| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to get rid of the `Live::Response` so we are consolidating methods
from `Live::Response` and `Response` by merging them together.
This adds an `#empty` method to the request so we don't need to
hard-code the empty array each time we call an empty
`ActionDispatch::Request`.
The work here is a continuation on combining controller and integration
test code bases into one.
|
|
|
|
|
|
|
|
|
|
| |
Controllers should always have a request and response when responding.
Since we make this The Rule(tm), then controllers don't need to be
somewhere in limbo between "asking a response object for a rack
response" or "I, myself contain a rack response". This duality leads to
conditionals spread through the codebase that we can delete:
* https://github.com/rails/rails/blob/85a78d9358aa728298cd020cdc842b55c16f9549/actionpack/lib/action_controller/metal.rb#L221-L223
|
|
|
|
|
|
|
|
|
| |
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
|
|
|
|
|
| |
We should leverage the request / response objects that the superclass
has already allocated for us.
|
|
|
|
| |
`head` method works similar to `render` method with `:nothing` option
|
| |
|
|
|
|
|
|
|
|
| |
Non-kwargs requests are deprecated now.
Guides are updated as well.
`post url, nil, nil, { a: 'b' }` doesn't make sense.
`post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
|
|
|
|
|
| |
Fixes an issue that would cause default_url_options to be lost when generating
URLs with fewer positional arguments than parameters in the route definition.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
A recent change introduced the assumption that all controller actions
are known beforehand, which is not true when using action_missing.
|
|
|
|
|
|
|
|
| |
Methods provided by RecordIdentifier are not widely used in controllers
nowadays as they're view specific (this is probably a legacy left after
RJS rendering directly in controllers). However if people still need to
use it, it's trivial to include ActionView::RecordIdentifier by
themselves.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
| |
|
|
|
|
|
|
| |
This method has no effect since exception handling was
moved to middlewares and ActionController tests do not
use any middlewares.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
ActionDispatch::Routing::RouteSet.url_for now handles passing params through to
ActionDispatch::Http::Url.url_for
Conflicts:
actionpack/test/controller/base_test.rb
|
| |
|
|
|
|
|
|
|
| |
instead
Do not create a method_missing method to handle not found actions, use
the action_missing method provided by Rails instead.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
ActionController::Base methods.
|
|
|
|
| |
's/[ \t]*$//' -i {} \;)
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
|
| |
[#4436 state:resolved]
The error page shown when the method you are requesting on a controller
doesn't specify which controller the method is missing from
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
| |
Signed-off-by: wycats <wycats@gmail.com>
|
|
|
|
| |
for it.
|
|
|
|
|
|
|
| |
[#3040 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
| |
|
| |
|
|
|
|
| |
status:resolved]
|
| |
|
| |
|
|
|
|
| |
anything in the middleware stack.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
named routes.
This allows the following setup to work:
# app/controllers/application_controller.rb
class ApplicationController
def default_url_options(options=nil)
{ :locale => I18n.locale }
end
end
# From your views and controllers:
I18n.locale #=> :en
users_url #=> "/en/users"
users_url(:pl) #=> "/pl/users"
user_url(1) #=> "/en/users/1"
user_url(:pl, 1) #=> "/pl/users/1"
user_url(1, :locale => :pl) #=> "/pl/users/1"
If you provide all expected parameters, it still works as previously.
But if any parameter is missing, it tries to assign all possible ones
with the hash returned in default_url_options or the one passed straight
to the named route method.
Beware that default_url_options in ApplicationController is not shared
with ActionMailer, so you are required to always give the locale in your
email views.
|
|
|
|
| |
and ActionController up to AbstractController.
|
|
|
|
| |
ActionController::Base#log_event, so everything can be logged within one listener. Also expose log_process_action as a hook for different modules to include their own information during the action processing. This allow ActiveRecord to hook and any other ORM. Finally, this commit changes 'Processing' and 'Rendering' in logs to 'Processed' and 'Rendered' because at the point it's logged, everying already happened.
|
| |
|
| |
|
|
|
|
| |
ActionController::Routing::Routes directly
|
| |
|
| |
|
|
|
|
| |
action semantics in compatibility mode, and fixed a few action_missing bugs.
|
| |
|