| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|/ |
|
| |
|
| |
|
|\
| |
| | |
Strong parameters exception handling
|
| | |
|
|/
|
|
| |
The same headers were being duplicated on every request.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes route defaults so that explicit defaults are no
longer required where the key is not part of the path. For example:
resources :posts, bucket_type: 'posts'
will be required whenever constructing the url from a hash such as a
functional test or using url_for directly. However using the explicit
form alters the behavior so it's not required:
resources :projects, defaults: { bucket_type: 'projects' }
This changes existing behavior slightly in that any routes which
only differ in their defaults will match the first route rather
than the closest match.
Closes #8814
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This now allows the use of arrays like this:
get '/foo/:action', to: 'foo', constraints: { subdomain: %w[www admin] }
or constraints where the request method returns an Fixnum like this:
get '/foo', to: 'foo#index', constraints: { port: 8080 }
Note that this only applies to constraints on the request - path
constraints still need to be specified as Regexps as the various
constraints are compiled into a single Regexp.
|
| |
|
|
|
|
|
|
|
| |
Now that Journey has been integrated into ActionDispatch we can raise
the exception ActionController::UrlGenerationError directly rather than
raising the internal Journey::Router::RoutingError and then have
ActionDispatch::Routing::RouteSet#generate re-raise the exception.
|
|\
| |
| | |
Rename :value to :selected for date_select, and add missing tests/docs
|
| |
| |
| |
| |
| | |
Add tests for time & datetime.
Add documentation.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
block. Breaks benchmark calls that return non-String values otherwise.
Revert "add benchmark helper that works in erb"
This reverts commit 904e544cc8f5846de7c31827bb5556c6a238c0de.
Conflicts:
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers/benchmark_helper.rb
actionpack/test/template/benchmark_helper_test.rb
|
|\ \
| |/
|/|
| |
| | |
Collection radio buttons and collection check boxes through FormBuilder render the provided block.
Closes #8897
|
| |
| |
| |
| |
| |
| |
| |
| | |
the provided block.
In the case of having a form_for method being called, the block for each
collection would not be passed and thus the result expected was always the same.
This patch passes the block to the original method like it would be assumed.
|
| | |
|
|/ |
|
|\
| |
| | |
Fixed nested fields bug when called with AssociationProxy
|
| |
| |
| |
| | |
support in form helper
|
| |
| |
| |
| | |
Fixes #8845.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Evaluate view_cache_dependencies at the instance level
Conflicts:
actionpack/lib/action_controller/caching.rb
|
| | | |
|
| | |
| | |
| | |
| | | |
All Action Pack tests are green.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
| | |
| | |
| | |
| | |
| | | |
This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing
changes made to f049016cd348627bf8db0d72382d7580bf802a79.
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | | |
* master-sec:
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A declarative API for specifying dependencies that affect template
cache digest computation. In your controller, specify any of said
dependencies:
view_cache_dependency { "phone" if using_phone? }
When the block is evaluated, the resulting value is included in the
cache digest calculation, allowing you to generate different digests
for effectively the same template. (Mostly useful if you're mucking
with template load paths.)
|
|\ \ \
| | | |
| | | | |
set 'alt' attribute for image_submit_tag
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
the discussion on https://github.com/rails/strong_parameters/pull/75.
|
|/ / / |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.
This was noticed due to warnings in Ruby 2.0 of not used variables,
which turned out to be the generation of not used variables inside
partials that do not contain objects related to them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
They don't add any benefits over `assert object.blank?`
and `assert object.present?`
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Also changed the exception to UnpermittedParameters
|
|\ \
| | |
| | | |
Exception on unexpected params when enabled.
|
| | |
| | |
| | |
| | | |
provided.
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
| | |
|