| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Closes #7110 there's more work to do on rack-cache issue 69
|
| |
|
|
|
| |
Since #5581 added support for resources with custom params we should
not assume that it is :id when using shallow resource routing.
|
| |
|
|
|
|
|
| |
The Mapper looks for a :id constraint in the scope to see whether it
should apply a constraint for nested resources. Since #5581 added support
for resource params other than :id, we need to check for a constraint on
the parent resource's param name and not assume it's :id.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Optional segments with a root scope need to have the leading slash
outside of the parentheses, otherwise the generated url will be empty.
However if the route has non-optional elements then the leading slash
needs to remain inside the parentheses otherwise the generated url
will have two leading slashes, e.g:
Blog::Application.routes.draw do
get '/(:category)', :to => 'posts#index', :as => :root
get '/(:category)/author/:name', :to => 'posts#author', :as => :author
end
$ rake routes
root GET /(:category)(.:format) posts#index
author GET (/:category)/author/:name(.:format) posts#author
This change adds support for optional segments that contain a slash,
allowing support for urls like /page/2 for the root path, e.g:
Blog::Application.routes.draw do
get '/(page/:page)', :to => 'posts#index', :as => :root
end
$ rake routes
root GET /(page/:page)(.:format) posts#index
Fixes #7073
|
| | |
|
| |
|
|
| |
Follow the consistency defined in dbc43bc.
|
| |
|
|
| |
this is so we can show route output in the development when we get a routing error. Railties can use features of ActionDispatch, but ActionDispatch should not depend on Railties.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assuming the type ":touch", Collector.new was calling
send(:touch), which instead of triggering method_missing
and generating a new collector method, actually
invoked the private method `touch` inherited from
Object.
By generating the method for each mime type as it
is registered, the private methods on Object can
never be reached by `send`, because the `Collector`
will have them before `send` is called on it.
To do this, a callback mechanism was added to Mime::Type
This allows someone to add a callback for whenever
a new mime type is registered. The callback then
gets called with the new mime as a parameter.
This is then used in AbstractController::Collector
to generate new collector methods after each mime
is registered.
|
| |
|
|
| |
Related with 5e7d6bba79393de0279917f93b82f3b7b176f4b5
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| | |
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| | |
| |
| |
| |
| |
| | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| | | |
|
| |/
|
|
| |
ActionDispatch::Request::Session#values
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Passing path parameters with invalid encoding is likely to trigger errors
further on like `ArgumentError (invalid byte sequence in UTF-8)`. This will
result in a 500 error whereas the better error to return is a 400 error which
allows exception notification libraries to filter it out if they wish.
Closes #4450
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently Rack raises a TypeError when it encounters a malformed or
ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this
through to the application this commit captures the exception and
re-raises it using a new ActionController::BadRequest exception.
The new ActionController::BadRequest exception returns a 400 error
instead of the 500 error that would've been returned by the original
TypeError. This allows exception notification libraries to ignore
these errors if so desired.
Closes #3051
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, assert_recognizes, assert_generates, and
assert_routing raised ActionController::RoutingError when they failed to
recognize the route.
This commit changes them to raise Assertion instead. This aligns with
convention for logical failures, and supports reporting tools that care
about the difference between logical failures and errors e.g. the
summary at the end of a test run.
- Fixes #5899
|
| |
|
|
|
|
| |
The docs suggest that the middleware stack is an Array, so I've added
the unshift method to it. Originally I added some more Array methods,
but it was agreed that they lacked usecases.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
url_helpers module
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following scenario:
resources :contacts do
post 'new', action: 'new', on: :collection, as: :new
end
Where the /new path is not generated because it's considered a canonical
action, part of the normal resource actions:
new_contacts POST /contacts(.:format) contacts#new
Fixes #2999
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master: (55 commits)
extract deprecated dynamic methods
Add some docs and changelog entry
Allow overriding exception handling in threaded consumer
Allow configuring a different queue consumer
actually don't need to expand the aggregates at all
#to_sym is unnecessary
de-globalise method
extract code from AR::Base
clean up implementation of dynamic methods. use method compilation etc.
Fix ActiveModel README example
mention database mapping in getting started guide
Remove vestiges of the http_only! config from configuring guide
Remove content-length as well
Make ActionController#head pass rack-link
RouteSet: optimize routes generation when globbing is used
Allows assert_redirected_to to accept a regular expression
use extract_options!
No need to force conversion to Symbol since case ensures it's already one.
No need to work around 1.8 warnings anymore.
Update command line guide
...
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.
To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.
Fixes #2510.
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Remote ip logic and validation. IPv6 support.
|
| | |
| |
| |
| | |
tests.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
| |
|
|
|
| |
if you want to read the file you may need to ask if there is something
to read from
|
| |
|
|
|
|
|
|
|
|
| |
By default, resources routes are created with :resource/:id. A model
defining to_param can make prettier urls by using something more
readable than an integer ID, but since the route picks it up as :id you
wind up with awkward User.find_by_username(params[:id]) calls.
By overriding the key to be used in @request.params you can be more
obvious in your intent.
|
| |
|
|
| |
keyword
|
| | |
|
