spoof-errors
| * | make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-1/+1
| | |
* | | Merge pull request #12398 from thedarkone/thread-safety-stuffRafael Mendonça França2013-09-282-13/+27
|\ \ \ | | | | | | | | Thread safety fixes
| * | | Make GTG::TransTable thread safe.thedarkone2013-09-281-12/+23
| | | | | | | | | | | | | | | | From now on only the `[]=` method is allowed to modify the internal states hashes.
| * | | Replace global Hash with TS::Cache.thedarkone2013-09-281-1/+4
| | | |
* | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2013-09-281-1/+1
|\ \ \ \ | |/ / / |/| | |
| * | | Fix link_to return valueEarl J St Sauver2013-09-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | The documentation is showing the link_to method as just returning the contents of the url_for method. It should be returning an "<a>" tag with the correct href set.
* | | | No need the else clauseRafael Mendonça França2013-09-241-2/+0
| | | |
* | | | Use join to concat the both side of the ASTRafael Mendonça França2013-09-241-1/+2
| | | | | | | | | | | | | | | | Onf of the sides can be nil and it will raise a Conversion error
* | | | Merge pull request #10773 from wangjohn/link_and_routing_optionsRafael Mendonça França2013-09-231-0/+13
|\ \ \ \ | | | | | | | | | | | | | | | Adding documentation and tests to ``polymorphic_url`` and ``link_to``
| * | | | Adding documentation to +polymorphic_url+wangjohn2013-06-131-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | concerning the options that it inherits from +url_for+. The way that +polymorhpic_url+ is built allows it to have options like +:anchor+, +:script_name+, etc. but this is currently not documented.
* | | | | Merge pull request #9155 from bogdan/route-formatterAndrew White2013-09-221-23/+23
|\ \ \ \ \ | | | | | | | | | | | | Rewrite Journey::Visitors::Formatter for performance
| * | | | | Rewrite journey routes formatter for performanceBogdan Gusiev2013-08-281-23/+23
| | | | | |
* | | | | | [ci skip] Add some comment about downcase url encoded string.kennyj2013-09-221-0/+2
| | | | | |
* | | | | | Fix incorrect assert_redirected_to failure messageDerek Prior2013-09-191-15/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some instances, `assert_redirected_to` assertion was returning an incorrect and misleading failure message when the assertion failed. This was due to a disconnect in how the assertion computes the redirect string for the failure message and how `redirect_to` computes the string that is actually used for redirection. I made the `_compute_redirect_to_loaction` method used by `redirect_to` public and call that from the method `assert_redirect_to` uses to calculate the URL. The reveals a new test failure due to the regex used by `_compute_redirect_to_location` allow `_` in the URL scheme.
* | | | | | Remove 1.8 compatible codekennyj2013-09-191-1/+1
| | | | | |
* | | | | | Fix an issue where router can't recognize downcased url encoding path.kennyj2013-09-191-0/+1
| | | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 15:45:10 +0000