aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
Commit message (Collapse)AuthorAgeFilesLines
* Change deep_munge call to avoid deprecation warningCarlos Antonio da Silva2013-12-031-2/+2
|
* Merge branch 'master-sec'Aaron Patterson2013-12-031-2/+2
|\ | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-2/+2
| | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* | Convert Mime::NullType in a singletonGuillermo Iguaran2013-12-031-1/+4
| |
* | Cleanups in comment about conditionalGuillermo Iguaran2013-12-031-1/+2
| |
* | Merge branch 'format_localized_template' of https://github.com/acapilleri/railsGuillermo Iguaran2013-12-031-1/+1
|\ \ | |/ |/| | | | | Conflicts: actionpack/CHANGELOG.md
| * Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-031-1/+1
| | | | | | | | | | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
* | Remove deprecated cattr_* requiresGenadi Samokovarov2013-12-034-4/+4
| |
* | Try to escape each part of a path redirect route correctlyAndrew White2013-12-021-8/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | A path redirect may contain any and all parts of a url which have different escaping rules for each part. This commit tries to escape each part correctly by splitting the string into three chunks - path (which may also include a host), query and fragment; then it applies the correct escape pattern to each part. Whilst using `URI.parse` would be better, unfortunately the possible presence of %{name} parameters in the path redirect string prevents us from using it so we have to use a regular expression instead. Fixes #13110.
* | [ci skip] Removing some gender sensitive object pronounsTejas Dinkar2013-12-021-2/+2
| |
* | Use genderless pronouns in API docsGuillermo Iguaran2013-12-011-1/+1
|/
* Better error message for typos in assert_response argument.Victor Costan2013-11-251-0/+3
| | | | | This commit makes it really easy to debug errors due to typos like "assert_response :succezz".
* Merge remote-tracking branch 'docrails/master'Xavier Noria2013-11-241-1/+1
|\ | | | | | | | | | | Conflicts: activesupport/lib/active_support/core_ext/hash/deep_merge.rb activesupport/lib/active_support/core_ext/hash/keys.rb
| * Change syntax format for example returned valuesPrem Sichanugrist2013-11-111-1/+1
| | | | | | | | | | | | | | | | | | According to our guideline, we leave 1 space between `#` and `=>`, so we want `# =>` instead of `#=>`. Thanks to @fxn for the suggestion. [ci skip]
* | Revert "Merge pull request #12990 from vipulnsward/remove_visualizer_param"Rafael Mendonça França2013-11-211-1/+1
| | | | | | | | | | | | | | | | | | | | | | This reverts commit 5a19346d2855ecb1c791cdef3af92589566d00db, reversing changes made to d82588ee4756b03025813b3997f4db171ee0fcdc. This argument is being used in the view https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/visualizer/index.html.erb#L4 It is being set using the binding https://github.com/rails/rails/blob/5a19346d2855ecb1c791cdef3af92589566d00db/actionpack/lib/action_dispatch/journey/gtg/transition_table.rb#L108
* | Remove unused param `title`to `TransitionTable#visualizer`Vipul A M2013-11-221-1/+1
| |
* | Fix for routes taskSıtkı Bağdat2013-11-211-1/+2
| | | | | | | | This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
* | Avoid hash lookups for building an array of required defaultsCarlos Antonio da Silva2013-11-151-2/+3
| | | | | | | | Only set the value once after it's calculated.
* | Get rid of useless temp variableCarlos Antonio da Silva2013-11-151-2/+1
| |
* | Set values instead of building hashes with single values for mergingCarlos Antonio da Silva2013-11-151-2/+2
| |
* | Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+2
| |
* | Revert "Used Yield instead of block.call" -- this causes all of ↵David Heinemeier Hansson2013-11-141-2/+2
| | | | | | | | | | | | atom_feed_helper_test.rb to fail with "SystemStackError: stack level too deep". This reverts commit d3a1ce1cdc60d593de1682c5f4e3230c8db9a0fd.
