aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Only use valid mime type symbols as cache keysAaron Patterson2013-11-301-0/+7
| | | | CVE-2013-6414
* bumping to 3.2.15Aaron Patterson2013-10-151-1/+1
|
* Merge branch '3-2-15' into 3-2-secAaron Patterson2013-10-151-2/+2
|\ | | | | | | | | | | | | | | | | | | | | * 3-2-15: bumping to rc3 Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build" Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target" bumping to rc2 Merge pull request #12443 from arthurnn/add_inverse_of_add_target bumping version to 3.2.15.rc1 Fix STI scopes using benolee's suggestion. Fixes #11939
| * bumping to rc3Aaron Patterson2013-10-111-1/+1
| |
| * bumping to rc2Aaron Patterson2013-10-041-1/+1
| |
| * bumping version to 3.2.15.rc1Aaron Patterson2013-10-031-2/+2
| |
* | Merge branch '3-2-stable' into 3-2-secAaron Patterson2013-10-031-1/+1
|\| | | | | | | | | | | * 3-2-stable: make sure both headers are set before checking for ip spoofing Move set_inverse_instance to association.build_record
| * make sure both headers are set before checking for ip spoofingTamir Duberstein2013-10-011-1/+1
| |
* | Remove the use of String#% when formatting durations in log messagesMichael Koziarski2013-09-301-6/+5
|/ | | | | This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.
* pass the extra params to the rack test environment so that routes with block ↵Brian Hahn2013-09-062-4/+5
| | | | constraints have access
* fix issue #11605Kassio Borges2013-08-244-16/+4
|
* Merge branch '3-2-14' into 3-2-stableRafael Mendonça França2013-07-221-1/+1
|\
| * Preparing for 3.2.14 releaseRafael Mendonça França2013-07-221-1/+1
| |
| * Preparing for 3.2.14.rc2 releaseRafael Mendonça França2013-07-161-1/+1
| |
| * Preparing for 3.2.14.rc1 releaseRafael Mendonça França2013-07-121-2/+2
| |
* | Fix `assert_redirected_to` does not show user-supplied message.Alexey Chernenkov2013-07-181-1/+1
|/ | | | | | Issue: when `assert_redirected_to` fails due to the response redirect not matching the expected redirect the user-supplied message (second parameter) is not shown. This message is only shown if the response is not a redirect.
* Add missing requireSantiago Pastorino2013-07-021-0/+1
|
* Fix shorthand routes where controller and action are in the scopeAndrew White2013-06-251-0/+8
| | | | | | | | | | | Merge `:action` from routing scope and assign endpoint if both `:controller` and `:action` are present. The endpoint assignment only occurs if there is no `:to` present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path). Fixes #9856 Backport of 37b4276
* Merge pull request #10971 from dtaniwaki/escape_link_to_unlessRafael Mendonça França2013-06-241-1/+1
| | | | Always escape the result of link_to_unless method
* Compare host scheme using case-insensitive regexpRafael Mendonça França2013-06-161-1/+1
| | | | | | | | | | | | | | | | | | Before: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" After: image_tag("HTTP://google.com") # => "<img alt=\"Google\" src=\"HTTP://google.com\" />" image_tag("http://google.com") # => "<img alt=\"Google\" src=\"http://google.com\" />" Backport of #10969
* Merge pull request #10478 from cainlevy/patch-1Rafael Mendonça França2013-05-061-1/+1
| | | | | | use canonical #controller_path logic in controller test cases Conflicts: actionpack/lib/action_controller/test_case.rb
* Merging in fix from #8222Ben Tucker2013-05-061-1/+1
|
* just clear the caches on clear! rather than replacing. fixes #10251Aaron Patterson2013-04-171-8/+4
|
* Fix explicit names on multiple file fieldsRyan McGeary2013-04-051-8/+7
| | | | | | | | If a file field tag is passed the multiple option, it is turned into an array field (appending "[]"), but if the file field is passed an explicit name as an option, leave the name alone (do not append "[]"). Fixes #9830
* Common behavior with adding formats to lookup_context for TemplateRenderer ↵Dmitry Vorotilin2013-04-024-4/+16
| | | | and PartialRenderer
* Fixed test failures on 1.8.7 caused by 74e59eaFred Wu2013-03-271-1/+1
|
