Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add tests for #9441 | Francesco Rodriguez | 2013-02-26 | 1 | -0/+16 |
| | |||||
* | fix respond_to without blocks not working if one of the blocks is all | grosser | 2013-02-24 | 1 | -0/+21 |
| | |||||
* | Rack::Test::UploadedFile is a permitted scalar | Fabio Kreusch | 2013-02-21 | 1 | -1/+2 |
| | |||||
* | Remove XML Parser from ActionDispatch | Prem Sichanugrist | 2013-02-20 | 1 | -131/+15 |
| | | | | | If you want an ability to parse XML parameters, please install `actionpack-xml_parser` gem. | ||||
* | Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator | Andrey Chernih | 2013-02-08 | 1 | -0/+35 |
| | |||||
* | Missing or unneeded require extract_options | Akira Matsuda | 2013-02-01 | 2 | -0/+2 |
| | |||||
* | Remove yaml Proc param parser test | Brendon Murphy | 2013-01-28 | 1 | -13/+0 |
| | | | | | | | | I don't believe this test is exercising any explicit params_parser behavior that the other two Proc tests aren't already doing. Given that we now know it's a bad idea to load user input via YAML.load, somebody reading this test might get a dangerous idea about building out a YAML params parser. | ||||
* | Merge pull request #9032 from firmhouse/head-breaks-csrf | Santiago Pastorino | 2013-01-28 | 1 | -0/+4 |
|\ | | | | | Make HEAD work / convert to GET once more | ||||
| * | Added a test that shows that a HEAD request does not normally pass CSRF ↵ | Michiel Sikkes | 2013-01-22 | 1 | -0/+4 |
| | | | | | | | | protection | ||||
* | | ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051] | Xavier Noria | 2013-01-23 | 1 | -1/+2 |
|/ | |||||
* | Lets kepp using Ruby 1.9 syntax | Rafael Mendonça França | 2013-01-22 | 2 | -37/+37 |
| | |||||
* | Restore I18n.locale after running tests | Akira Matsuda | 2013-01-22 | 1 | -1/+7 |
| | |||||
* | Make sure to reset default_url_options | Akira Matsuda | 2013-01-22 | 1 | -1/+5 |
| | |||||
* | Add missing assert calls | Carlos Antonio da Silva | 2013-01-20 | 1 | -2/+2 |
| | |||||
* | strong parameters filters permitted scalars | Xavier Noria | 2013-01-20 | 2 | -17/+164 |
| | |||||
* | Restore and adapt the implementation reverted at | Rafael Mendonça França | 2013-01-19 | 2 | -8/+8 |
| | | | | | | https://github.com/rails/rails/commit/cc1c3c5be061e7572018f734e5239750ab449e3f Now instead of raise, we log by default in development and test | ||||
* | Added ability to raise or log on unpermitted params. | Thomas Drake-Brockman | 2013-01-20 | 2 | -0/+83 |
| | |||||
* | Remove useless || operation | Carlos Antonio da Silva | 2013-01-17 | 1 | -1/+1 |
| | |||||
* | Removing : warning: ambiguous first argument; | Arun Agrawal | 2013-01-17 | 1 | -4/+4 |
| | |||||
* | Deprecate direct calls to AC::RecordIdentifier.dom_id and dom_class | Carlos Antonio da Silva | 2013-01-16 | 1 | -0/+34 |
| | | | | Also add some generic tests to ensure they're properly deprecated. | ||||
* | Remove warnings: "(...) interpreted as grouped expression" | Carlos Antonio da Silva | 2013-01-16 | 1 | -2/+2 |
| | |||||
* | strong parameters exception handling | Brian Alexander | 2013-01-15 | 1 | -9/+6 |
| | |||||
* | Change the behavior of route defaults | Andrew White | 2013-01-15 | 1 | -0/+31 |
| | | | | | | | | | | | | | | | | | | | This commit changes route defaults so that explicit defaults are no longer required where the key is not part of the path. For example: resources :posts, bucket_type: 'posts' will be required whenever constructing the url from a hash such as a functional test or using url_for directly. However using the explicit form alters the behavior so it's not required: resources :projects, defaults: { bucket_type: 'projects' } This changes existing behavior slightly in that any routes which only differ in their defaults will match the first route rather than the closest match. Closes #8814 | ||||
* | Ensure port is set when passed via the process method | Andrew White | 2013-01-15 | 1 | -0/+52 |
| | |||||
* | Merge pull request #8821 from jamis/master | Rafael Mendonça França | 2013-01-10 | 1 | -2/+2 |
|\ | | | | | | | | | | | | | Evaluate view_cache_dependencies at the instance level Conflicts: actionpack/lib/action_controller/caching.rb | ||||
| * | evaluate the dependency blocks at the instance level, not class level | Jamis Buck | 2013-01-08 | 1 | -2/+2 |
| | | |||||
* | | Remove :yaml related tests and fix other related to parsing empty arrays | Carlos Antonio da Silva | 2013-01-08 | 1 | -43/+0 |
| | | | | | | | | All Action Pack tests are green. | ||||
* | | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. | Jeremy Kemper | 2013-01-08 | 1 | -0/+13 |
| | | |||||
* | | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 1 | -13/+0 |
| | | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | ||||
* | | Merge branch 'master-sec' | Aaron Patterson | 2013-01-08 | 1 | -0/+13 |
|\ \ | |/ |/| | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu | ||||
| * | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. | Jeremy Kemper | 2013-01-08 | 1 | -0/+13 |
| | | |||||
* | | view_cache_dependency API | Jamis Buck | 2013-01-08 | 1 | -0/+18 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | A declarative API for specifying dependencies that affect template cache digest computation. In your controller, specify any of said dependencies: view_cache_dependency { "phone" if using_phone? } When the block is evaluated, the resulting value is included in the cache digest calculation, allowing you to generate different digests for effectively the same template. (Mostly useful if you're mucking with template load paths.) | ||||
* | | Revert "unpermitted params" exception -- it's just not going to work. See ↵ | David Heinemeier Hansson | 2013-01-08 | 1 | -43/+0 |
| | | | | | | | | the discussion on https://github.com/rails/strong_parameters/pull/75. | ||||
* | | Never treat action or controller as unpermitted params | David Heinemeier Hansson | 2013-01-08 | 1 | -0/+10 |
|/ | |||||
* | Namespace HashWithIndifferentAccess | Akira Matsuda | 2013-01-07 | 1 | -3/+2 |
| | |||||
* | Remove unnecessary begin..rescue..end, use only rescue | Akira Matsuda | 2013-01-06 | 2 | -14/+10 |
| | |||||
* | deprecate `assert_blank` and `assert_present`. | Yves Senn | 2013-01-05 | 5 | -15/+15 |
| | | | | | They don't add any benefits over `assert object.blank?` and `assert object.present?` | ||||
* | Rename the last occurrence of UnexpectedParameters | Rafael Mendonça França | 2013-01-05 | 1 | -2/+2 |
| | |||||
* | Rename the configuration to raise_on_unpermitted_parameters | Rafael Mendonça França | 2013-01-05 | 1 | -4/+4 |
| | | | | Also changed the exception to UnpermittedParameters | ||||
* | Allow developers to enable raising of exception when unexpected params are ↵ | Thomas Drake-Brockman | 2013-01-05 | 1 | -0/+33 |
| | | | | provided. | ||||
* | do not append a second slash when using | Yves Senn | 2013-01-02 | 1 | -6/+16 |
| | |||||
* | Alias refute methods to assert_not and perfer assert_not on tests | Rafael Mendonça França | 2012-12-31 | 1 | -1/+1 |
| | |||||
* | Do not use the same tests description | Rafael Mendonça França | 2012-12-31 | 1 | -3/+3 |
| | |||||
* | Remove unneeded tests | Rafael Mendonça França | 2012-12-31 | 2 | -245/+0 |
| | | | | These tests are needed only if we are using MiniTest::Spec | ||||
* | Merge pull request #8662 from ↵ | Santiago Pastorino | 2012-12-31 | 1 | -1/+12 |
|\ | | | | | | | | | senny/8661_should_not_append_charset_if_already_present Charset should not be appended to image/* type | ||||
| * | charset should not be appended for `head` responses | Yves Senn | 2012-12-31 | 1 | -1/+12 |
| | | | | | | | | | | | | | | 1) Failure: test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]: Expected: "image/png" Actual: "image/png; charset=utf-8" | ||||
* | | Merge pull request #8546 from hsbt/fix-testcase-strict-warning | Santiago Pastorino | 2012-12-30 | 1 | -1/+2 |
|\ \ | |/ |/| | fix testcase: ruby-2.0.0 warned unused variables | ||||
| * | change spy of after invoked controller action. because ruby-2.0.0 waned ↵ | SHIBATA Hiroshi | 2012-12-20 | 1 | -1/+2 |
| | | | | | | | | unused variables | ||||
* | | return Mime::NullType if format is unknown | Angelo Capilleri | 2012-12-22 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | If a request has an unknown format, the methods html?, xml?, json? ...etc not raise an Exception. This patch add a class Mime::NullType, that is returned when request.format is unknown and it responds false to the methods that ends with '?' and true to 'nil?'. It refers to #7837, this issue is considered a improvement not a bug. | ||||
* | | Move background jobs to the 'jobs' branch until fully baked. Not shipping ↵ | Jeremy Kemper | 2012-12-21 | 1 | -10/+0 |
| | | | | | | | | with Rails 4.0. |