aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/new_base
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate :controller and :action path parametersAndrew White2016-03-017-12/+18
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Handle response_body= when body is nileileencodes2016-01-301-0/+16
| | | | | | | | | There are some cases when the `body` in `response_body=` can be set to nil. One of those cases is in `actionpack-action_caching` which I found while upgrading it for Rails 5. It's not possible to run `body.each` on a `nil` body so we have to return after we run `response.reset_body!`.
* Push `before_sending` to super classeileencodes2015-12-061-1/+1
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Delete needless `require 'active_support/deprecation'`yui-knk2015-10-201-1/+0
| | | | | When `require 'active_support/rails'`, 'active_support/deprecation' is automatically loaded.
* Use `Mime[:foo]` instead of `Mime::Type[:FOO]` for back compatJeremy Daer2015-10-061-2/+2
| | | | | | | | | | | | | | | | | Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries that support multiple Rails versions would've had to feature-detect whether to use `Mime::Type[:FOO]` or `Mime::FOO`. `Mime[:foo]` has been around for ages to look up registered MIME types by symbol / extension, though, so libraries and plugins can safely switch to that without breaking backward- or forward-compatibility. Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup by type or extension, so it's not available as `Mime[:all]`. We use it internally as a wildcard for `respond_to` negotiation. If you use this internal constant, continue to reference it with `Mime::ALL`. Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
* stop calling deprecated methodsAaron Patterson2015-09-211-2/+2
| | | | | We should be asking the mime type method for the mime objects rather than via const lookup
* Set the content-type to `text/html` if the options[:html] is trueakihiro172015-08-291-1/+0
| | | | | | In this commit, we set the content-type to `text/html` in AbstractController if the `options[:html]` is true so that we don't include ActionView::Rendering into ActionController::Metal to set it properly. I removed the if `options[:plain]` statement because `AbstractController#rendered_format` returns `Mime::TEXT` by default.
* remove RackDelegation moduleAaron Patterson2015-08-261-2/+0
| | | | | | Since all controller instances are required to have a request and response object, RackDelegation is no longer needed (we always have to delegate to the response)
* include ActionView::Rendering in the minimal controllerAaron Patterson2015-08-261-0/+1
| | | | without this module, the content type is not set correctly
* provide a request and response to all controllersAaron Patterson2015-08-253-2/+4
| | | | | | | | | | Controllers should always have a request and response when responding. Since we make this The Rule(tm), then controllers don't need to be somewhere in limbo between "asking a response object for a rack response" or "I, myself contain a rack response". This duality leads to conditionals spread through the codebase that we can delete: * https://github.com/rails/rails/blob/85a78d9358aa728298cd020cdc842b55c16f9549/actionpack/lib/action_controller/metal.rb#L221-L223
* Fix another rack SPEC violationAaron Patterson2015-08-251-1/+1
|
* rack SPEC doesn't allow `first` on the bodyAaron Patterson2015-08-251-8/+12
| | | | collect the body and make assert against the collected body
* remove vestigial codeAaron Patterson2015-08-071-43/+0
| | | | | Looks like this was left over from converting Rails to Rack. I think it's safe to remove now.
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-174-16/+16
| | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* Add deprecation warning for `render :text`Prem Sichanugrist2015-07-171-11/+42
| | | | | | We've started on discouraging the usage of `render :text` in #12374. This is a follow-up commit to make sure that we print out the deprecation warning.
* Fix test messages use directly true, false and nil instead of their symbolAkshay Vishnoi2015-03-191-3/+3
|
* Removing old helper that was necessary for compatibility with Ruby 1.8.xThiago Pradi2015-02-222-5/+3
|
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-297-15/+15
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-297-15/+15
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Add `ActionController::Metal#set_request!`brainopia2015-01-211-0/+9
| | | | | Add `ActionController::Metal#set_request!` to set a request on controller instance without calling dispatch.
* Fix actionpack test cases broken by #16888Godfrey Chan2014-09-262-29/+9
|
* Fix typos like `a html` to `an html` and 'an mail' to 'an email'. [ci skip]Santosh Wadghule2014-07-141-2/+2
|
* Removed single space padding from empty response body.Godfrey Chan2014-07-104-16/+16
| | | | | | | | | | | | `render nothing: true` or rendering a `nil` body no longer add a single space to the response body. The old behavior was added as a workaround for a bug in an early version of Safari, where the HTTP headers are not returned correctly if the response body has a 0-length. This is been fixed since and the workaround is no longer necessary. Use `render body: ' '` if the old behavior is desired.