* Backport #5808Mack Earnhardt2013-03-241-6/+21
| | | | | | df36c5f - Fix assert_template assertion with :layout option 4bd05a7 - Fix assert_template :layout => nil assertion 0d19a08 - Improve assert_template layout checking
* Merge branch '3-2-stable' into fredwu-slow_view_loading_fixAaron Patterson2013-03-201-1/+1
|\ | | | | | | | | | | | | | | | | | | | | * 3-2-stable: Merge pull request #9802 from newsline/fix-broken-action-missing Remove bad changelog entry from AR [ci skip] Wrong exception is occured when raising no translatable exception Don't crash exception translation w/ nil result attribute. Conflicts: actionpack/CHANGELOG.md
| * Merge pull request #9802 from newsline/fix-broken-action-missingRafael Mendonça França2013-03-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Fix missing action_missing Conflicts: actionpack/CHANGELOG.md Conflicts: actionpack/test/controller/base_test.rb Fixes #9799
* | Fixed assets loading performance in 3.2.13Fred Wu2013-03-201-1/+1
|/ | | | | The PR #8756 uses Sprockets for resolving files that already exists on disk, for those files their extensions don't need to be rewritten. Fixes #9803
* Backport #9347 to rails 3.2hoffm2013-03-191-1/+1
|
* Merge branch '3-2-13' into 3-2-stableAaron Patterson2013-03-182-6/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-13: bumping to 3.2.13 fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets bumping to rc2 Revert "Merge pull request #8209 from senny/backport_8176" Freeze columns only once per Result Preparing for 3.2.13.rc1 release Update CHANGELOGs for 3.2.13 release. Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md
| * bumping to 3.2.13Aaron Patterson2013-03-181-1/+1
| |
| * fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-151-2/+2
| | | | | | | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
| * fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-151-3/+3
| |
| * Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
| * bumping to rc2Aaron Patterson2013-03-061-1/+1
| |
| * Preparing for 3.2.13.rc1 releaseSteve Klabnik2013-02-271-2/+2
| |
* | do not freeze NumberHelper defaults.Yves Senn2013-03-181-2/+2
| | | | | | | | Closes #9767.
* | Extract hardcoded lists to Redo::RestaurantsListJuan Barreneche2013-03-141-1/+7
| |
* | Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
* | Backport fixes about #7774 to 3-2-stablemaximerety2013-03-051-2/+2
| | | | | | | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string.
* | remove unused path_without_format variableKornelius Kalnbach2013-03-031-2/+0
|/ | | Was forgotten in a72dab0.
* Check for `method_missing` in public and protectedPrem Sichanugrist2013-02-241-1/+2
| | | | | | Ruby 2.0 changed the behavior of `respond_to?` without argument to return only search for public method. We actually want to perform the action only if `method_missing` is either in public or protected.
* There is already a Set of non-hidden action_names lying around.thedarkone2013-02-241-8/+2
|
* determine the match shorthand target early.Yves Senn2013-02-221-9/+12
| | | | | | | | | Backport #9361. Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Change tabs to spaces in form options helper [ci skip]Carlos Antonio da Silva2013-02-211-2/+2
|
* Merge branch '3-2-sec' into 3-2-stableAaron Patterson2013-02-111-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version remove ruby-prof Fix issue with attr_protected where malformed input could circumvent protection fixing call to columns hash. run the damn tests when you backport! Bump rack dependency to 1.4.5 Merge pull request #9224 from dylanahsmith/bigdecimal-takes-string Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric Conflicts: Gemfile activerecord/CHANGELOG.md
| * bumping versionAaron Patterson2013-02-101-1/+1
| |
* | Add another NumberHelper missing dependencyRodrigo Rosenfeld Rosas2013-01-291-0/+1
| | | | | | | | | | Another missing dependency, now affecting #number_to_percentage. It depends on reverse_merge.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 18:47:44 +0000