| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When someone sends malformed authorization header, like:
Authorization: Token foobar
given token should be just ignored and resource should not be authorized,
instead of raising error. Before this patch controller would return 401 header
only for well formed tokens, like:
Authorization: Token token=foobar
and would return 500 in former case.
|
| |
|
|
|
|
|
|
| |
When a select tag is created for a field with errors, then the inserted
options will errantly have a <div class="field_with_errors"> wrapping
them.
|
|
|
|
|
| |
minitest/spec provides `describe`, so deprecate the rails version and
have people use the superclass version
|
|
|
|
|
| |
The extension was removed in 22bc12ec374b8bdeb3818ca0a3eb787dd3ce39d8,
making "test" an alias for minitest's "it".
|
|
|
|
| |
Follow the consistency defined in dbc43bc.
|
|
|
|
| |
this is so we can show route output in the development when we get a routing error. Railties can use features of ActionDispatch, but ActionDispatch should not depend on Railties.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Assuming the type ":touch", Collector.new was calling
send(:touch), which instead of triggering method_missing
and generating a new collector method, actually
invoked the private method `touch` inherited from
Object.
By generating the method for each mime type as it
is registered, the private methods on Object can
never be reached by `send`, because the `Collector`
will have them before `send` is called on it.
To do this, a callback mechanism was added to Mime::Type
This allows someone to add a callback for whenever
a new mime type is registered. The callback then
gets called with the new mime as a parameter.
This is then used in AbstractController::Collector
to generate new collector methods after each mime
is registered.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master:
Add documentation for inheritance_column method
Use ArgumentError vs. RuntimeError, which is more precise.
CSV fixtures aren't supported by default anymore, update generated test_helper.rb to reflect that
fix quoting for ActiveSupport::Duration instances
Add few information on the field types
Add the options method to action_controller testcase.
|
| |
| |
| |
| | |
Signed-off-by: François de Metz <francois@stormz.me>
|
|/ |
|
|
|
|
| |
Related with 5e7d6bba79393de0279917f93b82f3b7b176f4b5
|
|
|
|
|
| |
Deprecate usage of filter object with #before and #after
methods as around callback
|
|
|
|
|
| |
They also make more sense here since all the related logic with I18n is
handled by AS::NumberHelper, and not by AV anymore.
|
|
|
|
|
|
| |
Just make use of the returning exception from assert_raise, instead of
calling the method again with a rescue clause to test the saved
exception number.
|
|\
| |
| | |
Don't paramify ActionDispatch::Http::UploadedFile in tests
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To test uploading a file without using fixture_file_upload, a posted
ActionDispatch::Http::UploadedFile should not be paramified (just like
Rack::Test::UploadedFile).
(Rack::Test::UploadedFile and ActionDispatch::Http::UploadedFile don't
share the same API, tempfile is not accessible on
Rack::Test::UploadedFile as discussed in
https://github.com/brynary/rack-test/issues/30)
|
|\ \
| | |
| | | |
Make the Resolver template cache threadsafe
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Template cache in the Resolver can be accessed by multiple threads
similtaneously in multi-threaded environments. The cache is implemented
using a Hash, which isn't threadsafe in all VMs (notably JRuby).
This commit extracts the cache to a new Cache class and adds mutexes to
prevent concurrent access.
|
| | | |
|
| |/
|/|
| |
| |
| | |
1. Change in test name as already defined.
2. ambiguous first argument; put parentheses or
even spaces
|
|\ \
| | |
| | |
| | | |
Added test for case when view doesn't have logger method when using
ActionController::Metal controller.
|
| | |
| | |
| | |
| | | |
ActionController::Metal controller.
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are several aspects to this commit, that don't well fit into broken down
commits, so they are detailed here:
* When a user uses response.headers['Cache-Control'] = some_value, then the
documented convention in ConditionalGet is not adhered to, in this case,
response.cache_control is ignored due to `return if
self[CACHE_CONTROL].present?`
* When a middleware sets cache-control headers that would clobber, they're
converted to symbols directly, without underscores. This would lead to bugs.
* Items that would live in :extras if set through expires_in, are placed
directly in the @cache_control hash, and not respected in many cases
(somewhat adhering to the aforementioned documentation).
* Although quite useless, any directive named 'extras' would be ignored.
The general convention applied is that expires_* take precedence, but no longer
overwrite everything and expires_* are ALWAYS applied, even if the header is
set.
I am still unhappy about the contents of this commit, and the code in general.
Ideally it should be refactored to no longer use :extras. I'd likely recommend
expanding @cache_control into a class, and giving it the power to handle the
merge in a more efficient fashion. Such a commit would be a larger change that
could have additional semantic changes for other libraries unless they utilize
expires_in in very standard ways.
|
|\ \
| | |
| | | |
Respect absolute paths in compute_source_path.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using compute_source_path to determine the full path of an
asset, if our source begins with '/', we don't want to include
the directory. Examples are illustrative:
> compute_source_path("foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/stylesheets/foo.css"
> compute_source_path("/foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/foo.css"
Before this patch, the second example would return the same as the
first.
Fixes #5680.
|
|/ / |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
AbstractController::Callbacks
|
|\ \
| | |
| | |
| | |
| | | |
* master-sec:
Array parameters should not contain nil values.
|
| | | |
|
|/ /
| |
| |
| |
| | |
This middleware is only for Public Exceptions.
This follows bd8c0b8a
|
| | |
|
| | |
|
| |
| |
| |
| | |
Module#methods are Symbols in Ruby >= 1.9
|
| |
| |
| |
| |
| | |
Module#instance_methods returns an Array of Symbols in Ruby >= 1.9
So this was not actually testing anything
|
| | |
|
| |
| |
| |
| |
| | |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
| |
| |
| |
| | |
Correct the use of to_model in polymorphic routing
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
|\ \
| | |
| | |
| | |
| | |
| | | |
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| | |
| | |
| | |
| | |
| | |
| | | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this patch the existing .force_ssl method handles both defining
the filter and handling the logic for performing the redirect.
With this patch the logic for redirecting to the HTTPS protocol is
separated from the filter logic that determines if a redirect should
occur. By separating the two levels of behavior, an instance method
for ActionController (i.e. #force_ssl_redirect) is exposed and available
for more granular SSL enforcement.
Cleaned up indentation.
|
| | |
| | |
| | |
| | | |
Add some tests for link_to with blocks and escaping content.
|