aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Address CVE-2014-4671 (JSONP Flash exploit)Greg Campbell2014-07-092-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
* | | | Force encoding of US-ASCII to UTF-8 in unescape_uri.Karl Entwistle2014-07-101-0/+5
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | Because URI paths may contain non US-ASCII characters we need to force the encoding of any unescaped URIs to UTF-8 if they are US-ASCII. This essentially replicates the functionality of the monkey patch to URI.parser.unescape in active_support/core_ext/uri.rb. Fixes #16104.
* | | Merge pull request #13999 from jamox/update_rackAaron Patterson2014-07-082-7/+17
|\ \ \ | |_|/ |/| | This updates rails to use edge rack
| * | Upgraded rackJarmo Isotalo2014-05-192-7/+17
| | | | | | | | | | | | | | | | | | | | | | | | As Rack has some non backwards compatible changes added required modifications to keep behaviour in rails close to same as before. Also modified generators to include rack/rack for not yet released version of rack
* | | always test against a routed rack app so there are always url_helpersAaron Patterson2014-07-074-35/+65
| | |
* | | Generate shallow paths for all children of shallow resources.Seb Jacobs2014-07-061-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit shallow resources would only generate paths for non-direct children (with a nested depth greater than 1). Take the following routes file. resources :blogs do resources :posts, shallow: true do resources :comments do resources :tags end end end This would generate shallow paths for `tags` nested under `posts`, e.g `/posts/:id/tags/`, however it would not generate shallow paths for `comments` nested under `posts`, e.g `/posts/:id/comments/new`. This commit changes the behaviour of the route mapper so that it generate paths for direct children of shallow resources, for example if you take the previous routes file, this will now generate shallow paths for `comments` nested under `posts`, .e.g `posts/:id/comments/new`. This was the behaviour in Rails `4.0.4` however this was broken in @jcoglan's fix for another routes related issue[1]. This also fixes an issue[2] reported by @smdern. [1] https://github.com/rails/rails/commit/d0e5963 [2] https://github.com/rails/rails/issues/15783
* | | Merge pull request #16013 from tgxworld/remove_symbolized_path_parametersRafael Mendonça França2014-07-042-5/+5
|\ \ \ | | | | | | | | Remove symbolized_path_parameters.
| * | | Remove symbolized_path_parameters.Guo Xiang Tan2014-07-022-5/+5
| | | | | | | | | | | | | | | | This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
* | | | Merge pull request #16011 from xjlu/token_and_optionsRafael Mendonça França2014-07-041-2/+22
|\ \ \ \ | | | | | | | | | | Improve token_and_options regex and test
| * | | | Improve token_and_options regex and testXinjiang Lu2014-07-011-2/+22
| | | | | | | | | | | | | | | | | | | | add a test case to test the regex for the helper method raw_params
* | | | | Change the JSON renderer to enforce the 'JS' Content TypeLucas Mazza2014-07-021-0/+13
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | The controller can set the response format as 'JSON' before the renderer code be evaluated, so we must replace it when necessary. Fixes #15081
* | | | Fix typoRafael Mendonça França2014-07-021-1/+1
|/ / /
* | | Merge pull request #15933 from rafael/masterRafael Mendonça França2014-06-271-0/+29
|\ \ \ | | | | | | | | | | | | | | | | | | | | Add always permitted parameters as a configurable option. [Rafael Mendonça França + Gary S. Weaver]
| * | | Improvements per code review.Rafael Chacón2014-06-271-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | * General style fixes. * Add changes to configuration guide. * Add missing tests.
* | | | Merge pull request #15537 from tgxworld/fix_state_leakMatthew Draper2014-06-203-4/+5
|\ \ \ \ | | | | | | | | | | Fix state leak.
| * | | | Remove redundant code.Guo Xiang Tan2014-06-051-4/+0
| | | | |
| * | | | Prevent state leak.Guo Xiang Tan2014-06-053-0/+5
| | | | |
* | | | | Fix request's path_info when a rack app mounted at '/'.Larry Lv2014-06-141-0/+7
| | | | | | | | | | | | | | | | | | | | Fixes issue #15511.
* | | | | Merge pull request #15692 from sromano/falseClassMatthew Draper2014-06-141-1/+17
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | ActionController::Parameters#require now accepts FalseClass values
| * | | | | ActionController::Parameters#require now accepts FalseClass valuesSergio Romano2014-06-131-1/+17
|/ / / / / | | | | | | | | | | | | | | | Fixes #15685.
* | | | | Fix parsed token value with header `Authorization token=`.Larry Lv2014-06-131-6/+23
| | | | |
* | | | | use Ruby for mockingAaron Patterson2014-06-121-1/+1
| | | | |
* | | | | remove warningsKuldeep Aggarwal2014-06-122-3/+0
| |_|_|/ |/| | | | | | | | | | | warning: assigned but unused variable - scope_called, path and strexp
* | | | Merge pull request #15545 from zuhao/refactor_actionpack_assert_select_testYves Senn2014-06-081-1/+4
|\ \ \ \ | | | | | | | | | | Restore test deliveries for ActionMailer.
| * | | | Restore test deliveries for ActionMailer.Zuhao Wan2014-06-071-1/+4
| |/ / /
* | | | Handle client disconnect during live streamingMatthew Draper2014-06-081-0/+89
| | | | | | | | | | | | | | | | .. even when the producer is blocked for a write.
