Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051] | Xavier Noria | 2013-01-23 | 1 | -1/+2 | |
|/ | ||||||
* | Lets kepp using Ruby 1.9 syntax | Rafael Mendonça França | 2013-01-22 | 2 | -37/+37 | |
| | ||||||
* | Restore I18n.locale after running tests | Akira Matsuda | 2013-01-22 | 1 | -1/+7 | |
| | ||||||
* | Make sure to reset default_url_options | Akira Matsuda | 2013-01-22 | 1 | -1/+5 | |
| | ||||||
* | Add missing assert calls | Carlos Antonio da Silva | 2013-01-20 | 1 | -2/+2 | |
| | ||||||
* | strong parameters filters permitted scalars | Xavier Noria | 2013-01-20 | 2 | -17/+164 | |
| | ||||||
* | Restore and adapt the implementation reverted at | Rafael Mendonça França | 2013-01-19 | 2 | -8/+8 | |
| | | | | | | https://github.com/rails/rails/commit/cc1c3c5be061e7572018f734e5239750ab449e3f Now instead of raise, we log by default in development and test | |||||
* | Added ability to raise or log on unpermitted params. | Thomas Drake-Brockman | 2013-01-20 | 2 | -0/+83 | |
| | ||||||
* | Remove useless || operation | Carlos Antonio da Silva | 2013-01-17 | 1 | -1/+1 | |
| | ||||||
* | Removing : warning: ambiguous first argument; | Arun Agrawal | 2013-01-17 | 1 | -4/+4 | |
| | ||||||
* | Deprecate direct calls to AC::RecordIdentifier.dom_id and dom_class | Carlos Antonio da Silva | 2013-01-16 | 1 | -0/+34 | |
| | | | | Also add some generic tests to ensure they're properly deprecated. | |||||
* | Remove warnings: "(...) interpreted as grouped expression" | Carlos Antonio da Silva | 2013-01-16 | 1 | -2/+2 | |
| | ||||||
* | strong parameters exception handling | Brian Alexander | 2013-01-15 | 1 | -9/+6 | |
| | ||||||
* | Change the behavior of route defaults | Andrew White | 2013-01-15 | 1 | -0/+31 | |
| | | | | | | | | | | | | | | | | | | | This commit changes route defaults so that explicit defaults are no longer required where the key is not part of the path. For example: resources :posts, bucket_type: 'posts' will be required whenever constructing the url from a hash such as a functional test or using url_for directly. However using the explicit form alters the behavior so it's not required: resources :projects, defaults: { bucket_type: 'projects' } This changes existing behavior slightly in that any routes which only differ in their defaults will match the first route rather than the closest match. Closes #8814 | |||||
* | Ensure port is set when passed via the process method | Andrew White | 2013-01-15 | 1 | -0/+52 | |
| | ||||||
* | Merge pull request #8821 from jamis/master | Rafael Mendonça França | 2013-01-10 | 1 | -2/+2 | |
|\ | | | | | | | | | | | | | Evaluate view_cache_dependencies at the instance level Conflicts: actionpack/lib/action_controller/caching.rb | |||||
| * | evaluate the dependency blocks at the instance level, not class level | Jamis Buck | 2013-01-08 | 1 | -2/+2 | |
| | | ||||||
* | | Remove :yaml related tests and fix other related to parsing empty arrays | Carlos Antonio da Silva | 2013-01-08 | 1 | -43/+0 | |
| | | | | | | | | All Action Pack tests are green. | |||||
* | | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. | Jeremy Kemper | 2013-01-08 | 1 | -0/+13 | |
| | | ||||||
* | | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 1 | -13/+0 | |
| | | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | |||||
* | | Merge branch 'master-sec' | Aaron Patterson | 2013-01-08 | 1 | -0/+13 | |
|\ \ | |/ |/| | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu | |||||
| * | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. | Jeremy Kemper | 2013-01-08 | 1 | -0/+13 | |
| | | ||||||
* | | view_cache_dependency API | Jamis Buck | 2013-01-08 | 1 | -0/+18 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | A declarative API for specifying dependencies that affect template cache digest computation. In your controller, specify any of said dependencies: view_cache_dependency { "phone" if using_phone? } When the block is evaluated, the resulting value is included in the cache digest calculation, allowing you to generate different digests for effectively the same template. (Mostly useful if you're mucking with template load paths.) | |||||
* | | Revert "unpermitted params" exception -- it's just not going to work. See ↵ | David Heinemeier Hansson | 2013-01-08 | 1 | -43/+0 | |
| | | | | | | | | the discussion on https://github.com/rails/strong_parameters/pull/75. | |||||
* | | Never treat action or controller as unpermitted params | David Heinemeier Hansson | 2013-01-08 | 1 | -0/+10 | |
|/ | ||||||
* | Namespace HashWithIndifferentAccess | Akira Matsuda | 2013-01-07 | 1 | -3/+2 | |
| | ||||||
* | Remove unnecessary begin..rescue..end, use only rescue | Akira Matsuda | 2013-01-06 | 2 | -14/+10 | |
| | ||||||
* | deprecate `assert_blank` and `assert_present`. | Yves Senn | 2013-01-05 | 5 | -15/+15 | |
