| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
| |
| |
| | |
method.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb.
Deprecated protocol_separator and bad_tags.
Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| | |
| | |
| | |
| | |
| | |
| | | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
|\ \ \
| |/ /
|/| | |
Reduce number of subscriptions created.
|
| | | |
|
| | | |
|
|\ \ \
| |/ /
|/| | |
This updates rails to use edge rack
|
| | |
| | |
| | |
| | | |
https://github.com/rack/rack/commit/5a5aee36
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
|
| | |
| | |
| | |
| | | |
It always responds to mounted_helpers now
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this commit shallow resources would only generate paths for
non-direct children (with a nested depth greater than 1).
Take the following routes file.
resources :blogs do
resources :posts, shallow: true do
resources :comments do
resources :tags
end
end
end
This would generate shallow paths for `tags` nested under `posts`,
e.g `/posts/:id/tags/`, however it would not generate shallow paths
for `comments` nested under `posts`, e.g `/posts/:id/comments/new`.
This commit changes the behaviour of the route mapper so that it
generate paths for direct children of shallow resources, for example
if you take the previous routes file, this will now generate
shallow paths for `comments` nested under `posts`, .e.g
`posts/:id/comments/new`.
This was the behaviour in Rails `4.0.4` however this was broken in
@jcoglan's fix for another routes related issue[1].
This also fixes an issue[2] reported by @smdern.
[1] https://github.com/rails/rails/commit/d0e5963
[2] https://github.com/rails/rails/issues/15783
|
|\ \ \
| | | |
| | | | |
Remove symbolized_path_parameters.
|
| | | |
| | | |
| | | |
| | | | |
This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
|
|\ \ \ \
| | | | |
| | | | | |
Improve token_and_options regex and test
|
| | | | |
| | | | |
| | | | |
| | | | | |
add a test case to test the regex for the helper method raw_params
|
| | | | | |
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The controller can set the response format as 'JSON' before the renderer code be
evaluated, so we must replace it when necessary.
Fixes #15081
|
|/ / / |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Then we only need to extract host once.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
Add always permitted parameters as a configurable option.
[Rafael Mendonça França + Gary S. Weaver]
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* General style fixes.
* Add changes to configuration guide.
* Add missing tests.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* This commit adds back the always_permitted_parameters
configuration option to strong paramaters.
* The initial pull requests where this feature was added
are the following:
- https://github.com/rails/rails/pull/12682
- https://github.com/rails/strong_parameters/pull/174
|
|\ \ \ \
| | | | |
| | | | | |
Replace x.sort_by!.select! with x.select!.sort_by!
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The latter has the same speed as the former in the worst case
and faster in general, because it is always better to sort less items.
Unfortunately, `routes.select!{...}.sort_by!{...}` is not possible here
because `select!` returns `nil`, so select! and sort! must be done
in two steps.
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
Need to add individual `:nodoc:` for nested classes / modules to completely
remove the constants from the API.
|
|\ \ \ \
| | | | |
| | | | | |
Fix state leak.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Because it is more natural way to test substring inclusion. Also, in
this particular case it is much faster.
In general, using `Regexp.new str` for such kind of things is dangerous.
The string must be escaped, unless you know what you're doing. Example:
Regexp.new "\\" # HELLO WINDOWS
# RegexpError: too short escape sequence: /\/
The right way to do this is escape the string
Regexp.new Regexp.escape "\\"
# => /\\/
Here is the benchmark showing how faster `include?` call is.
```
require 'benchmark/ips'
Benchmark.ips do |x|
x.report('include?') { !"index".to_s.include? File::SEPARATOR }
x.report(' !~ ') { "index" !~ Regexp.new(File::SEPARATOR) }
end
__END__
Calculating -------------------------------------
include? 75754 i/100ms
!~ 21089 i/100ms
-------------------------------------------------
include? 3172882.3 (±4.5%) i/s - 15832586 in 5.000659s
!~ 322918.8 (±8.6%) i/s - 1602764 in 4.999509s
```
Extra `.to_s` call is needed to handle the case when `action_name` is
`nil`. If it is omitted, some tests fail.
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Change Http::Cache::SPECIAL_KEYS from Array to Set
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Slightly improves performance, for example, a simple benchmark:
```ruby
require 'benchmark/ips'
require 'set'
SPECIAL_KEYS = %w[extras no-cache max-age public must-revalidate]
SPECIAL_KEYS_SET = Set.new(SPECIAL_KEYS)
directive = 'must-revalidate'
Benchmark.ips do |x|
x.report('array') { SPECIAL_KEYS.include?(directive) }
x.report('set') { SPECIAL_KEYS_SET.include?(directive) }
end
```
Output:
```
-------------------------------------
array 67926 i/100ms
set 74054 i/100ms
-------------------------------------
array 2318423.4 (±2.8%) i/s - 11615346 in 5.014899s
set 3387981.8 (±4.7%) i/s - 16958366 in 5.019355s
```
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Remove unused parameter.
|
| |/ / / / / |
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes issue #15511.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
ActionController::Parameters#require now accepts FalseClass values
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
Fixes #15685.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Set flash in test session when necessary.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
`to_session_value` returns nil when empty.
|