| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
|
| |
| |
| |
| |
| |
| |
| |
| | |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
| | |
|
| | |
|
|\ \
| |/
|/|
| |
| | |
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| | |
This PR fixes #13064 regression bug introduced by the #8085
Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type.
In this way the method Response#assign_default_content_type_and_charset can
write the the default mime_type.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.
Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.
Fixes #13110.
|
| | |
|
|/ |
|
|
|
|
|
| |
This commit makes it really easy to debug errors due to typos like
"assert_response :succezz".
|
|\
| |
| |
| |
| |
| | |
Conflicts:
activesupport/lib/active_support/core_ext/hash/deep_merge.rb
activesupport/lib/active_support/core_ext/hash/keys.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
According to our guideline, we leave 1 space between `#` and `=>`, so we
want `# =>` instead of `#=>`.
Thanks to @fxn for the suggestion.
[ci skip]
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 5a19346d2855ecb1c791cdef3af92589566d00db, reversing
changes made to d82588ee4756b03025813b3997f4db171ee0fcdc.
This argument is being used in the view
https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/visualizer/index.html.erb#L4
It is being set using the binding
https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/gtg/transition_table.rb#L108
|
| | |
|
| |
| |
| |
| | |
This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
|
| |
| |
| |
| | |
Only set the value once after it's calculated.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep".
This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
|
|\ \
| | |
| | | |
avoiding next statements
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Used Yield instead of block.call
|
| |/ |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Remove @order attribute from collector
|
| |/
| |
| |
| | |
Ruby 1.8 legacy. Since 1.9 hash preserves insertion order. No need for additional array to achieve this
|
|\ \
| |/
|/| |
Improve Errors when Controller Name or Action isn't specfied
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These errors occur when, there routes are wrongly defined.
example, the following line would cause a missing :action error
root "welcomeindex"
Mostly beginners are expected to hit these errors, so lets improve the error message a bit to make their learning experience bit better.
|
| |
| |
| |
| |
| |
| |
| | |
constant.
`view_assigns` can use the precalculated sets and remove instance
variables without allocating any extra arrays
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JSON.{dump,generate} offered by the JSON gem is not compatiable with
Rails at the moment and can cause a lot of subtle bugs when passed
certain data structures. This changed all direct usage of the JSON gem
in internal Rails code to always go through AS::JSON.{decode,encode}.
We also shouldn't be implementing `to_json` most of the time, and
these occurances are replaced with an equivilent `as_json`
implementation to avoid problems down the road.
See [1] for all the juicy details.
[1]: intridea/multi_json#138 (comment)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
sebasoga/change_strong_parameters_require_behaviour"
This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing
changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90.
See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
|
|\
| |
| |
| |
| | |
sebasoga/change_strong_parameters_require_behaviour
Change ActionController::Parameters#require behavior when value is empty
|
| |
| |
| |
| |
| | |
When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading.
With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
|
| |
| |
| |
| | |
Fixes a typo in the description for the call class method in Responder.
|
| |
| |
| | |
Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
|
| | |
|
| | |
|