| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Add regression test for IpSpoofAttackError issue
Closes #10780
|
| | | |
| | | |
| | | |
| | | | |
See #10780
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.
Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.
Fixes #13110.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Broken by
6701b4cf41f6f3d9cfc6a93715acbf852d1e468e
|
| | | |
| | | |
| | | |
| | | | |
This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This test is broken from quite a while & is expected to remain broken as
encoding issues are hardest to fix in JRuby. so lets skip this test for
now
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
sebasoga/change_strong_parameters_require_behaviour"
This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing
changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90.
See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
sebasoga/change_strong_parameters_require_behaviour
Change ActionController::Parameters#require behavior when value is empty
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading.
With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mention it in the changelog and add a test checking for regressions.
Hash#fetch isn't adding the defaultly returned value.
However, in the session, saving it is the behavior we should expect.
See discussion in #12692
|
| |_|/ /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Example:
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/admin' => redirect('admin/dashboard')
This now redirects to the path `/blog/admin/dashboard`, whereas before it
would've generated an invalid url because there would be no slash between
the host name and the path. It also allows redirects to work where the
application is deployed to a subdirectory of a website.
Fixes #7977
|
| |/ /
|/| |
| | |
| | | |
test for regression introduced by https://github.com/rails/rails/pull/9155
|
|\ \ \
| | | |
| | | | |
Update Rails::Railtie::Configuration and ActionDispatch::Response#respond_to? to accept include_private argument
|
| | | |
| | | |
| | | |
| | | | |
ActionDispatch::Response#respond_to? to accept include_private argument
|
|/ / / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
the environment passed into `ActionDispatch::TestRequest.new`.
Fixes #11590
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When generating an unnamed url (i.e. using `url_for` with an options
hash) we should skip anything other than standard Rails routes otherwise
it will match the first mounted application or redirect and generate a
url with query parameters rather than raising an error if the options
hash doesn't match any defined routes.
Fixes #8018
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In order to get raw_post to be not empty after
ParamsParser#parse_formatted_parameters,
added rewinding of body stream input on parsing json params.
Closes #11345
|
|\ \ \
| | | |
| | | | |
Cleanup ul_encoded_params_parsing_test
|
| | | | |
|
|/ / / |
|
| |/
|/| |
|
| | |
|
|\ \
| | |
| | | |
Flag cookies as secure with ignore case in ActionDispatch::SSL
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously when app was mounted as following:
class Foo
def call(env)
[200, {}, [env['PATH_INFO']]]
end
end
RackMountRailsBug::Application.routes.draw do
mount RackTest.new => "/foo"
end
trailing slash was removed from PATH_INFO. For example requesting
GET /foo/bar/
on routes defined above would result in a response containing "/foo/bar"
instead of "/foo/bar/".
This commit fixes the issue.
(closes #3215)
|
| |
| |
| |
| |
| |
| | |
We are setting this header to chrome=1 for Chrome Frame and this will be
retired soon. Check http://blog.chromium.org/2013/06/retiring-chrome-frame.html for
details
|
| |
| |
| |
| | |
were deprecated.
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When named route that is nested is used in 3.2.13
Example `routes.rb`:
```
resources :nested do
resources :builder, :controller => 'nested/builder'
end
```
In 3.2.12 and 3.2.12 this named route would work:
```
nested_builder_path(:last_step, :nested_id => "foo")
```
Generating a url that looks like `/nested/foo/builder/last_step`. This PR fixes the regression when building urls via the optimized helper. Any explicit keys set in the options are removed from the list of implicitly mapped keys.
Not sure if this is exactly how the original version worked, but this fixes this use case regression.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
failure to parse params should trigger a 400 Bad Request
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
Add support for extracting the port from the :host option and for
removing the subdomain by using nil, false or ''.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
leading .)
Adding a boolean route constraint checks for presence/absence of request property
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
trevorturk/remove-fixme-comments-about-legacy-key-generator
Remove comments about removing LegacyKeyGenerator in 4.1
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
routing bugfixes when matching multiple paths
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Closes #9913.
We need to expand the match shorthand syntax for every path.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This problem was introduced with:
https://github.com/rails/rails/commit/d03aa104e069be4e301efa8cefb90a2a785a7bff
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes #10071
`#normalize_path!` depends on the options so we need to call
`#normalize_options!` first to make sure everything is set correctly.
|