aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #14945 from tomkadwill/form_authenticity_param_refactorRafael Mendonça França2014-05-061-1/+1
|\ | | | | Moved 'params[request_forgery_protection_token]' into its own method and...
| * Moved 'params[request_forgery_protection_token]' into its own method and ↵Tom Kadwill2014-05-061-1/+1
| | | | | | | | improved tests.
* | Only accept actions without File::SEPARATOR in the name.Rafael Mendonça França2014-05-061-3/+25
|/ | | | | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130 Conflicts: actionpack/lib/abstract_controller/base.rb
* Get rid of extra local var that does not add to the logicCarlos Antonio da Silva2014-05-051-2/+2
| | | | There are too many "action name" variables around the process method.
* Do not use short-circuit returnRafael Mendonça França2014-05-041-2/+3
|
* Merge pull request #11166 from xavier/callable_constraint_verificationRafael Mendonça França2014-05-041-0/+7
|\ | | | | | | | | | | | | Callable route constraint verification Conflicts: actionpack/CHANGELOG.md
| * Verify that route constraints respond to the expected messages instead of ↵Xavier Defrang2013-06-281-0/+7
| | | | | | | | silently failing to enforce the constraint
* | Fix examples indent and improve #process docs a bit [ci skip]Carlos Antonio da Silva2014-05-041-16/+14
| |
* | Document ActionController::TestCase::Behavior#processGaurish Sharma2014-05-041-0/+27
| | | | | | | | [ci skip]
* | Use #include? instead of #any?, make it simplerAkshay Vishnoi2014-05-031-1/+1
| |
* | passing a nil in the polymorphic array is not supported. remove nils before ↵Aaron Patterson2014-05-021-0/+4
| | | | | | | | you call the method
* | passing a nil should always raise an ArgumentErrorAaron Patterson2014-05-021-1/+0
| |
* | Tiny follow up to #14915 [ci skip]Robin Dupret2014-05-021-19/+18
| |
* | only add the optiosn if they are not emptyAaron Patterson2014-05-011-1/+3
| | | | | | | | | | | | I think this is wrong, but it gets the build passing for now. We should always add options, but we need to make more guarantees about how the underlying url helper is called
* | always pass options to the _url methodAaron Patterson2014-05-011-3/+1
| |
* | never merge url options in to the first data hashAaron Patterson2014-05-011-1/+1
| | | | | | | | | | if you want options, don't mix them with the first hash, just pass them all in with the second hash
* | Merge pull request #14915 from juanpastas/patch-1Rafael Mendonça França2014-05-011-20/+37
|\ \ | | | | | | Update mapper.rb
| * | [skip ci] Document: required `via` option in `match` routing method.Juan David Pastas2014-04-301-20/+37
| | |
* | | Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * | | Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-1/+1
| | | | | | | | | | | | | | | | Fixes #12638.
* | | | avoid calling extract_record multiple timesAaron Patterson2014-04-301-3/+2
| | | |
* | | | eliminate conditional when sending the named route methodAaron Patterson2014-04-301-2/+4
| | | |
* | | | do not allocate strings while creating urlsAaron Patterson2014-04-301-1/+1
| | | |
* | | | don't allocate string on hash accessAaron Patterson2014-04-301-1/+1
| |/ / |/| |
* | | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | | Merge pull request #10764 from mokevnin/replace_class_eval_by_define_methodRafael Mendonça França2014-04-221-35/+29
|\ \ \ | | | | | | | | replace class_eval by define_method in abstract_controller/callbacks
| * | | replace class_eval by define_method in abstract_controller/callbackskirill2014-04-201-35/+29
| | | |
* | | | ActionController::Renderers documentation fixStevie Graham2014-04-201-2/+2
|/ / / | | | | | | | | | | | | ActionController::Renderers::RENDERERS is an instance of Set. Docs incorrectly state that it's a Hash.
* | | [ci skip] builtin -> built-inAkshay Vishnoi2014-04-201-1/+1
| | |
* | | Make URL escaping more consistentAndrew White2014-04-204-6/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers 2. Add an `escape_segment` helper to `Router::Utils` that escapes '/' characters 3. Use `escape_segment` rather than `escape_fragment` in optimized URL generation 4. Use `escape_segment` rather than `escape_path` in URL generation For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use `escape_path` as the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a `:controller` segment is used in the path then this uses `escape_path` as the controller may be namespaced. Fixes #14629, #14636 and #14070.
