aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch
Commit message (Collapse)AuthorAgeFilesLines
* correctly escape backslashes in request path globsAaron Patterson2014-11-161-0/+41
| | | | | | | | | Conflicts: actionpack/lib/action_dispatch/middleware/static.rb make sure that unreadable files are also not leaked CVE-2014-7829
* Merge branch '3.2.20' into 3-2-stableAaron Patterson2014-10-301-0/+18
|\ | | | | | | | | | | * 3.2.20: bumping version to 3.2.20 FileHandler should not be called for files outside the root
| * FileHandler should not be called for files outside the rootAaron Patterson2014-10-291-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | FileHandler#matches? should return false for files that are outside the "root" path. Conflicts: actionpack/lib/action_dispatch/middleware/static.rb Conflicts: actionpack/lib/action_dispatch/middleware/static.rb actionpack/test/dispatch/static_test.rb
* | Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-041-9/+8
|/ | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
* pass the extra params to the rack test environment so that routes with block ↵Brian Hahn2013-09-061-0/+12
| | | | constraints have access
* Fix `assert_redirected_to` does not show user-supplied message.Alexey Chernenkov2013-07-181-1/+1
| | | | | | Issue: when `assert_redirected_to` fails due to the response redirect not matching the expected redirect the user-supplied message (second parameter) is not shown. This message is only shown if the response is not a redirect.
* Use old style hash syntax for 3-2-stableAndrew White2013-06-251-2/+2
|
* Fix shorthand routes where controller and action are in the scopeAndrew White2013-06-251-0/+13
| | | | | | | | | | | Merge `:action` from routing scope and assign endpoint if both `:controller` and `:action` are present. The endpoint assignment only occurs if there is no `:to` present in the options hash so should only affect routes using the shorthand syntax (i.e. endpoint is inferred from the the path). Fixes #9856 Backport of 37b4276
* Backport fixes about #7774 to 3-2-stablemaximerety2013-03-051-0/+9
| | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string.
* Use 1.8 hash styleCarlos Antonio da Silva2013-02-221-1/+1
|
* determine the match shorthand target early.Yves Senn2013-02-221-0/+27
| | | | | | | | | Backport #9361. Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Duplicate possible frozen string from routeAndrew White2013-01-211-0/+7
| | | | | | | | | | | | | Ruby 1.9 freezes Hash string keys by default so where a route is defined like this: get 'search' => 'search' then the Mapper will derive the action from the key. This blows up later when the action is added to the parameters hash and the encoding is forced. Closes #3429
* fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ↵Aditya Sanghi2013-01-161-0/+21
| | | | dispatch logic
* Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+2
| | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-0/+7
| | | | Backports #8855.
* Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-082-0/+32
|\ | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-0/+32
| | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
* | Don't use 1.9 hash syntax on 3-2-stableAndrew White2012-12-141-8/+8
| |
* | Clear url helper methods when routes are reloadedAndrew White2012-12-141-0/+86
| | | | | | | | | | | | | | | | Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak. Closes #8488.
* | Merge pull request #8490 from mattv/fix_request_raw_postRafael Mendonça França2012-12-111-0/+7
| | | | | | | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-11-161-6/+6
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-11-161-0/+9
| |
* | Merge pull request #8093 from nikitug/keep_app_x_ua_compatibleCarlos Antonio da Silva2012-11-081-0/+34
| | | | | | | | | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md
* | backport, handle trailing slash with enginesYves Senn2012-11-081-0/+5
|/ | | | this is a backport of #8115 to fix #7842
* Add test to avoid regression of 4a86362Rafael Mendonça França2012-11-021-0/+10
|
* Revert "Merge pull request #7668 from Draiken/fix_issue_6497"Rafael Mendonça França2012-11-021-7/+0
| | | | | | | | | This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135. Conflicts: actionpack/CHANGELOG.md REASON: This added a backward incompatible change.
