aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '3-2-13' into 3-2-stableAaron Patterson2013-03-181-0/+15
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-13: bumping to 3.2.13 fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets bumping to rc2 Revert "Merge pull request #8209 from senny/backport_8176" Freeze columns only once per Result Preparing for 3.2.13.rc1 release Update CHANGELOGs for 3.2.13 release. Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md
| * fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-151-0/+10
| | | | | | | | | | Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
| * fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-151-0/+5
| |
| * Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-121-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
* | Extract hardcoded lists to Redo::RestaurantsListJuan Barreneche2013-03-141-0/+9
| |
* | Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-091-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix incorrectly appended square brackets to a multiple select box Before: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][][]" ...> After: select(:category, [], {}, {:multiple => true, :name => "post[category][]"}) # => <select name="post[category][]" ...> Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/helpers/tags/base.rb actionpack/test/template/form_options_helper_test.rb
* | Backport fixes about #7774 to 3-2-stablemaximerety2013-03-051-0/+9
|/ | | | | Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is an empty string.
* Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a ↵Jeremy Kemper2013-02-241-1/+1
| | | | few times, so fix up the test to work with however it chooses to escape.
* Ruby 2.0.0 defaults source encoding to utf-8 so we need to specifically tag ↵Aaron Patterson2013-02-241-0/+1
| | | | this file with us-ascii
* Use 1.8 hash styleCarlos Antonio da Silva2013-02-221-1/+1
|
* determine the match shorthand target early.Yves Senn2013-02-221-0/+27
| | | | | | | | | Backport #9361. Closes #7554. This patch determines the `controller#action` directly in the `match` method when the shorthand syntax is used. this prevents problems with namespaces and scopes.
* Duplicate possible frozen string from routeAndrew White2013-01-211-0/+7
| | | | | | | | | | | | | Ruby 1.9 freezes Hash string keys by default so where a route is defined like this: get 'search' => 'search' then the Mapper will derive the action from the key. This blows up later when the action is added to the parameters hash and the encoding is forced. Closes #3429
* Do not run this streaming test in Ruby 1.8, fix syntax errorCarlos Antonio da Silva2013-01-171-5/+8
|
* Merge pull request #5288 from lest/patch-2José Valim2013-01-171-0/+13
| | | | | | force response body to be read in assert_template Conflicts: actionpack/lib/action_controller/test_case.rb
* fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ↵Aditya Sanghi2013-01-161-0/+21
| | | | dispatch logic
* Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-151-1/+2
| | | | | | Remove header bloat introduced by BestStandardsSupport middleware Conflicts: actionpack/CHANGELOG.md
* Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-111-0/+7
| | | | Backports #8855.
* Merge pull request #8756 from causes/js_include_tag_fixGuillermo Iguaran2013-01-101-0/+7
|\ | | | | Fix javascript_include_tag when no js runtime is available
| * Fix javascript_include_tag when no js runtime is availableNoah Silas2013-01-071-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In a production environment where the assets have been precompiled, we don't want an assets compile step to happen on the application server at all. To ensure this, a js runtime may not be available on the app servers. In this environment, pages using javascript_include_tag for assets with non-standard or chained extensions were throwing 500 errors. For instance, `javascript_include_tag('jquery.min')` would blow up. Sprockets was attempting to build the assets being included during the rewrite_extension step (responsible for appending a '.js' extension to assets being included by the basename rather than a fully qualified name). This was happening as a step to resolve #6310, which required checking for the presence of an asset with a non-standard extension before appending the extension. We can check for the presence of an asset without invoking the asset build step by using Sprockets' resolve method, which will search for the base file without building it (and is the method that find_asset uses internally to get the path to the asset before attempting to build it). When rewriting the extension on an asset, these are the steps: - If the source does not have an extension, assume that the default extension is desired and append it. - If there is an extension and it doesn't match the default extension, check to see if a file with the precise name specified exists amongst the assets; if it is present, do not append the default extension. (This is the step that resolves #6310).
* | Fixes issue where duplicate assets can be required with sprockets.jejacks0n2013-01-103-0/+7
| | | | | | | | | | - addresses the problem by calling flatten on asset array before calling uniq. - adds note to CHANGELOG.
* | Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-083-0/+45
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| | |
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-082-0/+32
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
* | | Do not call fields_for from form_for, to avoid instantiating two buildersCarlos Antonio da Silva2013-01-061-1/+13
| | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/form_helper.rb actionpack/test/template/form_helper_test.rb
* | | backport #4f0f1b5 into 3-2-stable. because 1.9.3-p362 warned unused variables.SHIBATA Hiroshi2013-01-051-1/+2
| |/ |/| | | | | | | Conflicts: actionpack/test/controller/render_test.rb
* | Use Ruby 1.8 syntaxRafael Mendonça França2013-01-021-2/+2
| |
* | Backport #8701, do not append a second slash with `trailing_slash: true`Yves Senn2013-01-021-5/+15
| |
* | fix block.arity raise nil error when not given a block to "content_tag_for"jasl2013-01-021-0/+8
| |
* | Don't use 1.9 hash syntax on 3-2-stableAndrew White2012-12-141-8/+8
| |
* | Clear url helper methods when routes are reloadedAndrew White2012-12-141-0/+86
| | | | | | | | | | | | | | | | Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak. Closes #8488.
