| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
After:
image_tag("HTTP://google.com")
# => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
image_tag("http://google.com")
# => "<img alt=\"Google\" src=\"http://google.com\" />"
Backport of #10969
|
|
|
|
| |
In those version to_date call Fixnum#/, what will cause a failure
|
| |
|
|
|
|
|
|
|
|
| |
If a file field tag is passed the multiple option, it is turned into an
array field (appending "[]"), but if the file field is passed an
explicit name as an option, leave the name alone (do not append "[]").
Fixes #9830
|
|
|
|
| |
Introduced in 2c22376fe04b89e8f34620139720b85a85ce3428
|
|
|
|
| |
Introduced in 2c22376fe04b89e8f34620139720b85a85ce3428
|
|
|
|
| |
and PartialRenderer
|
|
|
|
|
|
| |
df36c5f - Fix assert_template assertion with :layout option
4bd05a7 - Fix assert_template :layout => nil assertion
0d19a08 - Improve assert_template layout checking
|
|
|
|
| |
Pathname doesn't respond to to_path
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-stable:
Merge pull request #9802 from newsline/fix-broken-action-missing
Remove bad changelog entry from AR [ci skip]
Wrong exception is occured when raising no translatable exception
Don't crash exception translation w/ nil result attribute.
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix missing action_missing
Conflicts:
actionpack/CHANGELOG.md
Conflicts:
actionpack/test/controller/base_test.rb
Fixes #9799
|
|/
|
|
|
| |
The PR #8756 uses Sprockets for resolving files that already exists on disk, for those files their extensions don't need to be rewritten.
Fixes #9803
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
|
| |
| |
| |
| |
| | |
Conflicts:
actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix incorrectly appended square brackets to a multiple select box
Before:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][][]" ...>
After:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][]" ...>
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/helpers/tags/base.rb
actionpack/test/template/form_options_helper_test.rb
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix incorrectly appended square brackets to a multiple select box
Before:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][][]" ...>
After:
select(:category, [], {}, {:multiple => true, :name => "post[category][]"})
# => <select name="post[category][]" ...>
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/helpers/tags/base.rb
actionpack/test/template/form_options_helper_test.rb
|
|/
|
|
|
| |
Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty
string.
|
|
|
|
| |
few times, so fix up the test to work with however it chooses to escape.
|
|
|
|
| |
this file with us-ascii
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport #9361.
Closes #7554.
This patch determines the `controller#action` directly
in the `match` method when the shorthand syntax is used.
this prevents problems with namespaces and scopes.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby 1.9 freezes Hash string keys by default so where a route is
defined like this:
get 'search' => 'search'
then the Mapper will derive the action from the key. This blows up
later when the action is added to the parameters hash and the
encoding is forced.
Closes #3429
|
| |
|
|
|
|
|
|
| |
force response body to be read in assert_template
Conflicts:
actionpack/lib/action_controller/test_case.rb
|
|
|
|
| |
dispatch logic
|
|
|
|
|
|
| |
Remove header bloat introduced by BestStandardsSupport middleware
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
| |
Backports #8855.
|
|\
| |
| | |
Fix javascript_include_tag when no js runtime is available
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a production environment where the assets have been precompiled, we
don't want an assets compile step to happen on the application server at
all. To ensure this, a js runtime may not be available on the app
servers. In this environment, pages using javascript_include_tag for
assets with non-standard or chained extensions were throwing 500 errors.
For instance, `javascript_include_tag('jquery.min')` would blow up.
Sprockets was attempting to build the assets being included during the
rewrite_extension step (responsible for appending a '.js' extension to
assets being included by the basename rather than a fully qualified
name). This was happening as a step to resolve #6310, which required
checking for the presence of an asset with a non-standard extension
before appending the extension.
We can check for the presence of an asset without invoking the asset
build step by using Sprockets' resolve method, which will search for the
base file without building it (and is the method that find_asset uses
internally to get the path to the asset before attempting to build it).
When rewriting the extension on an asset, these are the steps:
- If the source does not have an extension, assume that the default
extension is desired and append it.
- If there is an extension and it doesn't match the default extension,
check to see if a file with the precise name specified exists amongst
the assets; if it is present, do not append the default extension.
(This is the step that resolves #6310).
|
| |
| |
| |
| |
| | |
- addresses the problem by calling flatten on asset array before calling uniq.
- adds note to CHANGELOG.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| | | |
|
| | |
| | |
| | |
| | | |
dealing with empty hashes. Thanks Damien Mathieu
|
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionpack/lib/action_view/helpers/form_helper.rb
actionpack/test/template/form_helper_test.rb
|
| |/
|/|
| |
| |
| | |
Conflicts:
actionpack/test/controller/render_test.rb
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Clear url helper methods when routes are reloaded by removing the
methods explicitly rather than just clearing the module because it
didn't work properly and could be the source of a memory leak.
Closes #8488.
|
| |
| |
| |
| |
| |
| | |
Fix rewinding in ActionDispatch::Request#raw_post
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because DateTime#to_time returns self when it has a non-zero offset
and subtracting two DateTime instances returns a Rational then the
distance_of_time_in_words methods outputs an incorrect value.
This is fixed in master because we can rely on Ruby 1.9.3's
implementation of to_time but it can't be fixed on Ruby 1.8.7 as
there is no way to map the DateTime to a Time with a non-zero offset.
We can workaround the problem by casting to Float before doing
the subtraction in the distance_of_time_in_words method.
Closes #8390
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit fixes the output of distance_of_time_in_words when
using integer or duration arguments. Previously a distance of
more than 30 seconds would be output as 'Less than 1 minute'
when using integer arguments and '1 minute' when using two
Time instances more than 30 seconds apart.
Cherry picked from 5fdd4cd9e47be972f146a8a17a74c8f4700e2ac0
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
Conflicts:
actionpack/test/template/template_test.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
senny/8376_descriptive_error_message_for_partial_layout_true
More descriptive error when rendering a partial with `:layout => true`
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/renderer/partial_renderer.rb
|
| | |
|