* Merge pull request #7789 from senny/7777_resource_functions_modify_optionsRafael Mendonça França2012-10-011-0/+20
| | | | resource and resources do no longer modify passed options
* Since File instance doesn't respond to #open use a double to test theRafael Mendonça França2012-09-301-1/+1
| | | | behavior added at c53e5def08f7a289a92a8e5f79dcd7caa5c3a2fb
* Merge pull request #7668 from Draiken/fix_issue_6497Rafael Mendonça França2012-09-191-0/+7
| | | | | | Removing to_shorthand to fix #6497 Conflicts: actionpack/CHANGELOG.md
* Fix bug when Rails.application is defined but is nil. See #881Marc-Andre Lafortune2012-08-281-0/+7
|
* Test actual content of permanent cookiebrainopia2012-08-101-1/+1
|
* Dont stream back cookie value if it was set to the same valuebrainopia2012-08-101-1/+13
|
* Add support for optional root segments containing slashesAndrew White2012-07-171-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Optional segments with a root scope need to have the leading slash outside of the parentheses, otherwise the generated url will be empty. However if the route has non-optional elements then the leading slash needs to remain inside the parentheses otherwise the generated url will have two leading slashes, e.g: Blog::Application.routes.draw do get '/(:category)', :to => 'posts#index', :as => :root get '/(:category)/author/:name', :to => 'posts#author', :as => :author end $ rake routes root GET /(:category)(.:format) posts#index author GET (/:category)/author/:name(.:format) posts#author This change adds support for optional segments that contain a slash, allowing support for urls like /page/2 for the root path, e.g: Blog::Application.routes.draw do get '/(page/:page)', :to => 'posts#index', :as => :root end $ rake routes root GET /(page/:page)(.:format) posts#index Fixes #7073 (cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
* Array parameters should not contain nil values.Aaron Patterson2012-06-111-0/+4
|
* Strip [nil] from parameters hash.Aaron Patterson2012-05-301-1/+6
| | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* Don't ignore nil positional arguments for url helpers - fixes #6196.Andrew White2012-05-101-0/+34
|
* Reset the request parameters after a constraints checkAndrew White2012-05-031-0/+19
| | | | | | | | | | | | | | A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510. (cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
* Restore interpolation of path option in redirect routesAndrew White2012-04-291-1/+40
|
* Escape interpolated params when redirecting - fixes #5688Andrew White2012-04-291-0/+28
|
* Fix the redirect when it receive blocks with arity of 1.Rafael Mendonça França2012-03-311-0/+15
| | | | Closes #5677
* fix ArgumentError being raised in case of invalid byte sequencesMichael Reinsch2012-03-081-0/+4
|
* Fix some warnings on 3-2-stablekennyj2012-02-211-1/+0
|
* Remove fixture files with Windows incompatible filenamesAndrew White2012-02-201-27/+88
| | | | | | Windows doesn't allow `\ / : * ? " < > |` in filenames so create the fixture files at runtime and ignore the incompatible ones when running on Windows.
* Fix ActionDispatch::Static to serve files with unencoded PCHARAndrew White2012-02-171-0/+28
| | | | | | | | | | | RFC 3986[1] allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir[] we need to escape any glob characters in the path. [1]: http://www.ietf.org/rfc/rfc3986.txt
* backporting #4918 to 3.2 stable; adding extra test for accept header given ↵Aditya Sanghi2012-02-171-0/+12
| | | | by googlebot
* Merge pull request #4988 from kennyj/fix_4720-3Aaron Patterson2012-02-101-0/+26
| | | | Fix GH #4720. Routing problem with nested namespace and already camelized controller option.
* Merge pull request #4908 from kennyj/fix_3864José Valim2012-02-061-0/+33
| | | | Fix url_for method's behavior. GH #3684.
* Merge pull request #4879 from kennyj/fix_4873José Valim2012-02-041-0/+6
| | | | Fix GH #4873. Allow swapping same class middleware.
* Test for unicode path supportPaul McMahon2012-01-251-0/+20
| | | | This is currently broken due to a bug in journey.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 01:41:45 +0000