* | Merge pull request #8490 from mattv/fix_request_raw_postRafael Mendonça França2012-12-111-0/+7
| | | | | | | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md
* | Make distance_of_time_in_words work with DateTime offsetsAndrew White2012-12-041-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because DateTime#to_time returns self when it has a non-zero offset and subtracting two DateTime instances returns a Rational then the distance_of_time_in_words methods outputs an incorrect value. This is fixed in master because we can rely on Ruby 1.9.3's implementation of to_time but it can't be fixed on Ruby 1.8.7 as there is no way to map the DateTime to a Time with a non-zero offset. We can workaround the problem by casting to Float before doing the subtraction in the distance_of_time_in_words method. Closes #8390
* | Make output of distance_of_time_in_words consistentAndrew White2012-12-041-2/+19
| | | | | | | | | | | | | | | | | | | | This commit fixes the output of distance_of_time_in_words when using integer or duration arguments. Previously a distance of more than 30 seconds would be output as 'Less than 1 minute' when using integer arguments and '1 minute' when using two Time instances more than 30 seconds apart. Cherry picked from 5fdd4cd9e47be972f146a8a17a74c8f4700e2ac0
* | Use 1.8 hash styleCarlos Antonio da Silva2012-12-031-1/+1
| |
* | Override <%== to always behave as literal text rather than toggling based on ↵Jeremy Kemper2012-12-032-4/+10
| | | | | | | | | | | | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. Conflicts: actionpack/test/template/template_test.rb
* | Merge pull request #8402 from ↵Rafael Mendonça França2012-12-021-1/+6
| | | | | | | | | | | | | | | | | | senny/8376_descriptive_error_message_for_partial_layout_true More descriptive error when rendering a partial with `:layout => true` Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/renderer/partial_renderer.rb
* | Accept symbols as #send_data :disposition valueElia Schito2012-11-271-1/+13
| |
* | Add i18n scope to disance_of_time_in_words.Steve Klabnik2012-11-261-3/+12
| | | | | | | | This is a backport of rails/rails#7997.
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-11-161-6/+6
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-11-161-0/+9
| |
* | Merge pull request #8235 from tilsammans/dont_escape_actionmailer_when_plaintextJosé Valim2012-11-161-1/+15
| | | | | | | | | | | | | | | | Introduce `ActionView::Template::Handlers::ERB.escape_whitelist` Conflicts: actionpack/CHANGELOG.md actionpack/test/template/template_test.rb
* | Update mocha version to 0.13.0 and change requiresCarlos Antonio da Silva2012-11-132-3/+3
| |
* | Merge pull request #8093 from nikitug/keep_app_x_ua_compatibleCarlos Antonio da Silva2012-11-081-0/+34
| | | | | | | | | | | | | | Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header) Conflicts: actionpack/CHANGELOG.md
* | backport, handle trailing slash with enginesYves Senn2012-11-081-0/+5
| | | | | | | | this is a backport of #8115 to fix #7842
* | Merge pull request #8108 from Casecommons/fix-multiple-and-index-in-instance-tagRafael Mendonça França2012-11-081-0/+13
|/ | | | | | | Support :multiple option on input tags that also have :index Conflicts: actionpack/lib/action_view/helpers/tags/base.rb actionpack/lib/action_view/helpers/tags/collection_check_boxes.rb
* Add test to avoid regression of 4a86362Rafael Mendonça França2012-11-021-0/+10
|
* Revert "Merge pull request #7668 from Draiken/fix_issue_6497"Rafael Mendonça França2012-11-021-7/+0
| | | | | | | | | This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135. Conflicts: actionpack/CHANGELOG.md REASON: This added a backward incompatible change.
* Revert "Merge pull request #7659 from HugoLnx/template_error_no_matches_rebased"Rafael Mendonça França2012-10-312-23/+0
| | | | | | | | | | | | | This reverts commit 7d17cd2cbfc086f5aa9dd636e1207eb130150428. Conflicts: actionpack/CHANGELOG.md Reason: This added a regression since people were relying on this buggy behavior. This will introduce back #3849 but we will be backward compatible in stable release. Fixes #8068.
* Merge pull request #7865 from teleological/link_to_remote_3_2Rafael Mendonça França2012-10-061-0/+7
|\ | | | | Accept :remote as symbol in link_to options (backport)
| * Accept :remote as symbol in link_to optionsRiley2012-10-061-0/+7
| | | | | | | | | | Accept either :remote or 'remote' in both the html_options and (url_)options hash arguments to link_to.