aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | | CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-171-13/+61
| | | | | | | | | | | | | | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
| * | | | Some assorted fixes for the 4.1 release notes:Godfrey Chan2013-12-171-1/+1
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added release notes for secrets.yml and mentioned it in the highlights * Added release notes for Mailer previews and mentioned it in the highlights * Added release notes for Module#concerning * Removed mention for AV extraction from the highlights * Rearranged the major features to put highlighted features first * Various improvements and typo fixes [ci skip]
| * | | Add mailer previews feature based on mail_view gemAndrew White2013-12-171-1/+1
| | | |
| * | | Update secret_key_base Docsrobertomiranda2013-12-152-10/+11
| | | |
| * | | Fix syntax error in redirect_to examplePhilipe Fatio2013-12-141-1/+1
| | | | | | | | | | | | | | | | | | | | Without parenthesis, ruby assumes that curly braces denote the beginning of a block.
| * | | Merge pull request #13293 from akshay-vishnoi/typoCarlos Antonio da Silva2013-12-124-5/+5
| |\ \ \ | | | | | | | | | | Spelling and Grammar checks [ci skip]
| | * | | Spelling and Grammar checksAkshay Vishnoi2013-12-124-5/+5
| | | | |
| * | | | Variants inline syntax documentation [ci skip]Łukasz Strzałkowski2013-12-121-0/+9
| |/ / / | | | | | | | | | | | | | | | | | | | | * Extend method documentation * Mention it in actionpack/CHANGELOG * Update release notes
| * | | Merge pull request #13288 from dvsuresh/fix_typoDamien Mathieu2013-12-121-1/+1
| |\ \ \ | | | | | | | | | | Fix typo in action_controller responder.rb [ci skip]
| | * | | Fix typo in action_controller responder.rbdvsuresh2013-12-121-1/+1
| | | | |
| * | | | Merge pull request #13284 from aayushkhandelwal11/typos_correctedGodfrey Chan2013-12-111-1/+1
| |\ \ \ \ | | |/ / / | |/| | | s/everytime/every time/
| | * | | typos rectified [ci skip]Aayush khandelwal2013-12-121-1/+1
| | | | |
| * | | | Make ActionDispatch::Request::Session#fetch behave like Hash#fetchTrent Ogren2013-12-111-8/+8
| |/ / / | | | | | | | | | | | | | | | | | | | | Session#fetch was mutating the session when given a default argument and/or a block. Since Session duck-types as a Hash, it should behave like one in these cases.
| * | | Fix mounting engines inside a resources blockPiotr Sarnacki2013-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a route is mounted inside a resources block, it's automatically prefixed, so a following code: resources :users do mount Blog::Engine => '/blog' end will generate a user_blog path helper. In order to access engine helpers, we also use "mounted_helpers", a list of helpers associated with each mounted engine, so a path to blog's post can be generated using user_blog.post_path(user, post). The problem I'm fixing here is that mount used a raw :as option, without taking nestings into account. As a result, blog was added to a route set as a `user_blog`, but helper was generated for just `blog`. This commit applies the proper logic for defining a helper for a mounted engine nested in resources or resource block. (closes #8533)
| * | | Inline variants syntaxŁukasz Strzałkowski2013-12-101-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
| * | | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-101-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.
| * | | Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-15/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
| * | | Merge pull request #13235 from strzalek/variants-inlineDavid Heinemeier Hansson2013-12-081-9/+15
| |\ \ \ | | | | | | | | | | Inline syntax for variants
| | * | | Inline variants syntaxŁukasz Strzałkowski2013-12-081-8/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
| | * | | Simplify @responses hash initializationŁukasz Strzałkowski2013-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @responses hash needs to be initialized with mime types that we get from Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as value. This need to happen before content negotiation. Before that, it was looping though mime types and executing mime-type-generated method inside collector (see AbstractController::Collector#generate_method_for_mime). That approach resulted in 2 unnecessary method calls for each mime type collected by Collector#collect_mimes_from_class_level. Now hash is initialized in place, without usage of Collector#custom method.