* | | | adds some details to the rationale of converted_arrays [ci skip]Xavier Noria2014-06-071-1/+1
| | | |
* | | | adds a regression test for the strong params converted arrays cacheXavier Noria2014-06-071-1/+18
| | | | | | | | | | | | | | | | This is a regression test for 29844dd.
* | | | Revert "Convert StrongParameters cache to a hash. This fixes an unbounded"Xavier Noria2014-06-071-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot cache keys because arrays are mutable. We rather want to cache the arrays. This behaviour is tailor-made for the usage pattern strongs params is designed for. In a forthcoming commit I am going to add a test that covers why we need to cache by value. Every strong params instance has a live span of a request, the cache goes away with the object. Since strong params have such a concrete intention, it would be interesting to see if there are actually any real-world use cases that are an actual leak, one that practically may matter. I am not convinced that the theoretical leak has any practical consequences, but if it can be shown there are, then I believe we should either get rid of the cache (which is an optimization), or else wipe it in the mutating API. This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
* | | Merge pull request #15530 from zuhao/refactor_actionpack_reloader_testMatthew Draper2014-06-061-0/+5
|\ \ \ | | | | | | | | Reset callbacks after test.
| * | | Reset callbacks after test.Zuhao Wan2014-06-051-0/+5
| | | | | | | | | | | | | | | | Otherwise the state of callback chain is leaked.
* | | | Merge pull request #15532 from zuhao/refactor_actionpack_response_testYves Senn2014-06-051-2/+4
|\ \ \ \ | | | | | | | | | | Restore Response.default_headers after test.
| * | | | Restore Response.default_headers after test.Zuhao Wan2014-06-051-2/+4
| | | | |
* | | | | Avoid hard-coded value in test setup/teardown.Zuhao Wan2014-06-051-1/+2
|/ / / /
* | | | Merge pull request #15529 from zuhao/refactor_actionpack_mime_type_testYves Senn2014-06-052-8/+0
|\ \ \ \ | |/ / / |/| | | Make sure Mime::Type is not altered after tests.
| * | | Mime::PNG is already defined.Zuhao Wan2014-06-052-8/+0
| | | |
* | | | Avoid hardcoded value in test setup/teardown.Zuhao Wan2014-06-051-1/+2
|/ / /
* | | Merge pull request #15498 from zenspider/fix_memory_leakGuillermo Iguaran2014-06-031-1/+1
|\ \ \ | | | | | | | | Convert StrongParameters cache to a hash. This fixes an unbounded memory leak
| * | | Convert StrongParameters cache to a hash. This fixes an unboundedRyan Davis2014-06-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | memory leak demonstrated on @tenderlove's latest blog post: http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html
* | | | Partially revert deprecation of *_filterRafael Mendonça França2014-06-031-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are going to deprecate only on Rails 5 to make easier plugin maintainers support different Rails versions. Right now we are only discouraging their usage. This reverts commit 6c5f43bab8206747a8591435b2aa0ff7051ad3de. Conflicts: actionpack/CHANGELOG.md
* | | | Merge pull request #15349 from tgxworld/remove_duplicated_method_callRafael Mendonça França2014-06-031-4/+1
|\ \ \ \ | | | | | | | | | | Remove duplicated HashWithIndifferentAccess#with_indifferent_access.
| * | | | Remove duplicated HashWithIndifferentAccess#with_indifferent_access.Guo Xiang Tan2014-05-261-4/+1
| | | | |
* | | | | Routes specifying 'to:' must be a string that contains a "#" or a rackAaron Patterson2014-06-032-24/+32
| | | | | | | | | | | | | | | | | | | | | | | | | application. Use of a symbol should be replaced with `action: symbol`. Use of a string without a "#" should be replaced with `controller: string`.
* | | | | use the factory method to construct the mappingAaron Patterson2014-06-031-1/+1
| | | | |
* | | | | add tests for mixing :to and controller / actionAaron Patterson2014-06-031-0/+48
| | | | |
* | | | | add tests for nested lambda constraintsAaron Patterson2014-06-031-0/+27
| | | | |
* | | | | test with an empty viaAaron Patterson2014-06-031-0/+8
| | | | |
* | | | | add a test for missing "via" parameterAaron Patterson2014-06-031-0/+8
| | | | |
* | | | | Mapping never actually uses @set, so rmAaron Patterson2014-05-291-1/+1
| | | | |
* | | | | no more is_a checks on instantiationAaron Patterson2014-05-291-4/+0
| | | | |