| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Remote ip logic and validation. IPv6 support.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
tests.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
real date points
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
distance_of_time_in_words
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Catch nil.to_sym errors in partial_renderer, and raise ArgumentError instead
|
| | | | | | | |
|
| | | | | | | |
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
ActionController::RoutingError are raised in router execution time and can not be
rescued in a controller.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add method FormBuilder#index
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
know the index number into the iteration.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
'itemscope' is defined within HTML5 for use in microdata markup. See
http://www.whatwg.org/specs/web-apps/current-work/multipage/microdata.ht
ml#attr-itemscope
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Document that default_url_options must return a hash with symbolized keys
|
| | | | | | | | |
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This reverts commit 174cf8b22064c3999dfa685014d5b31ac993bb54, reversing
changes made to 7ecd6a731bd60665bc6de94095137f0b2c4ada2a.
The reverted commit improved the performance in the wrong place, now we
have added this 6ddbd1844a6fd6aca2992f5f75c9f605cf89808f improvement.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Remove unnecessary in HTML 5 type attribute with default value
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
stringified keys
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
mo fasta and mo betta the url_for
|
| |/ / / / / / |
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
prevent the cache sweeper ignores NoMethodError
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
closes #5672
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Block version of label should wrapped in field_with_errors in case of error
|
| | | | | | | | |
|
|/ / / / / / / |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
nertzy/prefix_partial_path_with_controller_namespace
Add config option to turn off prefixing partial path with controller namespace
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
config.action_view.prefix_partial_path_with_controller_namespace
This allows you to choose to render @post using
/posts/_post.erb instead of /admin/posts/_post.erb
inside Admin::PostsController.
|
| |/ / / / / / |
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Missed commits from 3-2-stable
|
| | | | | | | |
|
| | | | | | | |
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | | |
Closes #5632
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If embedding auth_token in remote forms is off and we
pass a value for auth_token it should respect it.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
to `false`. This change breaks remote forms that need to work also without javascript,
so if you need such behavior, you can either set it to `true` or explicitly pass
`:authenticity_token => true` in form options
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
There is a regression introduced in 16ee611fa, which breaks
remote forms that should also work without javascript. This commit
introduces config option that allows to configure this behavior
defaulting to the old behavior (ie. include authenticity token
in remote forms by default)
Conflicts:
actionpack/CHANGELOG.md
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix label_tag to merge the options hash with the object hash
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
hash.
Closes #2492 and #5615
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
doesn't call for label.
objectify_options method should be applied to the proper options arg.
See explanation and example of the bug - https://github.com/kryzhovnik/rails_field_error_proc_bug_example
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Don't break Haml with textarea newline fix. (master)
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
See issue #393, issue #4000, issue #5190, and issue #5191. Adds a newline after the textarea opening tag based on @codykrieger's original patch so that we don't cause regressions in Haml-using apps. The regression caused textarea tags to add newlines to the field unintentionally (each update/save added an extra newline.)
Also fix 6 more tests that didn't yet have the newline expectation.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
if you want to read the file you may need to ask if there is something
to read from
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Previously `rendered_format` was set only based on mime types
passed in Accept header, which was wrong if first type from
Accept was different than rendered partial. The fix is to simply
move setting rendered_format to the place where template
is available and grab format from the template. If it fails
we can fallback to formats passed by Accept header.
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When someone accidentally passes a string to sanitize like:
sanitize("<span>foo</span>", :tags => "b")
there is no indication that it's the wrong way and span
will not be removed.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Commit: 7a0cf2f5294e8bcef547642435636b394340a3e4
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Properly deprecate the block argument in AV FormBuilder
|