| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
whether something has to be escaped
|
|
|
|
| |
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
|
|
|
|
|
|
|
|
| |
on AP test suite for 1.9.2."
This reverts commit 9013227e00895ac95f29077229ec2fb156f450b0.
minitest was 'running' compiled templates beginning with test!
|
| |
|
|
|
|
|
|
| |
test suite for 1.9.2.
This reverts commit 2c4f8aae5ca8489bb3e47712f50b3f57015811d9.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.
Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.
Undoes the changes of this commit:
http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
ActionPack test suite, patches that translates Rails internal tests to the new router DSL are welcome (note though that a few tests shouldn't be translated since they are testing exactly the old mapper API, like the ones in actionpack/test/controller/resource_test.rb and actionpack/test/controller/routing_test.rb)
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Specify accept-charset on all forms. All recent browsers,
as well as IE5+, will use the encoding specified for form
parameters
* Unfortunately, IE5+ will not look at accept-charset unless
at least one character in the form's values is not in the
page's charset. Since the user can override the default
charset (which Rails sets to UTF-8), we provide a hidden
input containing a unicode character, forcing IE to look
at the accept-charset.
* Now that the vast majority of web input is UTF-8, we set
the inbound parameters to UTF-8. This will eliminate many
cases of incompatible encodings between ASCII-8BIT and
UTF-8.
* You can safely ignore params[:_snowman_]
TODO:
* Validate inbound text to confirm it is UTF-8
* Combine the whole_form implementations in form_helper_test
and form_tag_helper_test
|
| |
|
|
|
|
|
|
| |
doesn't have it's own logger
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types.
[#4938]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
:controller and :action may appear in the generated url [#4326 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
* resources is always an array;
* Lazy retrieve request and formats;
* Alias api_location and navigation_location to resource_location, making easier to change its behavior without affecting each other and without a need to reimplement any of the behavior methods.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
with static and dynamic parts
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
http://tools.ietf.org/rfc/rfc3986.txt
[#4762 state:resolved]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
| |
|
|
|
|
| |
was causing the cookie store to panic because we need to unpack the whole session to get its key. This commit fixes this issue and also caches exists calls for performance improvements.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
it's already there [#2485 state:resolved]
This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
exist yet.
|
|
|
|
| |
be available yet. Unfortunately, could not reproduce this in a test case.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
frameworks like ActiveRecord and ActiveResource to log outsude Rails::Application [#4816 state:resolved]
|
| |
|
|
|
|
|
|
|
|
| |
destroyed on reset.
[#4938]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
|
|
| |
- was exposed as _view, which suggested it was private
- left _view as an alias of view as not to break any extensions that are
relying on _view
[#4932 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
rendering the view.
- Previously, _assigns were locked down the first time _view was
referenced.
[#4931 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
explicitly passes in :value => nil [#4839 state:resolved]
Signed-off-by: Michael Koziarski <michael@koziarski.com>
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
|
|
| |
setup within the railtie
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
specially useful in http helpers for generating routes in scenarios like:
resources :users, :path => 'usuarios' do
get :search, :on => :collection, :path => 'pesquisar'
end
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|