| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
To test uploading a file without using fixture_file_upload, a posted
ActionDispatch::Http::UploadedFile should not be paramified (just like
Rack::Test::UploadedFile).
(Rack::Test::UploadedFile and ActionDispatch::Http::UploadedFile don't
share the same API, tempfile is not accessible on
Rack::Test::UploadedFile as discussed in
https://github.com/brynary/rack-test/issues/30)
|
|
|
|
|
|
| |
This reverts commit 54f55746a70a7091341e84236498203118a7fbb4.
Reason: the last commit fixed the failing case
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1ac19c11792a745cd654f02dfaed8e93f95b3c70.
Conflicts:
actionpack/CHANGELOG.md
Reason: This is causing failures in the railties build.
See http://travis-ci.org/#!/rails/rails/jobs/2491787
Related with #7672
|
|
|
|
|
|
| |
Removing to_shorthand to fix #6497
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
| |
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
|
|
|
|
|
|
| |
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/log_subscriber.rb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
we should take disabled option not only from `html_options` hash but from
`options` hash too like `build_select` method does it. So
datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true })
datetime_select("post", "updated_at", :discard_minute => true , :disabled => true)
both these variants work now
closes #7431
|
|
|
|
|
|
| |
option_tags coerced to "" instead of nil
Closes #7404
|
| |
|
| |
|
|
|
|
|
|
| |
brainopia/support_for_magic_domain_on_all_stores""
This reverts commit a48ea6800ef712440b08c551f8041feb35de8cb4.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Thanks to Marek Labos & Nethemba
CVE-2012-3465
|
| |
| |
| |
| | |
CVE-2012-3463
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
| |
| |
| |
| |
| |
| | |
Rails were including 'application.js' to the pack when using
`javascript_include_tag :all` even there's no application.js in the
public directory.
|
| |
| |
| |
| |
| |
| |
| |
| | |
brainopia/support_for_magic_domain_on_all_stores"
This reverts commit 393c652cf63875f2728c04d47b34b2d6ae908186.
This commit was supposed to fix a bug but it add more failures.
|
| |
| |
| |
| | |
Support cookie jar options for all cookie stores
|
|/
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
| |
This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
|
|
|
|
|
|
|
| |
This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a.
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
|
|
| |
option"
Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
This reverts commit fc092a9cba5fceec38358072e50e09250cf58840.
This reverts commit e9051e20aeb2c666db06b6217954737665878db7.
This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1.
This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Optional segments with a root scope need to have the leading slash
outside of the parentheses, otherwise the generated url will be empty.
However if the route has non-optional elements then the leading slash
needs to remain inside the parentheses otherwise the generated url
will have two leading slashes, e.g:
Blog::Application.routes.draw do
get '/(:category)', :to => 'posts#index', :as => :root
get '/(:category)/author/:name', :to => 'posts#author', :as => :author
end
$ rake routes
root GET /(:category)(.:format) posts#index
author GET (/:category)/author/:name(.:format) posts#author
This change adds support for optional segments that contain a slash,
allowing support for urls like /page/2 for the root path, e.g:
Blog::Application.routes.draw do
get '/(page/:page)', :to => 'posts#index', :as => :root
end
$ rake routes
root GET /(page/:page)(.:format) posts#index
Fixes #7073
(cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
|
|
|
|
|
|
|
|
|
| |
When a select tag is created for a field with errors, and that select
tag has :prompt or :include_blank options, then the inserted first
option will errantly have a <div class="field_with_errors"> wrapping
it.
See https://github.com/rails/rails/issues/7017
|
| |
|
|\
| |
| | |
Logger in metal backport for 3.2
|
| |
| |
| |
| | |
ActionController::Metal controller.
|
| | |
|
|/
|
|
| |
Respect absolute paths in compute_source_path.
|
| |
|
|
|
|
| |
AbstractController::Callbacks
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After the fix done in 39f9f02a, there are cases that will not work
correctly. If you have file with "2 extensions", like foo.min.js and you
reference the file without extension, like:
javascript_include_tag "foo.min"
it will fail because sprockets finds foo.min.js with foo.min argument.
This commit fixes this case and will get the right file even when
referrencing it without extension.
(closes #6598)
|
|
|
|
|
| |
This test is needed to avoid regressions in the way that flash works
now (swept in every request).
|
|
|
|
|
|
|
|
|
|
|
|
| |
This deprecation applies to:
`button_to`
`button_tag`
`image_submit_tag`
`link_to`
`submit_tag`
As :confirm is an UI specific option is better to use the data attributes,
teaching users about unobtrusive JavaScript and how Rails works with it.
|
|
|
|
|
| |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
|\
| |
| | |
Correct the use of to_model in polymorphic routing
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
|
|
|
|
|
| |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should lookup if asset without appended extension exists.
When sprockets are disabled the asset tag helpers incorporate
this logic. When sprockets are enabled we should have the same
logic.
For example, we have style.ext file in app/assets/stylesheets and
we use stylesheet_link_tag in the layout. In this case we should
have /assets/style.ext instead of /assets/style.ext.css in the
output.
Closes #6310
|
| |
|
|
|
|
|
|
|
| |
`excerpt` text helper uses `:radius`, not `line_width` (that is used by
`word_wrap` helper).
Also cleanup some whitespaces.
|
|
|
|
| |
Render img tag with empty src if empty string is passed to image_tag.
|
| |
|
| |
|
| |
|
|
|
|
| |
`button_to` and `submit_tag` helpers.
|