* Prevent state leak.Guo Xiang Tan2014-06-051-0/+2
|
* The correct status to test should be :switching_protocols.Zuhao Wan2014-05-251-2/+2
|
* Only accept actions without File::SEPARATOR in the name.Rafael Mendonça França2014-05-061-1/+16
| | | | | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130 Conflicts: actionpack/lib/abstract_controller/base.rb
* Do note remove `Content-Type` when `render :body`Prem Sichanugrist2014-03-051-17/+12
| | | | | | | | | | | | | `render :body` should just not set the `Content-Type` header. By removing the header, it breaks the compatibility with other parts. After this commit, `render :body` will returns `text/html` content type, sets by default from `ActionDispatch::Response`, and it will preserve the overridden content type if you override it. Fixes #14197, #14238 This partially reverts commit 3047376870d4a7adc7ff15c3cb4852e073c8f1da.
* Introduce `render :html` for render HTML stringPrem Sichanugrist2014-02-181-0/+190
| | | | | | | | | This is an option for to HTML content with a content type of `text/html`. This rendering option calls `ERB::Util.html_escape` internally to escape unsafe HTML string, so you will have to mark your string as html safe if you have any HTML tag in it. Please see #12374 for more detail.
* Introduce `render :plain` for render plain textPrem Sichanugrist2014-02-181-0/+168
| | | | | | | | This is as an option to render content with a content type of `text/plain`. This is the preferred option if you are planning to render a plain text content. Please see #12374 for more detail.
* Update hash format for render_text_testPrem Sichanugrist2014-02-181-18/+18
|
* Introduce `render :body` for render raw contentPrem Sichanugrist2014-02-181-0/+175
| | | | | | | | | | | | This is an option for sending a raw content back to browser. Note that this rendering option will unset the default content type and does not include "Content-Type" header back in the response. You should only use this option if you are expecting the "Content-Type" header to not be set. More information on "Content-Type" header can be found on RFC 2616, section 7.2.1. Please see #12374 for more detail.
* Raise RuntimeErrors with inspectable and MRI-independent messages.Federico Ravasio2013-11-242-4/+4
| | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation.
* Reset ActionView::Base.logger instead of AC::Base.loggerAkira Matsuda2013-09-101-1/+1
| | | | see: 9b0ac0bc74569db460f87ea6888b3847be0ff5be
* Make AC standalone rendering workSantiago Pastorino2013-09-101-0/+15
|
* Revert "Merge branch 'master' of github.com:rails/docrails"Vijay Dev2013-08-171-1/+1
| | | | | | | This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9. Seems to be a code merge done by mistake.
* Reset ActionView::Base.logger instead of AC::Base.loggerAkira Matsuda2013-07-261-1/+1
| | | | see: 9b0ac0bc74569db460f87ea6888b3847be0ff5be
* Fix typos in AP: "overriden" => "overridden"Carlos Antonio da Silva2013-03-302-23/+23
|
* update documentation and code to use _action callbacksFrancesco Rodriguez2012-12-072-2/+2
|
* Override <%== to always behave as literal text rather than toggling based on ↵Jeremy Kemper2012-12-031-2/+8
| | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
* cleanup, remove trailing whitespace within actionpackYves Senn2012-10-272-3/+3
|
* Use ActionView::Base.logger instead of AC::Base.loggerPiotr Sarnacki2012-08-281-1/+1
|
* Collapsed dual checks (one for content headers and one for content) into a ↵Armand du Plessis2012-08-021-0/+30
| | | | | | | | | | | | single check. Rails includes a single character body to a head(:no_content) response to work around an old Safari bug where headers were ignored if no body sent. This patch brings the behavior slightly closer to spec if :no_content/204 is explicity requested via a head only response. Status comparison done on symbolic and numeric values Not returning any content when responding with head and limited to a status code that explicitly states no content will be returned - 100..199, 204, 205, 304.
* html_escape should escape single quotesSantiago Pastorino2012-07-311-1/+1
| | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215
* deprecate `describe` without a block.Aaron Patterson2012-07-093-12/+0
| | | | | minitest/spec provides `describe`, so deprecate the rails version and have people use the superclass version
* mispelling errors in render_text_test.rb and sqlite_specific_schemaangelo giovanni capilleri2012-05-121-2/+2
|
* Remove content-length as welltwinturbo2012-05-031-0/+6
|
* Make ActionController#head pass rack-linktwinturbo2012-05-031-0/+60
|
* Remove default match without specified methodJose and Yehuda2012-04-244-6/+6
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Remove unnecessary in HTML 5 type attribute with default valueAndrey A.I. Sitnik2012-04-051-2/+2
|
* Moved all the logger methods to active support loggerKarunakar (Ruby)2012-01-061-1/+1
| | | | minor