aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/request/query_string_parsing_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-291-1/+1
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-3/+2
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-2/+2
|
* Avoid hardcoded value in test setup/teardown.Zuhao Wan2014-06-051-1/+2
|
* Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+15
|
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* Remove :yaml related tests and fix other related to parsing empty arraysCarlos Antonio da Silva2013-01-081-2/+2
| | | | All Action Pack tests are green.
* Fix buildSantiago Pastorino2012-06-131-2/+2
|
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-0/+4
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-1/+6
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-0/+11
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Remove default match without specified methodJose and Yehuda2012-04-241-1/+1
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-261-1/+1
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-051-1/+1
|
* Ruby 1.9: resolve constant lookup issuesJeremy Kemper2009-11-041-2/+2
|
* Start rewriting some internal tests to use the new routing dslJoshua Peek2009-10-201-1/+1
|
* Add custom "with_routing" to internal tests to fix reseting session after usingJoshua Peek2009-10-031-1/+0
| | | | with_routing. This only affects our internal AP tests.
* Reset session in integration tests after changing routes to reload the ↵Joshua Peek2009-08-271-0/+1
| | | | middleware stack
* Move dispatch related tests into test/dispatchJoshua Peek2009-01-281-0/+120