Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | if cookie is tampered with then nil is returned [ci skip] | Neeraj Singh | 2013-03-25 | 1 | -4/+2 |
| | | | | | | if the given key is not found then verifier does raise `ActiveSupport::MessageVerifier::InvalidSignature` exception but this exception is resuced and finally nil is returned. | ||||
* | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵ | Trevor Turk | 2013-03-24 | 1 | -99/+99 |
| | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4 | ||||
* | Merge pull request #9704 from trevorturk/warn-about-skipped-routes | Jeremy Kemper | 2013-03-24 | 1 | -1/+9 |
|\ | | | | | Raise an ArgumentError when a clashing named route is defined | ||||
| * | Tweak exception message to avoid giving potentially misleading suggestions | Trevor Turk | 2013-03-20 | 1 | -2/+3 |
| | | |||||
| * | Raise an ArgumentError when a clashing named route is defined | Trevor Turk | 2013-03-19 | 1 | -1/+8 |
| | | |||||
* | | Fix some typos | Vipul A M | 2013-03-24 | 2 | -2/+2 |
| | | |||||
* | | Merge pull request #8501 from charliesome/version-to-s | Rafael Mendonça França | 2013-03-23 | 1 | -6/+7 |
|\ \ | | | | | | | Add #to_s method to VERSION modules | ||||
| * | | Add version method to top level modules | Charlie Somerville | 2013-03-21 | 1 | -6/+7 |
| | | | |||||
* | | | Fix documentation markup [ci skip] | Rafael Mendonça França | 2013-03-23 | 1 | -0/+2 |
| | | | |||||
* | | | StringIO is not required by default in JRuby | Arun Agrawal | 2013-03-22 | 1 | -0/+1 |
|/ / | |||||
* | | Merge pull request #9802 from newsline/fix-broken-action-missing | Rafael Mendonça França | 2013-03-20 | 1 | -1/+1 |
|\ \ | |/ |/| | | | | | | | | | Fix missing action_missing Conflicts: actionpack/CHANGELOG.md | ||||
| * | Fix broken ActionController#action_missing | Janko Luin | 2013-03-20 | 1 | -1/+1 |
| | | | | | | | | | | A recent change introduced the assumption that all controller actions are known beforehand, which is not true when using action_missing. | ||||
* | | Merge pull request #9794 from schneems/schneems/email-host | Andrew White | 2013-03-19 | 1 | -1/+12 |
|\ \ | | | | | | | Fix improperly configured host in generated urls | ||||
| * | | Fix improperly configured host in generated urls | schneems | 2013-03-19 | 1 | -1/+12 |
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the host in `default_url_options` is accidentally set with a protocol such as ``` host: "http://example.com" ``` then the generated url will have the protocol twice `http://http://example.com` which is not what the user intended. Likely they wanted to define a host `host: "example.com"` and a `protocol: "http://"` but did not know the convention. This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added `http://` out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host. I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted. This is based off of work in #7415 cc/ @pixeltrix ATP Action Mailer and Action Pack | ||||
* / | Remove mentions of "app" from http request docs [ci skip] | Carlos Antonio da Silva | 2013-03-19 | 1 | -12/+10 |
|/ | |||||
* | drop an unused hash; change slang to SPECIAL | Vipul A M | 2013-03-19 | 1 | -2/+2 |
| | |||||
* | Digest auth should not 500 when given a basic header. | Brad Dunbar | 2013-03-18 | 1 | -0/+1 |
| | |||||
* | Merge branch 'master-sec' | Aaron Patterson | 2013-03-18 | 1 | -5/+5 |
|\ | | | | | | | | | | | | | | | * master-sec: fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] | ||||
| * | fix protocol checking in sanitization [CVE-2013-1857] | Aaron Patterson | 2013-03-15 | 1 | -2/+2 |
| | | |||||
| * | fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] | Charlie Somerville | 2013-03-15 | 1 | -3/+3 |
| | | |||||
* | | Merge pull request #9753 from jbarreneche/bug/render-locale-fallbacks | Carlos Antonio da Silva | 2013-03-18 | 1 | -1/+7 |
|\ \ | | | | | | | i18n locale fallback for localized views | ||||
| * | | Include I18n fallbacks in :locale lookup context | Juan Barreneche | 2013-03-16 | 1 | -1/+7 |
| | | | |||||
* | | | Merge pull request #9754 from macksmind/fix_actionpack_warnings | Rafael Mendonça França | 2013-03-17 | 1 | -1/+2 |
|\ \ \ | | | | | | | | | Fix rake test warnings in actionpack | ||||
| * | | | Fix rake test warnings in actionpack | Mack Earnhardt | 2013-03-17 | 1 | -1/+2 |
| |/ / | |||||
