| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In #5337 we forced the path encoding to ASCII-8BIT to prevent static
file handling from blowing up before an application has had chance to
deal with possibly invalid urls. However this has a negative side
effect of making it an incompatible encoding if the application's
public path has UTF-8 characters in it.
To work around the problem we check to see if the path has a valid
encoding once it has been unescaped. If it is not valid then we can
return early since it will not match any file anyway.
Fixes #13518
|
|\
| |
| |
| |
| |
| |
| | |
Add configuration option to optionally disable deep_munge
Conflicts:
actionpack/CHANGELOG.md
|
| | |
|
| | |
|
| |
| |
| |
| | |
Closes #9625
|
| | |
|
| |
| |
| |
| |
| |
| | |
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a route is mounted inside a resources block, it's automatically
prefixed, so a following code:
resources :users do
mount Blog::Engine => '/blog'
end
will generate a user_blog path helper.
In order to access engine helpers, we also use "mounted_helpers", a list
of helpers associated with each mounted engine, so a path to blog's post
can be generated using user_blog.post_path(user, post).
The problem I'm fixing here is that mount used a raw :as option, without
taking nestings into account. As a result, blog was added to a route set
as a `user_blog`, but helper was generated for just `blog`.
This commit applies the proper logic for defining a helper for a mounted
engine nested in resources or resource block.
(closes #8533)
|
|/
|
|
| |
Added here 13dd38cee79be39f7b399e142fd78295dddd2abb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
|
|
|
|
|
|
|
|
| |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
|\
| |
| |
| |
| | |
Add regression test for IpSpoofAttackError issue
Closes #10780
|
| |
| |
| |
| | |
See #10780
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.
Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.
Fixes #13110.
|
| |
| |
| |
| |
| |
| | |
Broken by
6701b4cf41f6f3d9cfc6a93715acbf852d1e468e
|
| |
| |
| |
| | |
This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
|
| | |
|
| |
| |
| |
| |
| |
| | |
This test is broken from quite a while & is expected to remain broken as
encoding issues are hardest to fix in JRuby. so lets skip this test for
now
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sebasoga/change_strong_parameters_require_behaviour"
This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing
changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90.
See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
|
|\ \
| | |
| | |
| | |
| | | |
sebasoga/change_strong_parameters_require_behaviour
Change ActionController::Parameters#require behavior when value is empty
|
| | |
| | |
| | |
| | |
| | | |
When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading.
With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mention it in the changelog and add a test checking for regressions.
Hash#fetch isn't adding the defaultly returned value.
However, in the session, saving it is the behavior we should expect.
See discussion in #12692
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Example:
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/admin' => redirect('admin/dashboard')
This now redirects to the path `/blog/admin/dashboard`, whereas before it
would've generated an invalid url because there would be no slash between
the host name and the path. It also allows redirects to work where the
application is deployed to a subdirectory of a website.
Fixes #7977
|
| |/
|/|
| |
| | |
test for regression introduced by https://github.com/rails/rails/pull/9155
|
|\ \
| | |
| | | |
Update Rails::Railtie::Configuration and ActionDispatch::Response#respond_to? to accept include_private argument
|
| | |
| | |
| | |
| | | |
ActionDispatch::Response#respond_to? to accept include_private argument
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| | |
Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
the environment passed into `ActionDispatch::TestRequest.new`.
Fixes #11590
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When generating an unnamed url (i.e. using `url_for` with an options
hash) we should skip anything other than standard Rails routes otherwise
it will match the first mounted application or redirect and generate a
url with query parameters rather than raising an error if the options
hash doesn't match any defined routes.
Fixes #8018
|
| |
| |
| |
| |
| |
| |
| |
| | |
In order to get raw_post to be not empty after
ParamsParser#parse_formatted_parameters,
added rewinding of body stream input on parsing json params.
Closes #11345
|
|\ \
| | |
| | | |
Cleanup ul_encoded_params_parsing_test
|
| | | |
|
|/ / |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Flag cookies as secure with ignore case in ActionDispatch::SSL
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously when app was mounted as following:
class Foo
def call(env)
[200, {}, [env['PATH_INFO']]]
end
end
RackMountRailsBug::Application.routes.draw do
mount RackTest.new => "/foo"
end
trailing slash was removed from PATH_INFO. For example requesting
GET /foo/bar/
on routes defined above would result in a response containing "/foo/bar"
instead of "/foo/bar/".
This commit fixes the issue.
(closes #3215)
|
| |
| |
| |
| |
| |
| | |
We are setting this header to chrome=1 for Chrome Frame and this will be
retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for
details
|
| |
| |
| |
| | |
were deprecated.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When named route that is nested is used in 3.2.13
Example `routes.rb`:
```
resources :nested do
resources :builder, :controller => 'nested/builder'
end
```
In 3.2.12 and 3.2.12 this named route would work:
```
nested_builder_path(:last_step, :nested_id => "foo")
```
Generating a url that looks like `/nested/foo/builder/last_step`. This PR fixes the regression when building urls via the optimized helper. Any explicit keys set in the options are removed from the list of implicitly mapped keys.
Not sure if this is exactly how the original version worked, but this fixes this use case regression.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
failure to parse params should trigger a 400 Bad Request
|
| | | |
|
| | | |
|