aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Compare host scheme using case-insensitive regexpRafael Mendonça França2013-06-161-1/+1
| | | | | | | | | | | | | | | | | | Before: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" After: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" Backport of #10969
* Merge pull request #10478 from cainlevy/patch-1Rafael Mendonça França2013-05-061-1/+1
| | | | | | use canonical #controller_path logic in controller test cases Conflicts: actionpack/lib/action_controller/test_case.rb
* Merging in fix from #8222Ben Tucker2013-05-061-1/+1
|
* just clear the caches on clear! rather than replacing. fixes #10251Aaron Patterson2013-04-171-8/+4
|
* Fix explicit names on multiple file fieldsRyan McGeary2013-04-051-8/+7
| | | | | | | | If a file field tag is passed the multiple option, it is turned into an array field (appending "[]"), but if the file field is passed an explicit name as an option, leave the name alone (do not append "[]"). Fixes #9830
* Common behavior with adding formats to lookup_context for TemplateRenderer ↵Dmitry Vorotilin2013-04-024-4/+16
| | | | and PartialRenderer
* Fixed test failures on 1.8.7 caused by 74e59eaFred Wu2013-03-271-1/+1
|
* Backport #5808Mack Earnhardt2013-03-241-6/+21
| | | | | | df36c5f - Fix assert_template assertion with :layout option 4bd05a7 - Fix assert_template :layout => nil assertion 0d19a08 - Improve assert_template layout checking
* Merge branch '3-2-stable' into fredwu-slow_view_loading_fixAaron Patterson2013-03-201-1/+1
|\ | | | | | | | | | | | | | | | | | | | | * 3-2-stable: Merge pull request #9802 from newsline/fix-broken-action-missing Remove bad changelog entry from AR [ci skip] Wrong exception is occured when raising no translatable exception Don't crash exception translation w/ nil result attribute. Conflicts: actionpack/CHANGELOG.md
| * Merge pull request #9802 from newsline/fix-broken-action-missingRafael Mendonça França2013-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Fix missing action_missing Conflicts: actionpack/CHANGELOG.md Conflicts: actionpack/test/controller/base_test.rb Fixes #9799
* | Fixed assets loading performance in 3.2.13Fred Wu2013-03-201-1/+1
|/ | | | | The PR #8756 uses Sprockets for resolving files that already exists on disk, for those files their extensions don't need to be rewritten. Fixes #9803
* Backport #9347 to rails 3.2hoffm2013-03-191-1/+1
|
* Merge branch '3-2-13' into 3-2-stableAaron Patterson2013-03-182-6/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-13: bumping to 3.2.13 fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets bumping to rc2 Revert "Merge pull request #8209 from senny/backport_8176" Freeze columns only once per Result Preparing for 3.2.13.rc1 release Update CHANGELOGs for 3.2.13 release. Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md
| * bumping to 3.2.13Aaron Patterson2013-03-181-1/+1
| |
| * fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-151-2/+2
| | | | | | | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
| * fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-151-3/+3
| |
| * Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
| * bumping to rc2Aaron Patterson2013-03-061-1/+1
| |
| * Preparing for 3.2.13.rc1 releaseSteve Klabnik2013-02-271-2/+2
| |
* | do not freeze NumberHelper defaults.Yves Senn2013-03-181-2/+2
| | | | | | | | Closes #9767.
* | Extract hardcoded lists to Redo::RestaurantsListJuan Barreneche2013-03-141-1/+7
| |
* | Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
* | Backport fixes about #7774 to 3-2-stablemaximerety2013-03-051-2/+2
| | | | | | | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string.
* | remove unused path_without_format variableKornelius Kalnbach2013-03-031-2/+0
|/ | | Was forgotten in a72dab0.
* Check for `method_missing` in public and protectedPrem Sichanugrist2013-02-241-1/+2
| | | | | | Ruby 2.0 changed the behavior of `respond_to?` without argument to return only search for public method. We actually want to perform the action only if `method_missing` is either in public or protected.
* There is already a Set of non-hidden action_names lying around.thedarkone2013-02-241-8/+2
|
* determine the match shorthand target early.Yves Senn2013-02-221-9/+12
| | | | | | | | | Backport #9361. Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Change tabs to spaces in form options helper [ci skip]Carlos Antonio da Silva2013-02-211-2/+2
|
* Merge branch '3-2-sec' into 3-2-stableAaron Patterson2013-02-111-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version remove ruby-prof Fix issue with attr_protected where malformed input could circumvent protection fixing call to columns hash. run the damn tests when you backport! Bump rack dependency to 1.4.5 Merge pull request #9224 from dylanahsmith/bigdecimal-takes-string Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric Conflicts: Gemfile activerecord/CHANGELOG.md
| * bumping versionAaron Patterson2013-02-101-1/+1
| |
* | Add another NumberHelper missing dependencyRodrigo Rosenfeld Rosas2013-01-291-0/+1
| | | | | | | | | | Another missing dependency, now affecting #number_to_percentage. It depends on reverse_merge.
* | Add NumberHelper missing dependencyRodrigo Rosenfeld Rosas2013-01-291-0/+1
| | | | | | symbolize_keys depends on hash/keys AS core extension
* | Duplicate possible frozen string from routeAndrew White2013-01-211-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Ruby 1.9 freezes Hash string keys by default so where a route is defined like this: get 'search' => 'search' then the Mapper will derive the action from the key. This blows up later when the action is added to the parameters hash and the encoding is forced. Closes #3429
* | Remove warning of not used variableCarlos Antonio da Silva2013-01-171-1/+1
| |
* | Merge pull request #5288 from lest/patch-2José Valim2013-01-171-0/+2
| | | | | | | | | | | | force response body to be read in assert_template Conflicts: actionpack/lib/action_controller/test_case.rb
* | fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ↵Aditya Sanghi2013-01-161-1/+6
| | | | | | | | dispatch logic
* | Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+3
| | | | | | | | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* | Merge pull request #8907 from rubys/masterRafael Mendonça França2013-01-121-1/+2
| | | | | | | | Fix regression introduced in pull 8812
* | Remove unnecessary caching of ParameterFilterAndrew White2013-01-121-3/+1
| |
* | Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-2/+2
| | | | | | | | Backports #8855.
* | Merge pull request #8756 from causes/js_include_tag_fixGuillermo Iguaran2013-01-101-9/+16
|\ \ | | | | | | Fix javascript_include_tag when no js runtime is available
| * | Fix javascript_include_tag when no js runtime is availableNoah Silas2013-01-071-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a production environment where the assets have been precompiled, we don't want an assets compile step to happen on the application server at all. To ensure this, a js runtime may not be available on the app servers. In this environment, pages using javascript_include_tag for assets with non-standard or chained extensions were throwing 500 errors. For instance, `javascript_include_tag('jquery.min')` would blow up. Sprockets was attempting to build the assets being included during the rewrite_extension step (responsible for appending a '.js' extension to assets being included by the basename rather than a fully qualified name). This was happening as a step to resolve #6310, which required checking for the presence of an asset with a non-standard extension before appending the extension. We can check for the presence of an asset without invoking the asset build step by using Sprockets' resolve method, which will search for the base file without building it (and is the method that find_asset uses internally to get the path to the asset before attempting to build it). When rewriting the extension on an asset, these are the steps: - If the source does not have an extension, assume that the default extension is desired and append it. - If there is an extension and it doesn't match the default extension, check to see if a file with the precise name specified exists amongst the assets; if it is present, do not append the default extension. (This is the step that resolves #6310).
* | | Fixes issue where duplicate assets can be required with sprockets.jejacks0n2013-01-101-2/+2
| | | | | | | | | | | | | | | - addresses the problem by calling flatten on asset array before calling uniq. - adds note to CHANGELOG.
* | | Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-083-9/+7
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * | bumping versionAaron Patterson2013-01-081-1/+1
| | |
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-8/+6
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
| * | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | | Merge pull request #8812 from rubys/masterCarlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | | | | | Eliminate Rack::File headers deprecation warning
* | | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | | Do not call fields_for from form_for, to avoid instantiating two buildersCarlos Antonio da Silva2013-01-061-8/+6
| | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/form_helper.rb actionpack/test/template/form_helper_test.rb
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 20:16:48 +0000