aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master-sec'Aaron Patterson2012-05-311-1/+6
|\ | | | | | | | | | | * master-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
| * Strip [nil] from parameters hash.Aaron Patterson2012-05-301-1/+6
| | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* | Remove implicit dependency on pathnameJosé Valim2012-05-251-1/+1
| |
* | Added ActionDispatch::Request::Session#keys and ↵Philip Arndt2012-05-231-0/+16
|/ | | | ActionDispatch::Request::Session#values
* Fix bug when Rails.application is defined but is nil. See #881Marc-Andre Lafortune2012-05-211-0/+7
|
* Return 400 Bad Request for URL paths with invalid encoding.Andrew White2012-05-201-0/+31
| | | | | | | | | Passing path parameters with invalid encoding is likely to trigger errors further on like `ArgumentError (invalid byte sequence in UTF-8)`. This will result in a 500 error whereas the better error to return is a 400 error which allows exception notification libraries to filter it out if they wish. Closes #4450
* Raise ActionController::BadRequest for malformed parameter hashes.Andrew White2012-05-204-1/+29
| | | | | | | | | | | | | | Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
* Raise Assertion instead of RoutingError for routing assertion failures.David Chelimsky2012-05-201-6/+6
| | | | | | | | | | | | | Before this change, assert_recognizes, assert_generates, and assert_routing raised ActionController::RoutingError when they failed to recognize the route. This commit changes them to raise Assertion instead. This aligns with convention for logical failures, and supports reporting tools that care about the difference between logical failures and errors e.g. the summary at the end of a test run. - Fixes #5899
* Add the #unshift method to the middleware stackRich Healey2012-05-181-2/+7
| | | | | | The docs suggest that the middleware stack is an Array, so I've added the unshift method to it. Originally I added some more Array methods, but it was agreed that they lacked usecases.
* add tests and external file backtrace for Routing::Mapper#drawKornelius Kalnbach2012-05-151-0/+49
|
* Copy literal route constraints to defaults - fixes #3571 and #6224.Andrew White2012-05-112-3/+45
|
* Don't ignore nil positional arguments for url helpers - fixes #6196.Andrew White2012-05-101-0/+35
|
* Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-05-091-6/+6
|
* Fix bug when url_for changes controller.Nikita Beloglazov2012-05-091-0/+9
|
* Add passing tests for generating URLs with nested SCRIPT_NAMEsJeremy Kemper2012-05-072-3/+17
|
* Fix that optimized named routes should also work as singleton methods on the ↵Jeremy Kemper2012-05-061-0/+24
| | | | url_helpers module
* Force given path to http methods in mapper to skip canonical action checkingCarlos Antonio da Silva2012-05-041-1/+8
| | | | | | | | | | | | | | | This fixes the following scenario: resources :contacts do post 'new', action: 'new', on: :collection, as: :new end Where the /new path is not generated because it's considered a canonical action, part of the normal resource actions: new_contacts POST /contacts(.:format) contacts#new Fixes #2999
* Merge branch 'master' into sessionAaron Patterson2012-05-042-0/+24
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (55 commits) extract deprecated dynamic methods Add some docs and changelog entry Allow overriding exception handling in threaded consumer Allow configuring a different queue consumer actually don't need to expand the aggregates at all #to_sym is unnecessary de-globalise method extract code from AR::Base clean up implementation of dynamic methods. use method compilation etc. Fix ActiveModel README example mention database mapping in getting started guide Remove vestiges of the http_only! config from configuring guide Remove content-length as well Make ActionController#head pass rack-link RouteSet: optimize routes generation when globbing is used Allows assert_redirected_to to accept a regular expression use extract_options! No need to force conversion to Symbol since case ensures it's already one. No need to work around 1.8 warnings anymore. Update command line guide ...
| * Reset the request parameters after a constraints checkAndrew White2012-05-021-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510.
| * Enable ActionDispatch::Http::Headers to support fetchMark Turner2012-05-021-0/+5
| |
* | testing session store behaviorAaron Patterson2012-05-022-0/+104
|/
* Dont stream back cookie value if it was set to the same valuebrainopia2012-04-301-0/+12
|
* Dont set cookie header for deletion of unexisting databrainopia2012-04-301-8/+24
|
* Restore interpolation of path option in redirect routesAndrew White2012-04-291-1/+32
|
* Escape interpolated params when redirecting - fixes #5688Andrew White2012-04-291-0/+29
|
* Fix the buildYehuda Katz2012-04-251-1/+2
|
* Merge pull request #5980 from gazay/valid_ipsJeremy Kemper2012-04-251-20/+114
|\ | | | | Remote ip logic and validation. IPv6 support.
| * Valid ips v4 and v6. Right logic for working with X-FORWARDED-FOR header and ↵Alexey Gaziev2012-04-251-20/+114
| | | | | | | | tests.