* | Merge pull request #12892 from akshay-vishnoi/refactorRafael Mendonça França2013-11-141-9/+12
|\ \ | | | | | | avoiding next statements
| * | avoiding next statementsAkshay Vishnoi2013-11-151-9/+12
| | |
* | | Merge pull request #12889 from kuldeepaggarwal/speed_upsRafael Mendonça França2013-11-141-2/+2
|\ \ \ | |/ / |/| | Used Yield instead of block.call
| * | Used Yield instead of block.callKuldeep Aggarwal2013-11-151-2/+2
| |/
* | class methods moved to already defined class<<self blockAkshay Vishnoi2013-11-151-6/+6
| |
* | #presence usedAkshay Vishnoi2013-11-141-5/+1
| |
* | Merge pull request #12838 from strzalek/remove_mime_type_order_varGuillermo Iguaran2013-11-101-4/+3
|\ \ | | | | | | Remove @order attribute from collector
| * | Remove order attribute from collectorLukasz Strzalkowski2013-11-101-4/+3
| |/ | | | | | | Ruby 1.8 legacy. Since 1.9 hash preserves insertion order. No need for additional array to achieve this
* | Merge pull request #12740 from gaurish/patch-1Rafael Mendonça França2013-11-101-2/+4
|\ \ | |/ |/| Improve Errors when Controller Name or Action isn't specfied
| * Improve Errors when Controller Name or Action isn't specfiedGaurish Sharma2013-11-051-2/+4
| | | | | | | | | | | | | | | | | | | | These errors occur when, there routes are wrongly defined. example, the following line would cause a missing :action error root "welcomeindex" Mostly beginners are expected to hit these errors, so lets improve the error message a bit to make their learning experience bit better.
* | calculate the ivars to remove in advance as a set and cache them in aAaron Patterson2013-11-062-11/+12
| | | | | | | | | | | | | | constant. `view_assigns` can use the precalculated sets and remove instance variables without allocating any extra arrays
* | use a set and reject to avoid array allocationsAaron Patterson2013-11-061-4/+11
| |
* | each_with_object on the view_assigns hashAaron Patterson2013-11-061-3/+1
| |
* | use slice to avoid range allocationAaron Patterson2013-11-061-1/+3
| |
* | these variables are also privateAaron Patterson2013-11-061-0/+1
| |
* | instance_variables returns symbols, so we should use symbols in our listAaron Patterson2013-11-061-1/+1
| |
* | Eliminate `JSON.{parse,load,generate,dump}` and `def to_json`Godfrey Chan2013-11-051-5/+3
|/ | | | | | | | | | | | | | | JSON.{dump,generate} offered by the JSON gem is not compatiable with Rails at the moment and can cause a lot of subtle bugs when passed certain data structures. This changed all direct usage of the JSON gem in internal Rails code to always go through AS::JSON.{decode,encode}. We also shouldn't be implementing `to_json` most of the time, and these occurances are replaced with an equivilent `as_json` implementation to avoid problems down the road. See [1] for all the juicy details. [1]: intridea/multi_json#138 (comment)
* :scissors: [ci skip]Carlos Antonio da Silva2013-11-041-3/+0
|
* Code style for privacy indentionDavid Heinemeier Hansson2013-11-031-8/+8
|
* Ensure backwards compability after the #deep_munge extractionDavid Heinemeier Hansson2013-11-031-0/+10
|
* Improve wording in AC::ParameterMissing error messageGuillermo Iguaran2013-11-021-1/+1
|
* Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-022-25/+10
| | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* Merge pull request #9660 from ↵Guillermo Iguaran2013-11-012-10/+25
|\ | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-112-10/+25
| | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | Fix typo in method description in Responder classLin Reid2013-11-011-1/+1
| | | | | | | | Fixes a typo in the description for the call class method in Responder.
* | Warnings removed for ruby trunkArun Agrawal2013-11-011-1/+1
| | | | | | Same as 4d4ff531b8807ee88a3fc46875c7e76f613956fb
* | add the fetch method to sessionsDamien Mathieu2013-10-291-0/+12
| |
* | don't mutate hash with fetchDoug Cole2013-10-261-1/+8
| |