| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
df36c5f - Fix assert_template assertion with :layout option
4bd05a7 - Fix assert_template :layout => nil assertion
0d19a08 - Improve assert_template layout checking
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix missing action_missing
Conflicts:
actionpack/CHANGELOG.md
Conflicts:
actionpack/test/controller/base_test.rb
Fixes #9799
|
| |
|
| |
|
|
|
|
|
|
| |
force response body to be read in assert_template
Conflicts:
actionpack/lib/action_controller/test_case.rb
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| | |
|
| |
| |
| |
| |
| | |
Conflicts:
actionpack/test/controller/render_test.rb
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
Conflicts:
actionpack/test/template/template_test.rb
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7d17cd2cbfc086f5aa9dd636e1207eb130150428.
Conflicts:
actionpack/CHANGELOG.md
Reason: This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but we will be backward compatible in
stable release.
Fixes #8068.
|
| |
|
|
|
|
|
|
| |
can't pass :locals to #assert_template without a view test case (#3415)
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
| |
behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb
|
|
|
|
|
|
|
| |
REBASED: fixing assert_template bug when template matches expected, but not ends with
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/test_case.rb
|
|
|
|
|
|
|
|
|
|
| |
To test uploading a file without using fixture_file_upload, a posted
ActionDispatch::Http::UploadedFile should not be paramified (just like
Rack::Test::UploadedFile).
(Rack::Test::UploadedFile and ActionDispatch::Http::UploadedFile don't
share the same API, tempfile is not accessible on
Rack::Test::UploadedFile as discussed in
https://github.com/brynary/rack-test/issues/30)
|
|
|
|
|
|
| |
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/log_subscriber.rb
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
| |
|
|
|
|
| |
ActionController::Metal controller.
|
| |
|
|
|
|
|
| |
This test is needed to avoid regressions in the way that flash works
now (swept in every request).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.
Specifically the following issues have been addressed:
* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
|
|
|
|
| |
when using the :head method/shortcut
|
|
|
|
| |
The role option identifies which parameters are accessible and should be wrapped. The default role is :default.
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 7a80b69e00f68e673c6ceb5cc684aa9196ed3d9f)
Conflicts:
actionpack/test/controller/test_test.rb
|
| |
|
| |
|
|
|
|
| |
Closes #5632
|
|
|
|
|
| |
If embedding auth_token in remote forms is off and we
pass a value for auth_token it should respect it.
|
|
|
|
|
|
|
|
| |
There is a regression introduced in 16ee611fa, which breaks
remote forms that should also work without javascript. This commit
introduces config option that allows to configure this behavior
defaulting to the old behavior (ie. include authenticity token
in remote forms by default)
|
|
|
|
|
|
|
|
|
| |
Previously `rendered_format` was set only based on mime types
passed in Accept header, which was wrong if first type from
Accept was different than rendered partial. The fix is to simply
move setting rendered_format to the place where template
is available and grab format from the template. If it fails
we can fallback to formats passed by Accept header.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes situation where rendering template to string
sets `rendered_format` to the format rendered there.
This is ok to have consistent formats rendered in partials,
but it breaks on next renders if format is explicitly set
or on last render where default format does not necessarily
need to be the format of first rendered template.
|
|
|
|
| |
Fix typo in redirect test
|
|
|
|
| |
Strip null bytes from Location header
|
|
|
|
|
|
| |
This method has no effect since exception handling was
moved to middlewares and ActionController tests do not
use any middlewares.
|
|
|
|
| |
forms if you pass true
|
|
|
|
| |
forms use the meta-tag value
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
406ece4729e8fd81f156bcb3fce16e938522466e
|