| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Avoid hardcoded value in test setup/teardown. | Zuhao Wan | 2014-06-05 | 1 | -1/+2 |
| | | |||||
| * | Merge pull request #15349 from tgxworld/remove_duplicated_method_call | Rafael Mendonça França | 2014-06-03 | 1 | -4/+1 |
| |\ | | | | | Remove duplicated HashWithIndifferentAccess#with_indifferent_access. | ||||
| | * | Remove duplicated HashWithIndifferentAccess#with_indifferent_access. | Guo Xiang Tan | 2014-05-26 | 1 | -4/+1 |
| | | | |||||
| * | | Routes specifying 'to:' must be a string that contains a "#" or a rack | Aaron Patterson | 2014-06-03 | 1 | -2/+2 |
| |/ | | | | | application. Use of a symbol should be replaced with `action: symbol`. Use of a string without a "#" should be replaced with `controller: string`. | ||||
| * | Cleaning and adding tests for Session | Attila Domokos | 2014-03-19 | 1 | -7/+34 |
| | | | | Adding tests for Session `destroy`, `update` and `delete` methods. No changes for code under test. | ||||
| * | test boolean and number json param parsing | Arthur Neves | 2014-01-23 | 1 | -0/+7 |
| | | |||||
| * | Merge pull request #13188 from imanel/skip_deep_munge | Jeremy Kemper | 2013-12-19 | 1 | -0/+15 |
| |\ | | | | | | | | | | | | | Add configuration option to optionally disable deep_munge Conflicts: actionpack/CHANGELOG.md | ||||
| | * | Add configuration option to optionally disable deep_munge | Bernard Potocki | 2013-12-05 | 1 | -0/+15 |
| | | | |||||
| * | | Make ActionDispatch::Request::Session#fetch behave like Hash#fetch | Trent Ogren | 2013-12-11 | 1 | -3/+2 |
| |/ | | | | | | Session#fetch was mutating the session when given a default argument and/or a block. Since Session duck-types as a Hash, it should behave like one in these cases. | ||||
| * | Deep Munge the parameters for GET and POST | Michael Koziarski | 2013-12-02 | 1 | -0/+15 |
| | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 | ||||
| * | session#fetch doesn't behave exactly like Hash#fetch. | Damien Mathieu | 2013-10-30 | 1 | -1/+5 |
| | | | | | | | | | | Mention it in the changelog and add a test checking for regressions. Hash#fetch isn't adding the defaultly returned value. However, in the session, saving it is the behavior we should expect. See discussion in #12692 | ||||
| * | add the fetch method to sessions | Damien Mathieu | 2013-10-29 | 1 | -0/+13 |
| | | |||||
| * | Use Request#raw_post instead Request#body | Paul Nikitochkin | 2013-07-08 | 1 | -0/+7 |
| | | | | | | | | | In order to get raw_post to be not empty after ParamsParser#parse_formatted_parameters, added rewinding of body stream input on parsing json params. Closes #11345 | ||||
| * | Cleanup ul_encoded_params_parsing_test | Genadi Samokovarov | 2013-07-05 | 1 | -25/+27 |
| | | |||||
| * | use bytesize rather than force encoding | Aaron Patterson | 2013-06-28 | 1 | -2/+1 |
| | | |||||
| * | Replace multi_json with json | Erik Michaels-Ober | 2013-05-11 | 1 | -1/+1 |
| | | |||||
| * | Fix failing AP test | Carlos Antonio da Silva | 2013-05-01 | 1 | -1/+1 |
| | | |||||
| * | UTF-8 encode all keys and values in nested params hash. | Teo Hui Ming | 2013-03-15 | 1 | -1/+20 |
| | | |||||
| * | Change from each to each_value on hash to avoid unused variable warning | Vipul A M | 2013-03-11 | 1 | -1/+1 |
| | | |||||
| * | Remove XML Parser from ActionDispatch | Prem Sichanugrist | 2013-02-20 | 1 | -182/+0 |
| | | | | | | If you want an ability to parse XML parameters, please install `actionpack-xml_parser` gem. | ||||
| * | Fix json params parsing regression for non-object JSON content. | Dylan Smith | 2013-01-11 | 1 | -0/+7 |
| | | | | | Fixes #8845. | ||||
| * | Remove :yaml related tests and fix other related to parsing empty arrays | Carlos Antonio da Silva | 2013-01-08 | 1 | -2/+2 |
| | | | | | All Action Pack tests are green. | ||||
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 2 | -0/+32 |
| | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
| * | Revert "Merge branch 'master-sec'" | Jeremy Kemper | 2013-01-08 | 2 | -32/+0 |
| | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79. | ||||
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-07 | 2 | -0/+32 |
| | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb | ||||
| * | Alias refute methods to assert_not and perfer assert_not on tests | Rafael Mendonça França | 2012-12-31 | 1 | -1/+1 |
| | | |||||
| * | Prevent raising EOFError on multipart GET request. | Adam Stankiewicz | 2012-12-10 | 1 | -0/+12 |
| | | | | | | | | | | | Such request can happen on Internet Explorer. When we redirect after multipart form submission, the request type is changed to GET, but Content-Type is preserved as multipart. GET request cannot have multipart body and that caused Rails to fail. It's similar fix to Rack's one: https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224 | ||||
| * | Merge pull request #7444 from szimek/params_parser_raises_parsing_error | Aaron Patterson | 2012-09-26 | 2 | -2/+6 |
| |\ | | | | | Raise generic ParseError exception when ParamsParser fails parsing request params | ||||
| | * | Make ActionDispatch::ParamsParser::ParseError#original_exception return the ↵ | Szymon Nowak | 2012-08-27 | 2 | -2/+4 |
| | | | | | | | | | original exception. | ||||
| | * | Fix ActionDispatch::ParamsParser::ParseError message for XML and JSON parsers. | Szymon Nowak | 2012-08-24 | 2 | -2/+4 |
| | | | |||||
| | * | Raise generic ParseError exception when ActionDispatch::ParamsParser fails ↵ | Szymon Nowak | 2012-08-24 | 2 | -2/+2 |
| | | | | | | | | | parsing request params. | ||||
| * | | Add test for clear in ActionDispatch::Request::Session | Andreas Loupasakis | 2012-09-08 | 1 | -0/+9 |
| |/ | |||||
| * | Fix build | Santiago Pastorino | 2012-06-13 | 1 | -2/+2 |
| | | |||||
| * | Array parameters should not contain nil values. | Aaron Patterson | 2012-06-12 | 1 | -0/+4 |
| | | |||||
| * | Merge branch 'master-sec' | Aaron Patterson | 2012-05-31 | 1 | -1/+6 |
| |\ | | | | | | | | | | | * master-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this | ||||
| | * | Strip [nil] from parameters hash. | Aaron Patterson | 2012-05-30 | 1 | -1/+6 |
| | | | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660 | ||||
| * | | Added ActionDispatch::Request::Session#keys and ↵ | Philip Arndt | 2012-05-23 | 1 | -0/+16 |
| |/ | | | | ActionDispatch::Request::Session#values | ||||
| * | Raise ActionController::BadRequest for malformed parameter hashes. | Andrew White | 2012-05-20 | 2 | -0/+22 |
| | | | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051 | ||||
| * | testing session store behavior | Aaron Patterson | 2012-05-02 | 1 | -0/+48 |
| | | |||||
| * | Remove default match without specified method | Jose and Yehuda | 2012-04-24 | 5 | -7/+7 |
| | | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 | ||||
| * | Moved all the logger methods to active support logger | Karunakar (Ruby) | 2012-01-06 | 2 | -2/+2 |
| | | | | | minor | ||||
| * | remove ActiveSupport::Base64 in favor of ::Base64 | Sergey Nartimov | 2012-01-02 | 1 | -4/+4 |
| | | |||||
| * | remove checks for encodings availability | Sergey Nartimov | 2011-12-25 | 1 | -1/+1 |
| | | |||||
| * | deprecate String#encoding_aware? and remove its usage | Sergey Nartimov | 2011-12-24 | 1 | -2/+0 |
| | | |||||
| * | middlewares should use logger from env | lest | 2011-11-25 | 2 | -20/+12 |
| | | |||||
| * | Remove unreachable code, and add additional testcases. | kennyj | 2011-11-24 | 2 | -0/+24 |
| | | |||||
| * | Multipart is now fixed in Rack. | José Valim | 2011-05-03 | 1 | -14/+8 |
| | | |||||
| * | Add `ActionController::ParamsWrapper` to wrap parameters into a nested hash | Prem Sichanugrist | 2011-05-03 | 2 | -0/+91 |
| | | | | This will allow us to do a rootless JSON/XML request to server. | ||||
| * | if it walks like a duck and talks like a duck, it must be a duck | Aaron Patterson | 2010-10-04 | 1 | -7/+0 |
| | | |||||
| * | Change test to avoid warnings. | Emilio Tagua | 2010-09-28 | 1 | -1/+1 |
| | | |||||
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |