| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
This interface should be use when implementing renderers.
|
|
|
|
|
|
|
| |
This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing
changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9.
Seems to be a code merge done by mistake.
|
|
|
|
| |
Reset ActionView::Base.logger after tests
|
| |
|
|
|
|
| |
https://github.com/rails/etagger/pull/3
|
| |
|
|
|
|
|
| |
They don't add any benefits over `assert object.blank?`
and `assert object.present?`
|
|\
| |
| |
| |
| | |
senny/8661_should_not_append_charset_if_already_present
Charset should not be appended to image/* type
|
| |
| |
| |
| |
| |
| |
| | |
1) Failure:
test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]:
Expected: "image/png"
Actual: "image/png; charset=utf-8"
|
|/
|
|
| |
unused variables
|
| |
|
|
|
|
|
|
|
|
| |
This resolves issues when rendering nested partials.
Previously the `PartialRenderer` was reused which led to
situations where the state of the renderer was reset.
Closes #8197
|
|
|
|
|
|
|
|
|
|
|
| |
the documentation on #assert_template states that the :locals option is
only available in view test cases:
# In a view test case, you can also assert that specific locals are passed
# to partials:
I added a warning when it's passed in an inapropriate context to prevent
a NoMethodError.
|
|
|
|
| |
computation *Jeremy Kemper/DHH*
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
|
|
|
|
|
| |
1. Change in test name as already defined.
2. ambiguous first argument; put parentheses or
even spaces
|
|\
| |
| |
| | |
Added test for case when view doesn't have logger method when using
ActionController::Metal controller.
|
| |
| |
| |
| | |
ActionController::Metal controller.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several aspects to this commit, that don't well fit into broken down
commits, so they are detailed here:
* When a user uses response.headers['Cache-Control'] = some_value, then the
documented convention in ConditionalGet is not adhered to, in this case,
response.cache_control is ignored due to `return if
self[CACHE_CONTROL].present?`
* When a middleware sets cache-control headers that would clobber, they're
converted to symbols directly, without underscores. This would lead to bugs.
* Items that would live in :extras if set through expires_in, are placed
directly in the @cache_control hash, and not respected in many cases
(somewhat adhering to the aforementioned documentation).
* Although quite useless, any directive named 'extras' would be ignored.
The general convention applied is that expires_* take precedence, but no longer
overwrite everything and expires_* are ALWAYS applied, even if the header is
set.
I am still unhappy about the contents of this commit, and the code in general.
Ideally it should be refactored to no longer use :extras. I'd likely recommend
expanding @cache_control into a class, and giving it the power to handle the
merge in a more efficient fashion. Such a commit would be a larger change that
could have additional semantic changes for other libraries unless they utilize
expires_in in very standard ways.
|
|
|
|
| |
when using the :head method/shortcut
|
|\
| |
| | |
Minor test improvement
|
| |
| |
| |
| | |
directive, just for clarity sake.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
| |
| |
| |
| | |
Closes #5632
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously `rendered_format` was set only based on mime types
passed in Accept header, which was wrong if first type from
Accept was different than rendered partial. The fix is to simply
move setting rendered_format to the place where template
is available and grab format from the template. If it fails
we can fallback to formats passed by Accept header.
|
| |
| |
| |
| | |
Fix for #5440
|
|/ |
|
|\
| |
| | |
Ensure Date header on expires_in
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Do not reopen AV::Base to define default form builder
Inside the load hook we are already in AV::Base context.
* Do not pass the given block to the form builder
The block is evaluated in fields_for context using capture, with the
builder as argument. This means we do not need to give the block to the
FormBuilder itself.
|
| | |
|
| | |
|
| |
| |
| |
| | |
minor
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
fresh_when/stale? conditional get methods from Action Pack"
Needless indirection with no added value.
This reverts commit 535853e83b9092078035a5abb2aa242fba815c05.
|
| |
| |
| |
| | |
fresh_when/stale? conditional get methods from Action Pack
|
|/ |
|
|
|
|
|
|
| |
For example, calling hello.erb is now deprecated. Since Rails 3.0
passing the handler had no effect whatsover. This commit simply
deprecates such cases so we can clean up the code in later releases.
|
| |
|
| |
|
| |
|
|
|
|
| |
fix issues/1951
|
|
|
|
|
| |
https://github.com/rails/rails/issues/1951
Namespaced model partial_path is wrong in namespaced controllers
|
| |
|
| |
|
|
|
|
|
|
| |
filesystems.
This fixes CVE-2011-0449
|
| |
|