| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
|
|
|
|
|
|
| |
config.action_view.prefix_partial_path_with_controller_namespace
This allows you to choose to render @post using
/posts/_post.erb instead of /admin/posts/_post.erb
inside Admin::PostsController.
|
| |
|
| |
|
|
|
|
| |
method.
|
|
|
|
| |
methods directly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I have found that Rails will take an invalid session ID specified by the
client and materialize a session based on that session ID. This means
that it is possible, among other things, for a client to use an
arbitrarily weak session ID or for a client to resurrect a previous used
session ID. In other words, we cannot guarantee that all session IDs are
generated by the server and that they are (statistically) unique through
time.
The fix is to always generate a new session ID in #get_session if an
existing session cannot be found under the incoming session ID.
Also added new tests that make sure that an invalid session ID is never
materialized into a new session, regardless of whether it comes in via a
cookie or a URL parameter (when :cookie_only => false).
|
|
|
| |
This fixes the problem of having a non-explicit message when the :location option is not provided in respond_with.
|
|
|
|
| |
after the render
|
|
|
|
| |
Previously the runtime was reset implicitly when #cleanup_view_runtime was called at the end of most requests. However, this doesn't happen when the request redirects, or send_file is called. Consequently, the ActiveRecord runtime recorded in the logs included the time taken for both the current request and the previous redirect. Explicitly resetting at the start of each request ensures that this can't happen, no matter what occurs previously.
|
|
|
|
| |
ActiveRecord message appears
|
| |
|
|
|
|
|
|
|
| |
* rename method names (actually in tests)
* rename instance variable @_named_scopes_cache to @_scopes_cache
* rename references in doc comments
* don't touch CHANGELOG :)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.
|
| |
|
| |
|
|
|
|
| |
polymorphic_routes, for example: polymorphic_url([blog, @post])
|
|
|
|
| |
missing use cases
|
|
|
|
| |
ActionPack test suite, patches that translates Rails internal tests to the new router DSL are welcome (note though that a few tests shouldn't be translated since they are testing exactly the old mapper API, like the ones in actionpack/test/controller/resource_test.rb and actionpack/test/controller/routing_test.rb)
|
|
|
|
|
|
|
|
| |
it's already there [#2485 state:resolved]
This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
frameworks like ActiveRecord and ActiveResource to log outsude Rails::Application [#4816 state:resolved]
|
|
|
|
|
|
|
|
| |
destroyed on reset.
[#4938]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
| |
state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
| |
set_session semantics to return the cookie value instead of a boolean.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This reverts commit eec2d301d4ce9df9c71c1a5aa63053eb970b6818.
This commit broke tests. You cannot have a file called "bundler" on the load path.
|
| |
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
named routes.
This allows the following setup to work:
# app/controllers/application_controller.rb
class ApplicationController
def default_url_options(options=nil)
{ :locale => I18n.locale }
end
end
# From your views and controllers:
I18n.locale #=> :en
users_url #=> "/en/users"
users_url(:pl) #=> "/pl/users"
user_url(1) #=> "/en/users/1"
user_url(:pl, 1) #=> "/pl/users/1"
user_url(1, :locale => :pl) #=> "/pl/users/1"
If you provide all expected parameters, it still works as previously.
But if any parameter is missing, it tries to assign all possible ones
with the hash returned in default_url_options or the one passed straight
to the named route method.
Beware that default_url_options in ApplicationController is not shared
with ActionMailer, so you are required to always give the locale in your
email views.
|
|
|
|
| |
tests.
|
| |
|
| |
|
|
|
|
| |
ActiveRecord::Rails.
|