| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Fixes https://github.com/rails/rails/issues/16119.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The entire 127.0.0.0/8 range is assigned to the loopback address, not
only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST
to match any IPv4 127.0.0.0/8 loopback address.
The only place that the #local? method was previously under test was
in the show_expectations_test.rb file. I don't particularly like that
that's implicitly where this code is under test, and I feel like I
should move some of that testing code into the
test/dispatch/request_test.rb file, but I wanted some feedback first.
Credit goes to @sriedel for discovering the issue and adding the
patch.
|
| |
|
|
|
|
|
|
| |
The Logger by default includes a guard which checks for the
logging level. By removing the custom logging guards, we can decouple
the logging guard from the logging action to be done.
This also follows the good practice listed on http://guides.rubyonrails.org/debugging_rails_applications.html#impact-of-logs-on-performance.
|
| |
|
|
|
|
|
|
| |
"recall" is a terrible name. This variable contains the parameters that
we got from the path (e.g. for "/posts/1" it has :controller => "posts",
:id => "1"). Since it contains the parameters we got from the path,
"path_parameters" is a better name. We always pass path_parameters to
`generate`, so lets make it required.
|
| |
|
|
|
| |
this allows us to avoid 2 hash allocations per named helper definition,
also we can avoid a `merge` and `delete`.
|
| |
|
|
|
|
| |
since we know that the route should be a path or fully qualified, we can
pass a strategy object that handles generation. This allows us to
eliminate an "if only_path" branch when generating urls.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
this way we only have to test for whether it is a rails app once.
|
| |
|
|
|
| |
Use an is_a check to ensure it's a Railsish app so we can avoid
respond_to calls everywhere.
|
| | |
|
| |
|
|
|
| |
Hopefully `object.class` always returns something that is_a?(Class), so
the previous logic didn't really make sense.
|
| |
|
|
|
| |
If we extract the options from the user facing method call ASAP, then we
can simplify internal logic.
|
| |
|
|
|
|
| |
people may be passing filenames to the constructor that are not utf-8,
but they will assome that calling `original_filename` returns utf-8
(because that's what it used to do).
|
| |
|
|
| |
Closes #16170
|
| | |
|
| | |
|
| |
|
|
| |
Now we can override how requests are dispatched in the routeset object
|
| |
|
|
|
|
|
|
|
|
| |
`ActionDispatch::ShowExceptions` overwrites `PATH_INFO` with the status code
for the exception defined in `ExceptionWrapper`, so the path the user was
visiting when an exception occurred was not previously available to any custom
exceptions_app.
The original `PATH_INFO` is now stashed in
`env["action_dispatch.original_path"]`.
|
| |
|
|
|
|
|
|
|
|
| |
Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.
Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.
Use `render body: ' '` if the old behavior is desired.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| | |
| |
| |
| |
| |
| | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
| |\ \
| |/
|/| |
Reduce number of subscriptions created.
|
| | | |
|
| | | |
|
| |\ \
| |/
|/| |
This updates rails to use edge rack
|
| | |
| |
| |
| | |
https://github.com/rack/rack/commit/5a5aee36
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
|
| | |
| |
| |
| | |
It always responds to mounted_helpers now
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this commit shallow resources would only generate paths for
non-direct children (with a nested depth greater than 1).
Take the following routes file.
resources :blogs do
resources :posts, shallow: true do
resources :comments do
resources :tags
end
end
end
This would generate shallow paths for `tags` nested under `posts`,
e.g `/posts/:id/tags/`, however it would not generate shallow paths
for `comments` nested under `posts`, e.g `/posts/:id/comments/new`.
This commit changes the behaviour of the route mapper so that it
generate paths for direct children of shallow resources, for example
if you take the previous routes file, this will now generate
shallow paths for `comments` nested under `posts`, .e.g
`posts/:id/comments/new`.
This was the behaviour in Rails `4.0.4` however this was broken in
@jcoglan's fix for another routes related issue[1].
This also fixes an issue[2] reported by @smdern.
[1] https://github.com/rails/rails/commit/d0e5963
[2] https://github.com/rails/rails/issues/15783
|
| |\ \
| | |
| | | |
Remove symbolized_path_parameters.
|
| | | |
| | |
| | |
| | | |
This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
|
| |\ \ \
| | | |
| | | | |
Improve token_and_options regex and test
|
| | | | |
| | | |
| | | |
| | | | |
add a test case to test the regex for the helper method raw_params
|
| | | | | |
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
The controller can set the response format as 'JSON' before the renderer code be
evaluated, so we must replace it when necessary.
Fixes #15081
|
| |/ / |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Then we only need to extract host once.
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
Add always permitted parameters as a configurable option.
[Rafael Mendonça França + Gary S. Weaver]
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* General style fixes.
* Add changes to configuration guide.
* Add missing tests.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* This commit adds back the always_permitted_parameters
configuration option to strong paramaters.
* The initial pull requests where this feature was added
are the following:
- https://github.com/rails/rails/pull/12682
- https://github.com/rails/strong_parameters/pull/174
|
| |\ \ \
| | | |
| | | | |
Replace x.sort_by!.select! with x.select!.sort_by!
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The latter has the same speed as the former in the worst case
and faster in general, because it is always better to sort less items.
Unfortunately, `routes.select!{...}.sort_by!{...}` is not possible here
because `select!` returns `nil`, so select! and sort! must be done
in two steps.
|
