| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| | |
* master-sec:
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If an explicit name has been given and it already ends with "[]"
Before:
select(:category, [], {}, multiple: true, name: "post[category][]")
# => <select name="post[category][][]" ...>
After:
select(:category, [], {}, multiple: true, name: "post[category][]")
# => <select name="post[category][]" ...>
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Fix for #9360 content_for regression
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
* use 1.9 style hash syntax
* don't use brances on assert_equal
* prefere " over '
|
| | |
| |
| |
| |
| |
| |
| |
| | |
With 155cd5e6 the number_helpers were moved into AS all the tests were copied over
but the tests in AP were not deleted. This is confusing.
I removed all duplicated tests and reorganized the tests in AP to only test the
functionality, that is added in AP.
|
| |\ \
| | |
| | | |
Custom dependency trackers for the template digestor
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Since all changes from #9347 are related to AS, it seems proper that the
test is placed there as well.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
ActiveSupport::NumberHelper#number_to_human now returns the number unaltered when
the units hash does not contain the needed key, e.g. when the number provided is less
than the largest key provided.
|
| |\ \ \
| | | |
| | | | |
use ISO 8601 format in time_tag helper
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Before `time_tag Date.today` will return `<time
datetime="2013-02-14T00:00:00+00:00">February 14, 2013</time>`.
This commit fixes time_tag helper to use RFC-3339 full-date format
(Y-m-d) in datetime attribute.
|
| | |/
|/|
| |
| | |
This reverts commit 6871bd9818a9a7d9d8c7e21e253d64c0410fde1d.
|
| | | |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit bb842e8d2111e50b21a14b8bd6d89371a4b9cd68, reversing
changes made to 40c287c7983c20c498f6a8a2ea49e9a6455347f7.
This was causing issues in one of our apps we just upgraded.
ActionController::RoutingError: No route matches [GET]
"/images/favicon.ico"
favicon_link_tag now returns '/images/favicon.ico' and in 3.2 returned
'/favicon.ico'
Browsers by default look for favicon.ico in the root directory
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/helpers/asset_tag_helper.rb
|
| |
|
|
|
|
|
|
|
|
| |
Previous implementation of time_zone_options_for_select did not dup the
ActiveSupport::TimeZone.all array. When :priority_zones were provided
the method would reject! the zones from the memoized TimeZones array
thus affecting future requests to the server. Essentially whatever
zones were specified as :priority_zones would show up for the first
request but then disappear from the time zone options on future
requests.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, the img_alt method in ActionView keeps underscores
in the alt attribute. Because underscores are pronounced in
Apple's VoiceOver Utility, this has serious implications for
accessibility. This patch makes underscored or hyphenated file
names (both common in projects) read more naturally in screen
readers by replacing them with spaces. See method documentation
for details.
Added documentation to image_alt method
|
| |
|
|
|
|
|
|
|
|
| |
previously when a partial was placed inside a directory
(eg. '/dir/_partial'), `assert_template` did not replace
the '_' prefix when looking through rendered tempaltes,
which resulted in an error.
I modified it to replace both, the leading '_' and the last '_'
after a '/'.
|
| |
|
|
|
|
|
| |
When `assert_template` is used with the :locals option, and the
partial was not rendered, a method_missing error was raised.
This changes first checks, if the partial actually was rendered
and raises a descriptive error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It would embed array as string instead of joining it like `content_tag` does:
content_tag(:td, class: ["foo", "bar"]){}
#=> '<td class="foo bar"></td>'
Before:
content_tag_for(:td, item, class: ["foo", "bar"]){}
#=> '<td class="item ["foo", "bar"]" id="item_1"></td>'
After:
content_tag_for(:td, item, class: ["foo", "bar"]){}
#=> '<td class="item foo bar" id="item_1"></td>'
|
| |
|
|
|
|
| |
ActionDispatch::Head was removed in favor of Rack::Head. But Rack::Head
does not convert GET requests to HEAD requests so we need to do
checking for HEAD requests ourselves.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The [following pull request](https://github.com/rails/rails/pull/8916) fixed
the block being passed to the appropriate helper method. However, the content
being passed into the block is generating repeated markup on the page due to
some weird ERb evaluation.
This commit tries to capture the block's generated output so the page isn't
flooded with markup.
[Rafael França + José Mota]
Closes #8936
|
| |
|
|
|
|
|
|
|
| |
date.order is the only key in rails i18n that is required to be a
symbol. This patch allows for symbols or strings which means:
* No requirement for symbol type in .yml files. A future
YAML.safe_load wouldn't need to load symbols
* Rails could actually use json rather than yml as the backend
|
| | |
|
| |\
| |
| | |
Rename :value to :selected for date_select, and add missing tests/docs
|
| | |
| |
| |
| |
| | |
Add tests for time & datetime.
Add documentation.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
block. Breaks benchmark calls that return non-String values otherwise.
Revert "add benchmark helper that works in erb"
This reverts commit 904e544cc8f5846de7c31827bb5556c6a238c0de.
Conflicts:
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers/benchmark_helper.rb
actionpack/test/template/benchmark_helper_test.rb
|
| |\ \
| |/
|/|
| |
| | |
Collection radio buttons and collection check boxes through FormBuilder render the provided block.
Closes #8897
|
| | |
| |
| |
| |
| |
| |
| |
| | |
the provided block.
In the case of having a form_for method being called, the block for each
collection would not be passed and thus the result expected was always the same.
This patch passes the block to the original method like it would be assumed.
|
| | | |
|
| |/ |
|
| |\
| |
| | |
Fixed nested fields bug when called with AssociationProxy
|
| | |
| |
| |
| | |
support in form helper
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A declarative API for specifying dependencies that affect template
cache digest computation. In your controller, specify any of said
dependencies:
view_cache_dependency { "phone" if using_phone? }
When the block is evaluated, the resulting value is included in the
cache digest calculation, allowing you to generate different digests
for effectively the same template. (Mostly useful if you're mucking
with template load paths.)
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.
This was noticed due to warnings in Ruby 2.0 of not used variables,
which turned out to be the generation of not used variables inside
partials that do not contain objects related to them.
|
| | | |
|
| | |
| |
| |
| |
| | |
They don't add any benefits over `assert object.blank?`
and `assert object.present?`
|
