aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/request/query_string_parsing_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Add more rubocop rules about whitespacesRafael Mendonça França2016-10-291-2/+2
|
* Add three new rubocop rulesRafael Mendonça França2016-08-161-29/+29
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* modernizes hash syntax in actionpackXavier Noria2016-08-061-2/+2
|
* applies new string literal convention in actionpack/testXavier Noria2016-08-061-16/+16
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Deprecate :controller and :action path parametersAndrew White2016-03-011-2/+6
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-291-1/+1
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-3/+2
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Don't convert empty arrays to nils when deep munging paramsChris Sinjakli2014-12-151-2/+2
|
* Avoid hardcoded value in test setup/teardown.Zuhao Wan2014-06-051-1/+2
|
* Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+15
|
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* Remove :yaml related tests and fix other related to parsing empty arraysCarlos Antonio da Silva2013-01-081-2/+2
| | | | All Action Pack tests are green.
* Fix buildSantiago Pastorino2012-06-131-2/+2
|
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-0/+4
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-1/+6
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-201-0/+11
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Remove default match without specified methodJose and Yehuda2012-04-241-1/+1
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-261-1/+1
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-051-1/+1
|
* Ruby 1.9: resolve constant lookup issuesJeremy Kemper2009-11-041-2/+2
|
* Start rewriting some internal tests to use the new routing dslJoshua Peek2009-10-201-1/+1
|
* Add custom "with_routing" to internal tests to fix reseting session after usingJoshua Peek2009-10-031-1/+0
| | | | with_routing. This only affects our internal AP tests.
* Reset session in integration tests after changing routes to reload the ↵Joshua Peek2009-08-271-0/+1
| | | | middleware stack
* Move dispatch related tests into test/dispatchJoshua Peek2009-01-281-0/+120