| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
If you want an ability to parse XML parameters, please install
`actionpack-xml_parser` gem.
|
|
|
|
| |
Fixes #8845.
|
|
|
|
| |
All Action Pack tests are green.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
|
|
|
|
| |
This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing
changes made to f049016cd348627bf8db0d72382d7580bf802a79.
|
|
|
|
|
|
|
|
|
|
|
|
| |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.
It's similar fix to Rack's one:
https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224
|
|\
| |
| | |
Raise generic ParseError exception when ParamsParser fails parsing request params
|
| |
| |
| |
| | |
original exception.
|
| | |
|
| |
| |
| |
| | |
parsing request params.
|
|/ |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| |
| |
| |
| |
| |
| | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
|/
|
|
| |
ActionDispatch::Request::Session#values
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.
The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.
Closes #3051
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
|
|
|
| |
minor
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
This will allow us to do a rootless JSON/XML request to server.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Specify accept-charset on all forms. All recent browsers,
as well as IE5+, will use the encoding specified for form
parameters
* Unfortunately, IE5+ will not look at accept-charset unless
at least one character in the form's values is not in the
page's charset. Since the user can override the default
charset (which Rails sets to UTF-8), we provide a hidden
input containing a unicode character, forcing IE to look
at the accept-charset.
* Now that the vast majority of web input is UTF-8, we set
the inbound parameters to UTF-8. This will eliminate many
cases of incompatible encodings between ASCII-8BIT and
UTF-8.
* You can safely ignore params[:_snowman_]
TODO:
* Validate inbound text to confirm it is UTF-8
* Combine the whole_form implementations in form_helper_test
and form_tag_helper_test
|
| |
|
| |
|
|
|
|
|
|
| |
[#4437 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
with_routing. This only affects our internal AP tests.
|
|
|
|
| |
middleware stack
|
|
|
|
|
|
|
|
| |
information when invalid xml or json is posted
[#2481 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
|
|
|
|
|
|
|
|
|
|
|
| |
* convert_content_type! is handled by assign_default_content_type_and_charset!
* set_content_length! should be handled by the endpoint server. Otherwise
each middleware that modifies the body has to do the expensive work of
recalculating content_length.
* convert_language! appears to be legacy. There are no tests for this
* convert_cookies! should be handled by the new HeaderHash in Rack
* Use an integer for .status's internal representation to avoid needing to
do String manipulation just to find out the status
|
| |
|
| |
|
|
|
|
| |
according to a recent change in the Rack 1.0 SPEC
|
| |
|