aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | docs, add ref where to find valid `head` status symbols.Yves Senn2014-07-251-0/+2
| | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | Bug fix for assert_template when opening a new session.Guo Xiang Tan2014-07-251-5/+9
| | | | | | | | | | | | | | | | | | | | See https://github.com/rails/rails/pull/16234#commitcomment-7115670.
* | | | | Fix AC::TemplateAssertions instance variables not resetting.Guo Xiang Tan2014-07-212-5/+8
| | | | | | | | | | | | | | | | | | | | Fixes https://github.com/rails/rails/issues/16119.
* | | | | LOCALHOST definition should match any 127.0.0.0/8 addressEarl J St Sauver2014-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The entire 127.0.0.0/8 range is assigned to the loopback address, not only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8 loopback address. The only place that the #local? method was previously under test was in the show_expectations_test.rb file. I don't particularly like that that's implicitly where this code is under test, and I feel like I should move some of that testing code into the test/dispatch/request_test.rb file, but I wanted some feedback first. Credit goes to @sriedel for discovering the issue and adding the patch.
* | | | | Prefer to pass block when logging.Guo Xiang Tan2014-07-181-25/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Logger by default includes a guard which checks for the logging level. By removing the custom logging guards, we can decouple the logging guard from the logging action to be done. This also follows the good practice listed on http://guides.rubyonrails.org/debugging_rails_applications.html#impact-of-logs-on-performance.
* | | | | `recall` should be `path_parameters`, also make it requiredAaron Patterson2014-07-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "recall" is a terrible name. This variable contains the parameters that we got from the path (e.g. for "/posts/1" it has :controller => "posts", :id => "1"). Since it contains the parameters we got from the path, "path_parameters" is a better name. We always pass path_parameters to `generate`, so lets make it required.
* | | | | pass the route name to define_url_helperAaron Patterson2014-07-172-22/+24
| | | | | | | | | | | | | | | | | | | | | | | | | this allows us to avoid 2 hash allocations per named helper definition, also we can avoid a `merge` and `delete`.
* | | | | use a strategy object for generating urls in named helpersAaron Patterson2014-07-172-21/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | since we know that the route should be a path or fully qualified, we can pass a strategy object that handles generation. This allows us to eliminate an "if only_path" branch when generating urls.
* | | | | extract path building to a methodAaron Patterson2014-07-161-9/+11
| | | | |
* | | | | break out path building logic to methodsAaron Patterson2014-07-161-14/+22
| | | | |
* | | | | only extract :params from the options hash onceAaron Patterson2014-07-161-3/+2
| | | | |
* | | | | we do not need to dup the options hash, it is private and a new object each callAaron Patterson2014-07-161-2/+2
| | | | |
* | | | | push rails app testing upAaron Patterson2014-07-161-9/+13
| | | | | | | | | | | | | | | | | | | | this way we only have to test for whether it is a rails app once.
* | | | | Rails-ish apps should descend from Rails::RailtieAaron Patterson2014-07-161-8/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Use an is_a check to ensure it's a Railsish app so we can avoid respond_to calls everywhere.
* | | | | app should always be a class (I suppose)Aaron Patterson2014-07-161-1/+1
| | | | |
* | | | | we should be checking if the app is a classAaron Patterson2014-07-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Hopefully `object.class` always returns something that is_a?(Class), so the previous logic didn't really make sense.
* | | | | extract inner options before delegating to the helperAaron Patterson2014-07-161-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | If we extract the options from the user facing method call ASAP, then we can simplify internal logic.
* | | | | always transcode the file to utf-8Aaron Patterson2014-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | people may be passing filenames to the constructor that are not utf-8, but they will assome that calling `original_filename` returns utf-8 (because that's what it used to do).
* | | | | Don't accept parameters as argument for redirect to [via @homakov]Santiago Pastorino2014-07-161-0/+1
| | | | | | | | | | | | | | | | | | | | Closes #16170
* | | | | routed applications will respond to these methodsAaron Patterson2014-07-152-2/+2
| | | | |
* | | | | rack 1.6 encodes the filenames in posts correctly nowAaron Patterson2014-07-151-8/+1
| | | | |
* | | | | RouteSet should be in charge of constructing the dispatherAaron Patterson2014-07-152-8/+13
| | | | | | | | | | | | | | | | | | | | Now we can override how requests are dispatched in the routeset object
* | | | | Stash original path in `ShowExceptions` middlewareGrey Baker2014-07-141-0/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code for the exception defined in `ExceptionWrapper`, so the path the user was visiting when an exception occurred was not previously available to any custom exceptions_app. The original `PATH_INFO` is now stashed in `env["action_dispatch.original_path"]`.
* | | | Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* | | | Removed single space padding from empty response body.Godfrey Chan2014-07-101-6/+2
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* | | Merge branch 'rosetta_flash' of https://github.com/gcampbell/rails into ↵Aaron Patterson2014-07-101-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gcampbell-rosetta_flash * 'rosetta_flash' of https://github.com/gcampbell/rails: Address CVE-2014-4671 (JSONP Flash exploit) Conflicts: actionpack/CHANGELOG.md
| * | | Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | | | Force encoding of US-ASCII to UTF-8 in unescape_uri.Karl Entwistle2014-07-101-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104.
* | | | Merge pull request #16091 from tgxworld/reduce_creation_of_subscribersSantiago Pastorino2014-07-091-17/+13
|\ \ \ \ | |/ / / |/| | | Reduce number of subscriptions created.
| * | | Reduce number of subscriptions created.Guo Xiang Tan2014-07-081-17/+13
| | | |
* | | | Fix weird comment. [CI SKIP]Guo Xiang Tan2014-07-091-2/+2
| | | |
* | | | Merge pull request #13999 from jamox/update_rackAaron Patterson2014-07-082-12/+11
|\ \ \ \ | |/ / / |/| | | This updates rails to use edge rack
| * | | Since upgrading rack we can remove unnecessary string encodingsJarmo Isotalo2014-05-191-9/+2
| | | | | | | | | | | | | | | | https://github.com/rack/rack/commit/5a5aee36
| * | | Upgraded rackJarmo Isotalo2014-05-191-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As Rack has some non backwards compatible changes added required modifications to keep behaviour in rails close to same as before. Also modified generators to include rack/rack for not yet released version of rack
* | | | remove the mounted_helpers respond_to checkAaron Patterson2014-07-071-1/+1
| | | | | | | | | | | | | | | | It always responds to mounted_helpers now
* | | | always test against a routed rack app so there are always url_helpersAaron Patterson2014-07-071-1/+1
| | | |
* | | | Generate shallow paths for all children of shallow resources.Seb Jacobs2014-07-061-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit shallow resources would only generate paths for non-direct children (with a nested depth greater than 1). Take the following routes file. resources :blogs do resources :posts, shallow: true do resources :comments do resources :tags end end end This would generate shallow paths for `tags` nested under `posts`, e.g `/posts/:id/tags/`, however it would not generate shallow paths for `comments` nested under `posts`, e.g `/posts/:id/comments/new`. This commit changes the behaviour of the route mapper so that it generate paths for direct children of shallow resources, for example if you take the previous routes file, this will now generate shallow paths for `comments` nested under `posts`, .e.g `posts/:id/comments/new`. This was the behaviour in Rails `4.0.4` however this was broken in @jcoglan's fix for another routes related issue[1]. This also fixes an issue[2] reported by @smdern. [1] https://github.com/rails/rails/commit/d0e5963 [2] https://github.com/rails/rails/issues/15783
* | | | Merge pull request #16013 from tgxworld/remove_symbolized_path_parametersRafael Mendonça França2014-07-043-5/+5
|\ \ \ \ | | | | | | | | | | Remove symbolized_path_parameters.
| * | | | Remove symbolized_path_parameters.Guo Xiang Tan2014-07-023-5/+5
| | | | | | | | | | | | | | | | | | | | This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
* | | | | Merge pull request #16011 from xjlu/token_and_optionsRafael Mendonça França2014-07-041-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Improve token_and_options regex and test
| * | | | | Improve token_and_options regex and testXinjiang Lu2014-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | add a test case to test the regex for the helper method raw_params
* | | | | | [ci skip] /javascript/ -> JavaScript - cover whole appAkshay Vishnoi2014-07-041-1/+1
| | | | | |
* | | | | | Change the JSON renderer to enforce the 'JS' Content TypeLucas Mazza2014-07-021-1/+4
| |/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The controller can set the response format as 'JSON' before the renderer code be evaluated, so we must replace it when necessary. Fixes #15081
* | | | | flash doesn't pass objects #15522 [ci skip]Nishant Modak2014-07-011-3/+6
|/ / / /
* | | | makes it sound less misleadingShunsukeAida2014-07-021-2/+2
| | | |
* | | | Fix doc unwanted dl Admin:: [ci skip]Ciro Santilli2014-07-011-1/+1
| | | |
* | | | push host / port / protocol extraction upAaron Patterson2014-06-301-6/+6
| | | | | | | | | | | | | | | | Then we only need to extract host once.
* | | | Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-272-5/+24
|\ \ \ \ | |_|_|/ |/| | | | | | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
| * | | Improvements per code review.Rafael Chacón2014-06-271-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | * General style fixes. * Add changes to configuration guide. * Add missing tests.
| * | | Add always_permitted_parameters as an option.Rafael Chacón2014-06-262-5/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * This commit adds back the always_permitted_parameters configuration option to strong paramaters. * The initial pull requests where this feature was added are the following: - https://github.com/rails/rails/pull/12682 - https://github.com/rails/strong_parameters/pull/174