* | | Optimize URI escapingAndrew White2014-04-201-17/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The URI::Parser#escape method is a general use method that has to deal with a variety of input however our use of it is limited in scope so we can increase the performance by implementing our specific needs within ActionDispatch::Journey::Router::Utils directly. If there is no encoding required then there is no change in performance or number of objects allocated, but for each character that needs to be encoded we save five object allocations and gain a performance boost. The performance boost seen varies from 20% when there is one character to over 50% when encoding ten characters.
* | | Always escape string passed to url helper.edogawaconan2014-04-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Makes it clear that anything passed with the helper must not be percent encoded. Fixes previous behavior which tricks people into believing passing non-percent-encoded will generate a proper percent-encoded path while in reality it doesn't ('%' isn't escaped). The intention is nice but the heuristic is broken.
* | | "subhash" --> "sub-hash"Akshay Vishnoi2014-04-191-2/+2
| | |
* | | Implement to_io as an aliasRafael Mendonça França2014-04-171-5/+1
| | |
* | | Merge pull request #14755 from timlinquist/to_io_http_uploadRafael Mendonça França2014-04-171-0/+5
|\ \ \ | | | | | | | | | | | | Use common to_io so users can access the underlying IO object
| * | | Provide interface for accessing underlying IO objectTim Linquist2014-04-151-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | In some cases users may need to work with/manipulate more of the Tempfile api than provided by Upload. Allow users to get at the underlying io via the common to_io method of IO/IO-like objects
* | | | Update AC::Metal documentation example [ci skip]Yury Velikanau2014-04-151-1/+2
| | | | | | | | | | | | | | | | Include proper module since AV was extracted form AP as mentioned in #14659.
* | | | Merge pull request #14745 from razum2um/plain-text-diagnosticsRafael Mendonça França2014-04-152-0/+9
|\ \ \ \ | | | | | | | | | | Display diagnostics in text format for xhr request
| * | | | Display diagnostics in text format for xhr requestVlad Bokov2014-04-142-0/+9
| | | | |
* | | | | Merge pull request #14728 from stomar/assertion-msgYves Senn2014-04-151-3/+3
|\ \ \ \ \ | | | | | | | | | | | | Remove surplus period from assertion messages
| * | | | | Remove surplus period from assertion messagesMarcus Stollsteimer2014-04-131-3/+3
| | | | | |
* | | | | | Merge pull request #14642 from tgxworld/fix_notifications_not_unsubscribingYves Senn2014-04-151-5/+7
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | Fix subscriptions not being unsubscribed.
| * | | | | Fix subscriptions not being unsubscribed.Guo Xiang Tan2014-04-141-5/+7
| |/ / / /
* | / / / Return null type format when format is not knowRafael Mendonça França2014-04-141-1/+1
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When requesting a controller with the following code with a unknown format: def my_action respond_to do |format| format.json { head :ok } format.any { render text: 'Default response' } end end we should render the default response instead of raising ActionController::UnknownFormat Fixes #14462 Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/mime/respond_with_test.rb Conflicts: actionpack/CHANGELOG.md
* | | | Update documentation to use Rails.application insteadMarcel Morgan2014-04-132-2/+2
|/ / / | | | | | | | | | | | | | | | | | | References to ``AppName::Application` removed in favour of ``Rails.application`` as generated with a new rails 4.1 app. [ci skip]
* | | Merge pull request #14619 from winston/enhance-routing-error-htmlRafael Mendonça França2014-04-111-63/+119
|\ \ \ | | | | | | | | | | | | Enhance routing error html page
| * | | Split search results into 'exact matches' and 'fuzzy matches'.Winston2014-04-111-60/+96
| | | | | | | | | | | | | | | | - also refactored the javascript.
| * | | Improve CSS styling for routing error html page.Winston2014-04-111-7/+25
| | | |
| * | | Implement fuzzy matching for route search on routing error html page.Winston2014-04-111-8/+10
| | | |
* | | | Only make deeply nested routes shallow when parent is shallowAndrew White2014-04-111-1/+14
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Since `:shallow` may be set at any point in the resource nesting we should only make the new and collection routes shallow when the parent is shallow. This is a bit of a hack but until the mapper is refactored to an object graph instead of a hash of merged values it's the best we can do. Fixes #14684.