aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/request
Commit message (Collapse)AuthorAgeFilesLines
* Cleaning and adding tests for SessionAttila Domokos2014-03-191-7/+34
| | | Adding tests for Session `destroy`, `update` and `delete` methods. No changes for code under test.
* test boolean and number json param parsingArthur Neves2014-01-231-0/+7
|
* Merge pull request #13188 from imanel/skip_deep_mungeJeremy Kemper2013-12-191-0/+15
|\ | | | | | | | | | | | | Add configuration option to optionally disable deep_munge Conflicts: actionpack/CHANGELOG.md
| * Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+15
| |
* | Make ActionDispatch::Request::Session#fetch behave like Hash#fetchTrent Ogren2013-12-111-3/+2
|/ | | | | | Session#fetch was mutating the session when given a default argument and/or a block. Since Session duck-types as a Hash, it should behave like one in these cases.
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* session#fetch doesn't behave exactly like Hash#fetch.Damien Mathieu2013-10-301-1/+5
| | | | | | | | | Mention it in the changelog and add a test checking for regressions. Hash#fetch isn't adding the defaultly returned value. However, in the session, saving it is the behavior we should expect. See discussion in #12692
* add the fetch method to sessionsDamien Mathieu2013-10-291-0/+13
|
* Use Request#raw_post instead Request#bodyPaul Nikitochkin2013-07-081-0/+7
| | | | | | | | In order to get raw_post to be not empty after ParamsParser#parse_formatted_parameters, added rewinding of body stream input on parsing json params. Closes #11345
* Cleanup ul_encoded_params_parsing_testGenadi Samokovarov2013-07-051-25/+27
|
* use bytesize rather than force encodingAaron Patterson2013-06-281-2/+1
|
* Replace multi_json with jsonErik Michaels-Ober2013-05-111-1/+1
|
* Fix failing AP testCarlos Antonio da Silva2013-05-011-1/+1
|
* UTF-8 encode all keys and values in nested params hash.Teo Hui Ming2013-03-151-1/+20
|
* Change from each to each_value on hash to avoid unused variable warningVipul A M2013-03-111-1/+1
|
* Remove XML Parser from ActionDispatchPrem Sichanugrist2013-02-201-182/+0
| | | | | If you want an ability to parse XML parameters, please install `actionpack-xml_parser` gem.
* Fix json params parsing regression for non-object JSON content.Dylan Smith2013-01-111-0/+7
| | | | Fixes #8845.
* Remove :yaml related tests and fix other related to parsing empty arraysCarlos Antonio da Silva2013-01-081-2/+2
| | | | All Action Pack tests are green.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-0/+32
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-082-32/+0
| | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-072-0/+32
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Alias refute methods to assert_not and perfer assert_not on testsRafael Mendonça França2012-12-311-1/+1
|
* Prevent raising EOFError on multipart GET request.Adam Stankiewicz2012-12-101-0/+12
| | | | | | | | | | Such request can happen on Internet Explorer. When we redirect after multipart form submission, the request type is changed to GET, but Content-Type is preserved as multipart. GET request cannot have multipart body and that caused Rails to fail. It's similar fix to Rack's one: https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224
* Merge pull request #7444 from szimek/params_parser_raises_parsing_errorAaron Patterson2012-09-262-2/+6
|\ | | | | Raise generic ParseError exception when ParamsParser fails parsing request params
| * Make ActionDispatch::ParamsParser::ParseError#original_exception return the ↵Szymon Nowak2012-08-272-2/+4
| | | | | | | | original exception.
| * Fix ActionDispatch::ParamsParser::ParseError message for XML and JSON parsers.Szymon Nowak2012-08-242-2/+4
| |
| * Raise generic ParseError exception when ActionDispatch::ParamsParser fails ↵Szymon Nowak2012-08-242-2/+2
| | | | | | | | parsing request params.
* | Add test for clear in ActionDispatch::Request::SessionAndreas Loupasakis2012-09-081-0/+9
|/
* Fix buildSantiago Pastorino2012-06-131-2/+2
|
* Array parameters should not contain nil values.Aaron Patterson2012-06-121-0/+4
|
* Merge branch 'master-sec'Aaron Patterson2012-05-311-1/+6
|\ | | | | | | | | | | * master-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
| * Strip [nil] from parameters hash.Aaron Patterson2012-05-301-1/+6
| | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* | Added ActionDispatch::Request::Session#keys and ↵Philip Arndt2012-05-231-0/+16
|/ | | | ActionDispatch::Request::Session#values
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-202-0/+22
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* testing session store behaviorAaron Patterson2012-05-021-0/+48
|
* Remove default match without specified methodJose and Yehuda2012-04-245-7/+7
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Moved all the logger methods to active support loggerKarunakar (Ruby)2012-01-062-2/+2
| | | | minor
* remove ActiveSupport::Base64 in favor of ::Base64Sergey Nartimov2012-01-021-4/+4
|
* remove checks for encodings availabilitySergey Nartimov2011-12-251-1/+1
|
* deprecate String#encoding_aware? and remove its usageSergey Nartimov2011-12-241-2/+0
|
* middlewares should use logger from envlest2011-11-252-20/+12
|
* Remove unreachable code, and add additional testcases.kennyj2011-11-242-0/+24
|
* Multipart is now fixed in Rack.José Valim2011-05-031-14/+8
|
* Add `ActionController::ParamsWrapper` to wrap parameters into a nested hashPrem Sichanugrist2011-05-032-0/+91
| | | This will allow us to do a rootless JSON/XML request to server.
* if it walks like a duck and talks like a duck, it must be a duckAaron Patterson2010-10-041-7/+0
|
* Change test to avoid warnings.Emilio Tagua2010-09-281-1/+1
|
* undef method if already defined.Emilio Tagua2010-09-281-0/+1
|
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-265-5/+5
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-055-5/+5
|
* Fix several known web encoding issues:wycats2010-06-271-0/+23
| | | | | | | | | | | | | | | | | | | | | | | * Specify accept-charset on all forms. All recent browsers, as well as IE5+, will use the encoding specified for form parameters * Unfortunately, IE5+ will not look at accept-charset unless at least one character in the form's values is not in the page's charset. Since the user can override the default charset (which Rails sets to UTF-8), we provide a hidden input containing a unicode character, forcing IE to look at the accept-charset. * Now that the vast majority of web input is UTF-8, we set the inbound parameters to UTF-8. This will eliminate many cases of incompatible encodings between ASCII-8BIT and UTF-8. * You can safely ignore params[:_snowman_] TODO: * Validate inbound text to confirm it is UTF-8 * Combine the whole_form implementations in form_helper_test and form_tag_helper_test