Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix json params parsing regression for non-object JSON content. | Dylan Smith | 2013-01-11 | 1 | -0/+7 |
| | | | | Fixes #8845. | ||||
* | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -0/+15 |
| | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
* | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 1 | -15/+0 |
| | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | ||||
* | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-07 | 1 | -0/+15 |
| | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
* | Make ActionDispatch::ParamsParser::ParseError#original_exception return the ↵ | Szymon Nowak | 2012-08-27 | 1 | -1/+2 |
| | | | | original exception. | ||||
* | Fix ActionDispatch::ParamsParser::ParseError message for XML and JSON parsers. | Szymon Nowak | 2012-08-24 | 1 | -1/+2 |
| | |||||
* | Raise generic ParseError exception when ActionDispatch::ParamsParser fails ↵ | Szymon Nowak | 2012-08-24 | 1 | -1/+1 |
| | | | | parsing request params. | ||||
* | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
* | Moved all the logger methods to active support logger | Karunakar (Ruby) | 2012-01-06 | 1 | -1/+1 |
| | | | | minor | ||||
* | middlewares should use logger from env | lest | 2011-11-25 | 1 | -10/+6 |
| | |||||
* | Remove unreachable code, and add additional testcases. | kennyj | 2011-11-24 | 1 | -0/+12 |
| | |||||
* | Add `ActionController::ParamsWrapper` to wrap parameters into a nested hash | Prem Sichanugrist | 2011-05-03 | 1 | -0/+53 |
| | | | This will allow us to do a rootless JSON/XML request to server. | ||||
* | Remove deprecated stuff in ActionController | Carlos Antonio da Silva | 2010-09-26 | 1 | -1/+1 |
| | | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController. | ||||
* | Removed deprecated RouteSet API, still many tests fail | Piotr Sarnacki | 2010-09-05 | 1 | -1/+1 |
| | |||||
* | Disable ShowExceptions during integration tests | Joshua Peek | 2010-01-19 | 1 | -1/+1 |
| | |||||
* | Ruby 1.9: resolve constant lookup issues | Jeremy Kemper | 2009-11-04 | 1 | -1/+1 |
| | |||||
* | Start rewriting some internal tests to use the new routing dsl | Joshua Peek | 2009-10-20 | 1 | -1/+1 |
| | |||||
* | Add custom "with_routing" to internal tests to fix reseting session after using | Joshua Peek | 2009-10-03 | 1 | -1/+0 |
| | | | | with_routing. This only affects our internal AP tests. | ||||
* | Reset session in integration tests after changing routes to reload the ↵ | Joshua Peek | 2009-08-27 | 1 | -0/+1 |
| | | | | middleware stack | ||||
* | Adding a call to logger from params_parser to give detailed debug ↵ | Jay Pignata | 2009-08-15 | 1 | -4/+24 |
| | | | | | | | | information when invalid xml or json is posted [#2481 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Move dispatch related tests into test/dispatch | Joshua Peek | 2009-01-28 | 1 | -0/+45 |