* | Remove default match without specified methodJose and Yehuda2012-04-2413-87/+87
|/ | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* adds delegetion for eof? to AD::Http::UploadedFileJens Fahnenbruck2012-03-271-0/+6
| | | | | if you want to read the file you may need to ask if there is something to read from
* Allow a defining custom member field on resourcesJamie Macey2012-03-251-0/+18
| | | | | | | | | | By default, resources routes are created with :resource/:id. A model defining to_param can make prettier urls by using something more readable than an integer ID, but since the route picks it up as :id you wind up with awkward User.find_by_username(params[:id]) calls. By overriding the key to be used in @request.params you can be more obvious in your intent.
* Fix secure cookies when there are more than one space before the secureRafael Mendonça França2012-03-191-0/+28
| | | | keyword
* Remove exclude option from ActionDispatch::SSLRafael Mendonça França2012-03-191-6/+0
|
* Some refactoring and update ActionDispatch::SSL code to use the Rack 1.4.xRafael Mendonça França2012-03-171-14/+0
|
* Rack::SSL -> ActionDispatch::SSLRafael Mendonça França2012-03-171-0/+149
|
* fix ArgumentError being raised in case of invalid byte sequencesMichael Reinsch2012-03-081-0/+4
|
* Refactor AD::UploadedFile, and raise sooner if tempfile is not presentCarlos Antonio da Silva2012-03-061-1/+1
|
* Added parsing of arbitrary media type parameters.Steve Klabnik2012-03-051-0/+6
| | | | | | Based on #4918. Related to #4127.
* Merge pull request #5219 from ↵Aaron Patterson2012-02-291-0/+12
|\ | | | | | | | | mattfawcett/2781-fix-querystring-route-constraint-for-testing Fix for #2781
| * Fix the assert_recognizes test method so that it works when there areMatt Fawcett2012-02-241-0/+12
| | | | | | | | constraints on the querystring. Issue #2781
* | Remove wrong and redundant code.kennyj2012-02-251-6/+4
| |
* | uses PATCH for the forms of persisted records, and routes PATCH and PUT to ↵Xavier Noria2012-02-241-0/+8
|/ | | | the update action of resources
* Merge pull request #5119 from kennyj/fix_5114Aaron Patterson2012-02-221-0/+26
|\ | | | | Testcase for GH #5114.
| * Testcase for GH #5114.kennyj2012-02-221-0/+26
| |
* | Add config.default_method_for_update to support PATCHDavid Lee2012-02-221-4/+11
|/ | | | | | | | | | | | | | | | PATCH is the correct HTML verb to map to the #update action. The semantics for PATCH allows for partial updates, whereas PUT requires a complete replacement. Changes: * adds config.default_method_for_update you can set to :patch * optionally use PATCH instead of PUT in resource routes and forms * adds the #patch verb to routes to detect PATCH requests * adds #patch? to Request * changes documentation and comments to indicate support for PATCH This change maintains complete backwards compatibility by keeping :put as the default for config.default_method_for_update.
* Remove fixture files with Windows incompatible filenamesAndrew White2012-02-201-26/+88
| | | | | | Windows doesn't allow `\ / : * ? " < > |` in filenames so create the fixture files at runtime and ignore the incompatible ones when running on Windows.
* Fix ActionDispatch::Static to serve files with unencoded PCHARAndrew White2012-02-171-2/+26
| | | | | | | | | | | RFC 3986[1] allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir[] we need to escape any glob characters in the path. [1]: http://www.ietf.org/rfc/rfc3986.txt
* escape static file path to prevent double unescapingSergey Nartimov2012-02-161-0/+4
|
* ActionDispatch: add missing test for callbacksBogdan Gusiev2012-02-161-2/+9
|
* fixing AP testsAaron Patterson2012-02-151-1/+1
|