| * | | | Require action_view explicitly in AC::BaseŁukasz Strzałkowski2013-12-082-0/+2
| |/ / /
| * | | Variants can be declared without a block to signify their presence in the ↵David Heinemeier Hansson2013-12-071-1/+3
| | | | | | | | | | | | | | | | controller
| * | | Allow code execution in case no variant has been set with variant.noneDavid Heinemeier Hansson2013-12-071-4/+5
| | | |
| * | | Add Mime::Type.register "text/vcard", :vcf to the default list of mime typesDavid Heinemeier Hansson2013-12-051-0/+1
| | | |
| * | | Merge pull request #13189 from strzalek/retain-ap-av-depJeremy Kemper2013-12-052-15/+4
| |\ \ \ | | | | | | | | | | Retain ActionPack dependency on ActionView. Fixes #12979.
| | * | | Retain ActionPack dependency on ActionViewŁukasz Strzałkowski2013-12-052-15/+4
| | | | |
| * | | | remove nil in NullType#ref.Angelo capilleri2013-12-041-3/+1
| | |_|/ | |/| | | | | | | | | | | | | | Return Nil is implicit in a method and this syntax is used in the others classes
| * | | Improve a couple exception messages related to variants and mime typesCarlos Antonio da Silva2013-12-033-15/+19
| | | | | | | | | | | | | | | | | | | | Avoid one-liner conditionals when they are too big. Avoid concatenating strings to build error messages. Improve messages a bit.
| * | | Add nodoc to added VariantFilter classCarlos Antonio da Silva2013-12-031-3/+3
| |/ /
| * | Action Pack VariantsŁukasz Strzałkowski2013-12-044-5/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
| * | Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
| | |
| * | Merge branch 'master-sec'Aaron Patterson2013-12-031-2/+2
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| | * | Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
| * | | Convert Mime::NullType in a singletonGuillermo Iguaran2013-12-031-1/+4
| | | |
| * | | Cleanups in comment about conditionalGuillermo Iguaran2013-12-031-1/+2
| | | |
| * | | Merge branch 'format_localized_template' of https://github.com/acapilleri/railsGuillermo Iguaran2013-12-031-1/+1
| |\ \ \ | | |/ / | |/| | | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| | * | Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
| * | | Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-034-4/+4
| | | |
| * | | Try to escape each part of a path redirect route correctlyAndrew White2013-12-021-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A path redirect may contain any and all parts of a url which have different escaping rules for each part. This commit tries to escape each part correctly by splitting the string into three chunks - path (which may also include a host), query and fragment; then it applies the correct escape pattern to each part. Whilst using `URI.parse` would be better, unfortunately the possible presence of %{name} parameters in the path redirect string prevents us from using it so we have to use a regular expression instead. Fixes #13110.
| * | | [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-2/+2
| | | |
| * | | Use genderless pronouns in API docsGuillermo Iguaran2013-12-011-1/+1
| |/ /
* / / Fix stream closing when sending file with `ActionController::Live` included.Lauro Caetano2013-11-301-1/+1
|/ / | | | | | | Fixes #12381
* / Better error message for typos in assert_response argument.Victor Costan2013-11-251-0/+3
|/ | | | | This commit makes it really easy to debug errors due to typos like "assert_response :succezz".
* Merge remote-tracking branch 'docrails/master'Xavier Noria2013-11-241-1/+1
|\ | | | | | | | | | | Conflicts: activesupport/lib/active_support/core_ext/hash/deep_merge.rb activesupport/lib/active_support/core_ext/hash/keys.rb
| * Change syntax format for example returned valuesPrem Sichanugrist2013-11-111-1/+1
| | | | | | | | | | | | | | | | | | According to our guideline, we leave 1 space between `#` and `=>`, so we want `# =>` instead of `#=>`. Thanks to @fxn for the suggestion. [ci skip]
* | Revert "Merge pull request #12990 from vipulnsward/remove_visualizer_param"Rafael Mendonça França2013-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | This reverts commit 5a19346d2855ecb1c791cdef3af92589566d00db, reversing changes made to d82588ee4756b03025813b3997f4db171ee0fcdc. This argument is being used in the view https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/visualizer/index.html.erb#L4 It is being set using the binding https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/gtg/transition_table.rb#L108
* | Remove unused param `title`to `TransitionTable#visualizer`Vipul A M2013-11-221-1/+1
| |
* | Fix for routes taskSıtkı Bağdat2013-11-211-1/+2
| | | | | | | | This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
* | Avoid hash lookups for building an array of required defaultsCarlos Antonio da Silva2013-11-151-2/+3
| | | | | | | | Only set the value once after it's calculated.
* | Get rid of useless temp variableCarlos Antonio da Silva2013-11-151-2/+1
| |