| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
|
|
|
|
|
| |
Now, we use the mapper to build the routing table
related to https://github.com/rails/rails/commit/703275ba70efbefb3358052b6ba750443eff1a28
|
| |
|
| |
|
| |
|
|
|
|
|
| |
I want to change the real constructor to take a particular parameter for
matching the request method
|
|
|
|
|
| |
The string we create is almost always the same, so rather than joining
all the time, lets join once, then reuse that string everywhere.
|
|
|
|
|
|
| |
We should build the routes using the user facing API which is `Mapper`.
This frees up the library internals to change as we see fit. IOW we
shouldn't be testing internals.
|
|
|
|
|
| |
The outer router object already keeps a hash of named routes, so we
should just use that.
|
|
|
|
|
| |
refactor the tests with a backwards compatible method call so we can rm
add_route2 from the journey router
|
|
|
|
|
| |
also change the feeler to subclass AD::Request so that it has all the
methods that Request has
|
|
|
|
|
| |
This was a useless object. We can just directly construct a
Path::Pattern object without a Strexp object.
|
|
|
|
|
| |
the caller already has it, there is no reason to pack it in to an object
and just throw that object away.
|
|
|
|
|
|
|
|
| |
This reverts commit 0b3397872582f2cf1bc6960960a6393f477c55e6, reversing
changes made to 56d52e3749180e6c1dcf7166adbad967470aa78b.
As pointed out on the PR, this will hide development mistakes too, which
is not ideal.
|
|
|
|
|
| |
Handle URI::InvalidURIError errors on the redirect route method, so it
wont raise a 500 if a bad path is given.
|
|
|
|
|
| |
this way we can remove the strange "respond_to?" conditional in the
`matches?` loop
|
| |
|
| |
|
|
|
|
|
|
|
| |
This silences:
actionpack/test/journey/route_test.rb:33: warning: ambiguous first
argument; put parentheses or a space even after `/' operator
|
|\
| |
| | |
Correct route requirements by overriding defaultls
|
| | |
|
| |
| |
| |
| |
| |
| | |
it is avoid sort errot within different and mixed keys.
used `sort_by` + `block` to list parameter by keys.
keep minimum changes
|
|\ \
| | |
| | | |
Partition routes during setup.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Partitioning of all the routes is currently being done during the
first request. Since there is no need to clear the cache for
`partitioned_routes` when adding a new route. We can move the
partitioning of the routes during setup time.
|
|/ / |
|
|/
|
|
| |
onwards.
|
| |
|
|
|
|
|
| |
These are currently working "by accident" because `match_route` does not check
that the name is valid.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The scanner in Journey fails to recognize routes that use literals
from the sub-delims section of RFC 3986.
This commit enhance the compatibility of Journey with the RFC by
adding support of authorized delimiters to the scanner.
Fix #17212
|
|
|
|
|
| |
We should assert that routes will not be recognized if the verbs do
not match.
|
|
|
|
|
|
|
|
| |
Follow up to rails#15321
Instead of duplicating the routes, we will first match the HEAD request to
HEAD routes. If no match is found, we will then map the HEAD request to
GET routes.
|
|
|
|
|
|
|
|
|
| |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
|
|
|
| |
warning: assigned but unused variable - scope_called, path and strexp
|
| |
|
|
|
|
| |
strexp object
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
this also changes the constructor. We don't need to pass more options
than "defaults" (whatever defaults are, ugh. probably another hash of
stupid stuff).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
stop hardcoding hash keys and use the accessors provided on the request
object.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Escape '%' characters in URLs - only unescaped data
should be passed to URL helpers
2. Add an `escape_segment` helper to `Router::Utils`
that escapes '/' characters
3. Use `escape_segment` rather than `escape_fragment`
in optimized URL generation
4. Use `escape_segment` rather than `escape_path`
in URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard
segments (e.g. *foo) then we use `escape_path` as the value may contain '/'
characters. This means that wildcard routes can't be optimized. Secondly,
if a `:controller` segment is used in the path then this uses `escape_path`
as the controller may be namespaced.
Fixes #14629, #14636 and #14070.
|