| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are several aspects to this commit, that don't well fit into broken down
commits, so they are detailed here:
* When a user uses response.headers['Cache-Control'] = some_value, then the
documented convention in ConditionalGet is not adhered to, in this case,
response.cache_control is ignored due to `return if
self[CACHE_CONTROL].present?`
* When a middleware sets cache-control headers that would clobber, they're
converted to symbols directly, without underscores. This would lead to bugs.
* Items that would live in :extras if set through expires_in, are placed
directly in the @cache_control hash, and not respected in many cases
(somewhat adhering to the aforementioned documentation).
* Although quite useless, any directive named 'extras' would be ignored.
The general convention applied is that expires_* take precedence, but no longer
overwrite everything and expires_* are ALWAYS applied, even if the header is
set.
I am still unhappy about the contents of this commit, and the code in general.
Ideally it should be refactored to no longer use :extras. I'd likely recommend
expanding @cache_control into a class, and giving it the power to handle the
merge in a more efficient fashion. Such a commit would be a larger change that
could have additional semantic changes for other libraries unless they utilize
expires_in in very standard ways.
|
| |\ \ \
| | | |
| | | | |
Respect absolute paths in compute_source_path.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When using compute_source_path to determine the full path of an
asset, if our source begins with '/', we don't want to include
the directory. Examples are illustrative:
> compute_source_path("foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/stylesheets/foo.css"
> compute_source_path("/foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/foo.css"
Before this patch, the second example would return the same as the
first.
Fixes #5680.
|
| | | | | |
|
| |/ / / |
|
| | | | |
|
| | | | |
|
| | |/
|/|
| |
| | |
This reverts commit f5e7cb84cd377feb1b60c5356ce02123e9c94380.
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
framework
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `path` method on missing helper errors is inconsistent with the
implementation on LoadError in Ruby 2.0. Wrap up the missing helper
exceptions so that the inconsistent behavior is mirrored in Ruby 2.0
(until we can figure out *why* it's inconsistent).
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
These lines don't help to mitigate CVE. They only turn [nil] into nil, w...
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
them [nil] turns into [] and that is quite innocent.
generated SQL - `IN (NULL)`
compact! did all the job.
|
| |/ / /
| | |
| | |
| | | |
AbstractController::Callbacks
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
* master-sec:
Array parameters should not contain nil values.
|
| | | | | |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | |
| | | |
This middleware is only for Public Exceptions.
This follows bd8c0b8a
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Accept a block in FormHelper#button
|
| | |/ / |
|
| |/ / |
|
| | |
| |
| |
| |
| | |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
| | |
| |
| |
| | |
Correct the use of to_model in polymorphic routing
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this patch the existing .force_ssl method handles both defining
the filter and handling the logic for performing the redirect.
With this patch the logic for redirecting to the HTTPS protocol is
separated from the filter logic that determines if a redirect should
occur. By separating the two levels of behavior, an instance method
for ActionController (i.e. #force_ssl_redirect) is exposed and available
for more granular SSL enforcement.
Cleaned up indentation.
|
| | | |
| | |
| | |
| | | |
Add some tests for link_to with blocks and escaping content.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Prefer Hash#[]= over Hash#merge when setting a value.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Remove :to_sym call from public_instance_methods iteration, as such
methods in Ruby 1.9 already return symbols. Initialize valid conditions
with controller/action instead of setting them afterwards.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make possible to use a block in button_to helper if button text is hard
to fit into the name parameter, e.g.:
<%= button_to [:make_happy, @user] do %>
Make happy <strong><%= @user.name %></strong>
<% end %>
# => "<form method="post" action="/users/1/make_happy" class="button_to">
# <div>
# <button type="submit">
# Make happy <strong>Name</strong>
# </button>
# </div>
# </form>"
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some of these requires are now only necessary in
ActiveSupport::NumberHelper. Add hash/keys require due to symbolize_keys
usage in number helpers. Also remove some whitespaces.
Closes #6414
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Refactor number helpers output with safety handling to call float
parsing only once. Also remove 'erb' require.
|
