| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Only accept actions without File::SEPARATOR in the name. | Rafael Mendonça França | 2014-05-06 | 1 | -1/+16 |
| | | | | | | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130 Conflicts: actionpack/lib/abstract_controller/base.rb | ||||
| * | Do note remove `Content-Type` when `render :body` | Prem Sichanugrist | 2014-03-05 | 1 | -17/+12 |
| | | | | | | | | | | | | | | `render :body` should just not set the `Content-Type` header. By removing the header, it breaks the compatibility with other parts. After this commit, `render :body` will returns `text/html` content type, sets by default from `ActionDispatch::Response`, and it will preserve the overridden content type if you override it. Fixes #14197, #14238 This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da. | ||||
| * | Introduce `render :html` for render HTML string | Prem Sichanugrist | 2014-02-18 | 1 | -0/+190 |
| | | | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail. | ||||
| * | Introduce `render :plain` for render plain text | Prem Sichanugrist | 2014-02-18 | 1 | -0/+168 |
| | | | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail. | ||||
| * | Update hash format for render_text_test | Prem Sichanugrist | 2014-02-18 | 1 | -18/+18 |
| | | |||||
| * | Introduce `render :body` for render raw content | Prem Sichanugrist | 2014-02-18 | 1 | -0/+175 |
| | | | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail. | ||||
| * | Raise RuntimeErrors with inspectable and MRI-independent messages. | Federico Ravasio | 2013-11-24 | 2 | -4/+4 |
| | | | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation. | ||||
| * | Reset ActionView::Base.logger instead of AC::Base.logger | Akira Matsuda | 2013-09-10 | 1 | -1/+1 |
| | | | | | see: 9b0ac0bc74569db460f87ea6888b3847be0ff5be | ||||
| * | Make AC standalone rendering work | Santiago Pastorino | 2013-09-10 | 1 | -0/+15 |
| | | |||||
| * | Revert "Merge branch 'master' of github.com:rails/docrails" | Vijay Dev | 2013-08-17 | 1 | -1/+1 |
| | | | | | | | | This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9. Seems to be a code merge done by mistake. | ||||
| * | Reset ActionView::Base.logger instead of AC::Base.logger | Akira Matsuda | 2013-07-26 | 1 | -1/+1 |
| | | | | | see: 9b0ac0bc74569db460f87ea6888b3847be0ff5be | ||||
| * | Fix typos in AP: "overriden" => "overridden" | Carlos Antonio da Silva | 2013-03-30 | 2 | -23/+23 |
| | | |||||
| * | update documentation and code to use _action callbacks | Francesco Rodriguez | 2012-12-07 | 2 | -2/+2 |
| | | |||||
| * | Override <%== to always behave as literal text rather than toggling based on ↵ | Jeremy Kemper | 2012-12-03 | 1 | -2/+8 |
| | | | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. | ||||
| * | cleanup, remove trailing whitespace within actionpack | Yves Senn | 2012-10-27 | 2 | -3/+3 |
| | | |||||
| * | Use ActionView::Base.logger instead of AC::Base.logger | Piotr Sarnacki | 2012-08-28 | 1 | -1/+1 |
| | | |||||
| * | Collapsed dual checks (one for content headers and one for content) into a ↵ | Armand du Plessis | 2012-08-02 | 1 | -0/+30 |
| | | | | | | | | | | | | | single check. Rails includes a single character body to a head(:no_content) response to work around an old Safari bug where headers were ignored if no body sent. This patch brings the behavior slightly closer to spec if :no_content/204 is explicity requested via a head only response. Status comparison done on symbolic and numeric values Not returning any content when responding with head and limited to a status code that explicitly states no content will be returned - 100..199, 204, 205, 304. | ||||
| * | html_escape should escape single quotes | Santiago Pastorino | 2012-07-31 | 1 | -1/+1 |
| | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 | ||||
| * | deprecate `describe` without a block. | Aaron Patterson | 2012-07-09 | 3 | -12/+0 |
| | | | | | | minitest/spec provides `describe`, so deprecate the rails version and have people use the superclass version | ||||
| * | mispelling errors in render_text_test.rb and sqlite_specific_schema | angelo giovanni capilleri | 2012-05-12 | 1 | -2/+2 |