| | | | | | They don't add any benefits over `assert object.blank?` and `assert object.present?` | |||||
* | Rename the last occurrence of UnexpectedParameters | Rafael Mendonça França | 2013-01-05 | 1 | -2/+2 | |
| | ||||||
* | Rename the configuration to raise_on_unpermitted_parameters | Rafael Mendonça França | 2013-01-05 | 1 | -4/+4 | |
| | | | | Also changed the exception to UnpermittedParameters | |||||
* | Allow developers to enable raising of exception when unexpected params are ↵ | Thomas Drake-Brockman | 2013-01-05 | 1 | -0/+33 | |
| | | | | provided. | |||||
* | do not append a second slash when using | Yves Senn | 2013-01-02 | 1 | -6/+16 | |
| | ||||||
* | Alias refute methods to assert_not and perfer assert_not on tests | Rafael Mendonça França | 2012-12-31 | 1 | -1/+1 | |
| | ||||||
* | Do not use the same tests description | Rafael Mendonça França | 2012-12-31 | 1 | -3/+3 | |
| | ||||||
* | Remove unneeded tests | Rafael Mendonça França | 2012-12-31 | 2 | -245/+0 | |
| | | | | These tests are needed only if we are using MiniTest::Spec | |||||
* | Merge pull request #8662 from ↵ | Santiago Pastorino | 2012-12-31 | 1 | -1/+12 | |
|\ | | | | | | | | | senny/8661_should_not_append_charset_if_already_present Charset should not be appended to image/* type | |||||
| * | charset should not be appended for `head` responses | Yves Senn | 2012-12-31 | 1 | -1/+12 | |
| | | | | | | | | | | | | | | 1) Failure: test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]: Expected: "image/png" Actual: "image/png; charset=utf-8" | |||||
* | | Merge pull request #8546 from hsbt/fix-testcase-strict-warning | Santiago Pastorino | 2012-12-30 | 1 | -1/+2 | |
|\ \ | |/ |/| | fix testcase: ruby-2.0.0 warned unused variables | |||||
| * | change spy of after invoked controller action. because ruby-2.0.0 waned ↵ | SHIBATA Hiroshi | 2012-12-20 | 1 | -1/+2 | |
| | | | | | | | | unused variables | |||||
* | | return Mime::NullType if format is unknown | Angelo Capilleri | 2012-12-22 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | | | | | | | If a request has an unknown format, the methods html?, xml?, json? ...etc not raise an Exception. This patch add a class Mime::NullType, that is returned when request.format is unknown and it responds false to the methods that ends with '?' and true to 'nil?'. It refers to #7837, this issue is considered a improvement not a bug. | |||||
* | | Move background jobs to the 'jobs' branch until fully baked. Not shipping ↵ | Jeremy Kemper | 2012-12-21 | 1 | -10/+0 | |
| | | | | | | | | with Rails 4.0. | |||||
* | | Refactoring the token_and_options method to fix bugs | Kurtis Rainbolt-Greene | 2012-12-15 | 1 | -6/+29 | |
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding a test for the equal trun bug Adding a test for the after equal trunc bug Adding a test for the slash bug Adding a test for the slash quote bug Adding a helper method for creating a sample request object with token Writing a method to create params array from raw params Writing a method to rewrite param values in the params Writing a method to get the token params from an authorization value Refactoring the token_and_options method to fix bugs Removing unnessecary test A constant for this shared regex seemed appropriate Wanting to split up this logic Adding small documentation pieces | |||||
* | Removed :if and :unless from fragment cache option in favour of | Angelo capilleri | 2012-12-14 | 1 | -16/+16 | |
| | | | | | | | | | | | | | | | | | | | | | | | cache_if(condition, option, &block) and cache_unless(condition, option, &block). In the PR #8371 was introduced conditional options :if and :unless in the cache method. Example: <%= cache @model, if: some_condition(@model) do %> ... <%end%> This is a good feature but *cache_if* and and *cache_unless* are more concise and close to the standard of rails view helpers (ex: link_to_if and link_to_unless). Example: <%= cache_if condition, @model do %> ... <%end%> | |||||
* | use _action callbacks in actionmailer | Francesco Rodriguez | 2012-12-08 | 1 | -5/+5 | |
| | ||||||
* | use `_action` instead of `_filter` callbacks | Francesco Rodriguez | 2012-12-07 | 2 | -5/+5 | |
| | ||||||
* | update documentation and code to use _action callbacks | Francesco Rodriguez | 2012-12-07 | 11 | -18/+18 | |
| | ||||||
* | Allow fragment cache to accept :if and :unless options | Fabrizio Regini | 2012-12-05 | 1 | -0/+64 | |
| | | | | [Stephen Ausman + Fabrizio Regini] | |||||
* | Adding filter capability to ActionController logs | Fabrizio Regini | 2012-12-05 | 1 | -0/+22 | |
| | ||||||
* | Override <%== to always behave as literal text rather than toggling based on ↵ | Jeremy Kemper | 2012-12-03 | 1 | -2/+8 | |
| | | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. | |||||
* | hash filters should be accessed with symbols or strings | Francesco Rodriguez | 2012-11-30 | 1 | -0/+25 | |
| |