* / / | Allow pass multipart option to form_for | Grzegorz Derebecki | 2013-03-17 | 1 | -1/+1 |
|/ / | |||||
* | | Merge pull request #5606 from teohm/multipart_unicode_param_name | Steve Klabnik | 2013-03-15 | 3 | -31/+24 |
|\ \ | | | | | | | multipart POST - utf8 param name not encoded | ||||
| * | | UTF-8 encode all keys and values in nested params hash. | Teo Hui Ming | 2013-03-15 | 3 | -31/+24 |
| | | | |||||
* | | | Fix typos and improve docs a bit [ci skip] | Carlos Antonio da Silva | 2013-03-15 | 1 | -7/+5 |
| | | | |||||
* | | | document request simulation methods in functional tests. | Yves Senn | 2013-03-15 | 1 | -7/+27 |
| | | | |||||
* | | | `Http::Headers` directly modifies the passed environment. | Yves Senn | 2013-03-15 | 2 | -4/+4 |
|/ / | | | | | | | | | | | | | | | | | The env hash passed to `Http::Headers#new` must be in env format. Also be aware that the passed hash is modified directly. docs and test-cases for setting headers/env in functional tests. Follow up to #9700. | ||||
* | | Handle conditional get in live requests - this will prevent error when using ↵ | Bernard Potocki | 2013-03-14 | 1 | -0/+4 |
| | | | | | | | | stale on live streams(issue #9636) | ||||
* | | Add extra clarifying line in docs. [ci skip] | Steve Klabnik | 2013-03-13 | 1 | -0/+1 |
| | | |||||
* | | Fix docs: response -> request. | Steve Klabnik | 2013-03-13 | 1 | -2/+2 |
| | | | | | | | | Even though I read it carefully, my brain tricked me. :cry: | ||||
* | | Merge pull request #9698 from garethrees/request_documentation | Steve Klabnik | 2013-03-13 | 1 | -0/+16 |
|\ \ | | | | | | | Add documentation to ActionDispatch::Request | ||||
| * | | Add documentation to ActionDispatch::Request | Gareth Rees | 2013-03-13 | 1 | -0/+16 |
| | | | |||||
* | | | `Http::Headers` respects dotted env vars, symbols, headers with numbers. | Yves Senn | 2013-03-13 | 1 | -11/+6 |
| | | | |||||
* | | | allow headers and env to be passed in `IntegrationTest`. | Yves Senn | 2013-03-13 | 2 | -35/+49 |
| | | | | | | | | | | | | Closes #6513. | ||||
* | | | refactor, `Http::Headers` stores headers in env notation | Yves Senn | 2013-03-13 | 1 | -17/+21 |
| | | | | | | | | | | | | | | | Also: cleanup, use consistent syntax for `Http::Header` and test. | ||||
* | | | Http::Headers respects headers that are not prefixed with HTTP_ | Yves Senn | 2013-03-13 | 1 | -1/+13 |
| | | | |||||
* | | | Change from each to each_value in http/parameters since we don't use key | Vipul A M | 2013-03-13 | 1 | -1/+1 |
|/ / | |||||
* | | Skip fetching path if the iteration is going to be skipped | Carlos Antonio da Silva | 2013-03-11 | 1 | -2/+2 |
| | | |||||
* | | Merge pull request #9626 from dasch/dasch/instrument-strong-params | José Valim | 2013-03-09 | 2 | -1/+7 |
|\ \ | | | | | | | Use AS::Notifications to instrument Strong Params | ||||
| * | | Use the instrumentation framework to instrument Strong Params | Daniel Schierbeck | 2013-03-07 | 2 | -1/+7 |
| | | | |||||
* | | | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-03-10 | 1 | -1/+1 |
|\ \ \ | |||||
| * | | | Update capture_helper.rb | Jess Brown | 2013-03-06 | 1 | -1/+1 |
| | |/ | |/| | | | | if there's content for the right column, then we need the two-column class, if not the one-column | ||||
* | | | ensure response.stream is closed | Sam Ruby | 2013-03-09 | 1 | -0/+1 |
| | | | |||||
* | | | Fix incorrectly appended square brackets to a multiple select box | Olek Janiszewski | 2013-03-08 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an explicit name has been given and it already ends with "[]" Before: select(:category, [], {}, multiple: true, name: "post[category][]") # => <select name="post[category][][]" ...> After: select(:category, [], {}, multiple: true, name: "post[category][]") # => <select name="post[category][]" ...> | ||||
* | | | Fix hash spaces and use 1.9 style hash [ci skip] | Carlos Antonio da Silva | 2013-03-07 | 1 | -1/+1 |
| | | | |||||
* | | | Merge pull request #9464 from jcoyne/assert_template_file | Rafael Mendonça França | 2013-03-07 | 3 | -2/+18 |
|\ \ \ | | | | | | | | | Allow use of assert_template with the :file option. | ||||
| * | | | Allow use of assert_template with the :file option. | Justin Coyne | 2013-03-01 | 3 | -2/+18 |
| | | | | | | | | | | | | | | | | This worked in Rails 3.2, but was a regression in 4.0.0.beta1 |