| | | |||||
| * | Remove content-length as well | twinturbo | 2012-05-03 | 1 | -0/+6 |
| | | |||||
| * | Make ActionController#head pass rack-link | twinturbo | 2012-05-03 | 1 | -0/+60 |
| | | |||||
| * | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 4 | -6/+6 |
| | | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
| * | Remove unnecessary in HTML 5 type attribute with default value | Andrey A.I. Sitnik | 2012-04-05 | 1 | -2/+2 |
| | | |||||
| * | Moved all the logger methods to active support logger | Karunakar (Ruby) | 2012-01-06 | 1 | -1/+1 |
| | | | | | minor | ||||
| * | remove more conditions for Fiber available in ruby19 | Vishnu Atrai | 2011-12-31 | 1 | -1/+1 |
| | | |||||
| * | Show detailed exceptions no longer returns true if the request is local in ↵ | José Valim | 2011-12-16 | 1 | -0/+6 |
| | | | | | production. | ||||
| * | Fix another regression related to the layout optimization. | José Valim | 2011-12-08 | 1 | -1/+25 |
| | | |||||
| * | Fix a regression and also fix broken test. | José Valim | 2011-12-08 | 1 | -5/+5 |
| | | |||||
| * | A test case to ensure that AC::Metal#response_body= always wraps the given ↵ | Akira Matsuda | 2011-11-10 | 1 | -0/+6 |
| | | | | | value in an Array in both Ruby 1.8 and 1.9 (refs #3581) | ||||
| * | Deprecate passing the template handler in the template name. | José Valim | 2011-09-22 | 1 | -5/+5 |
| | | | | | | | For example, calling hello.erb is now deprecated. Since Rails 3.0 passing the handler had no effect whatsover. This commit simply deprecates such cases so we can clean up the code in later releases. | ||||
| * | Get rid of update_details in favor of passing details to find_template. | José Valim | 2011-09-22 | 2 | -8/+8 |
| | | |||||
| * | Remove stream at the class level. | José Valim | 2011-07-06 | 1 | -1/+1 |
| | | | | | | | This is because only template rendering works with streaming. Setting it at the class level was also changing the behavior of JSON and XML responses, closes #1337. | ||||
| * | Corrected some typos and American vs. Queen's English issues | Lee Reilly | 2011-05-29 | 1 | -2/+2 |
| | | |||||
| * | Revert to old semantics, use available_action? instead of action_method?. | José Valim | 2011-05-06 | 1 | -4/+4 |
| | | |||||
| * | Tidy up pending TODOs after discussion with Mr. Gatoz (@wycats). | José Valim | 2011-05-01 | 1 | -7/+7 |
| | | |||||
| * | log errors when an exception happens when streaming. | José Valim | 2011-05-01 | 1 | -0/+13 |
| | | |||||
| * | Add a test for rendering from the controller context. | José Valim | 2011-05-01 | 1 | -0/+54 |
| | | |||||
| * | Do not stream on HTTP/1.0. | José Valim | 2011-04-19 | 1 | -0/+8 |
| | | |||||
| * | Output a redirect to the 500 page if something happens when streaming. | José Valim | 2011-04-19 | 1 | -1/+23 |
| | | | | | | | Currently, we output: "><script type="text/javascript">window.location = "/500.html"</script></html> | ||||
| * | Test explicit skip. | José Valim | 2011-04-18 | 1 | -1/+10 |
| | | |||||
| * | Just define the controller if fibers are defined. | José Valim | 2011-04-18 | 1 | -2/+2 |
| | | |||||
| * | Body... wanna *stream* my body? Body... such a thrill my body! | José Valim | 2011-04-18 | 1 | -0/+62 |
| | | | | | | Added stream as class level method to make it explicit when to stream. Render also accepts :stream as option. | ||||
| * | switch to using comments to comment things | Aaron Patterson | 2011-04-15 | 1 | -2/+1 |
| | | |||||
| * | render :once, YAGNI. | José Valim | 2011-04-15 | 1 | -86/+0 |
| | | |||||
| * | removes the RJS template handler | Xavier Noria | 2011-04-13 | 2 | -15/+10 |
| | | |||||
| * | removes support for render :update | Xavier Noria | 2011-04-13 | 1 | -71/+0 |
| | | |||||
| * | Implicit actions named not_implemented can be rendered | Santiago Pastorino | 2011-04-02 | 1 | -2/+11 |
| | | |||||
| * | Make action_method? public and change implicit rendering to override it instead. | José Valim | 2011-03-30 | 1 | -0/+5 |
| | | |||||
| * | Use Mime::Type references. | José Valim | 2011-02-08 | 1 | -0/+9 |
| | | |||||
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |