| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
#13382]
|
| |\
| |
| |
| |
| |
| |
| | |
Add configuration option to optionally disable deep_munge
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Closes #9625
|
| | | |
| | |
| | |
| | |
| | |
| | | |
renamed to `Minitest`
Ref: https://github.com/seattlerb/minitest/blob/master/History.txt
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
CSRF protection from cross-origin <script> tags
|
| | | | |
| | | |
| | | |
| | | | |
Thanks to @homakov for sounding the alarm about JSONP-style data leaking
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Added release notes for secrets.yml and mentioned it in the highlights
* Added release notes for Mailer previews and mentioned it in the highlights
* Added release notes for Module#concerning
* Removed mention for AV extraction from the highlights
* Rearranged the major features to put highlighted features first
* Various improvements and typo fixes
[ci skip]
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Without parenthesis, ruby assumes that curly braces denote the beginning
of a block.
|
| |\ \ \
| | | |
| | | | |
Spelling and Grammar checks [ci skip]
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
* Extend method documentation
* Mention it in actionpack/CHANGELOG
* Update release notes
|
| |\ \ \
| | | |
| | | | |
Fix typo in action_controller responder.rb [ci skip]
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
s/everytime/every time/
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a route is mounted inside a resources block, it's automatically
prefixed, so a following code:
resources :users do
mount Blog::Engine => '/blog'
end
will generate a user_blog path helper.
In order to access engine helpers, we also use "mounted_helpers", a list
of helpers associated with each mounted engine, so a path to blog's post
can be generated using user_blog.post_path(user, post).
The problem I'm fixing here is that mount used a raw :as option, without
taking nestings into account. As a result, blog was added to a route set
as a `user_blog`, but helper was generated for just `blog`.
This commit applies the proper logic for defining a helper for a mounted
engine nested in resources or resource block.
(closes #8533)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those situations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
little more work!
This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing
changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
|
| |\ \ \
| | | |
| | | | |
Inline syntax for variants
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those sitiations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
`
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
|
| |/ / / |
|
| | | |
| | |
| | |
| | | |
controller
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Retain ActionPack dependency on ActionView. Fixes #12979.
|
| | | | | |
|
| | |_|/
|/| |
| | |
| | |
| | | |
Return Nil is implicit in a method and this syntax is used in the others
classes
|
| | | |
| | |
| | |
| | |
| | | |
Avoid one-liner conditionals when they are too big. Avoid concatenating
strings to build error messages. Improve messages a bit.
|
| |/ / |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
Conflicts:
actionpack/CHANGELOG.md
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This PR fixes #13064 regression bug introduced by the #8085
Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type.
In this way the method Response#assign_default_content_type_and_charset can
write the the default mime_type.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.
Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.
Fixes #13110.
|
| | | | |
|
