aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
* optimizes array conversion in AC::ParametersXavier Noria2013-12-211-0/+5
|
* converts hashes in arrays of unfiltered params to unpermitted params [fixes ↵Xavier Noria2013-12-211-0/+7
| | | | #13382]
* Merge pull request #13188 from imanel/skip_deep_mungeJeremy Kemper2013-12-191-0/+15
|\ | | | | | | | | | | | | Add configuration option to optionally disable deep_munge Conflicts: actionpack/CHANGELOG.md
| * Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+15
| |
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-201-1/+1
|\ \
| * | Typos. return -> returns. [ci skip]Lauro Caetano2013-12-031-1/+1
| | |
* | | Fix assertions for testing unknown formats using Mime::NullTypeCarlos Antonio da Silva2013-12-191-5/+5
| | |
* | | Show routes defined under assets prefixRyunosuke SATO2013-12-191-0/+12
| | | | | | | | | | | | Closes #9625
* | | Prefer assert_raise instead of flunk + rescue to test for exceptionsCarlos Antonio da Silva2013-12-192-20/+9
| | | | | | | | | | | | | | | | | | Change most tests to make use of assert_raise returning the raised exception rather than relying on a combination of flunk + rescue to check for exception types/messages.
* | | Change all `MiniTest` to `Minitest` since, `MiniTest` namespace has been ↵Vipul A M2013-12-181-5/+5
| | | | | | | | | | | | | | | | | | renamed to `Minitest` Ref: https://github.com/seattlerb/minitest/blob/master/History.txt
* | | Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-0/+10
| | |
* | | Merge pull request #13345 from jeremy/get-csrfJeremy Kemper2013-12-173-12/+72
|\ \ \ | | | | | | | | CSRF protection from cross-origin <script> tags
| * | | CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-173-12/+72
| | | | | | | | | | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* | | | Disable available locales checks to avoid warnings running the testsCarlos Antonio da Silva2013-12-171-0/+3
|/ / /
* | | Spelling and Grammar check [ci skip]Akshay Vishnoi2013-12-161-1/+1
| | |
* | | Make ActionDispatch::Request::Session#fetch behave like Hash#fetchTrent Ogren2013-12-111-3/+2
| | | | | | | | | | | | | | | | | | Session#fetch was mutating the session when given a default argument and/or a block. Since Session duck-types as a Hash, it should behave like one in these cases.
* | | Fix mounting engines inside a resources blockPiotr Sarnacki2013-12-101-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a route is mounted inside a resources block, it's automatically prefixed, so a following code: resources :users do mount Blog::Engine => '/blog' end will generate a user_blog path helper. In order to access engine helpers, we also use "mounted_helpers", a list of helpers associated with each mounted engine, so a path to blog's post can be generated using user_blog.post_path(user, post). The problem I'm fixing here is that mount used a raw :as option, without taking nestings into account. As a result, blog was added to a route set as a `user_blog`, but helper was generated for just `blog`. This commit applies the proper logic for defining a helper for a mounted engine nested in resources or resource block. (closes #8533)
* | | Inline variants syntaxŁukasz Strzałkowski2013-12-102-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | | Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-13/+1
| | | | | | | | | | | | | | | | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
* | | Inline variants syntaxŁukasz Strzałkowski2013-12-081-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | | Variants can be declared without a block to signify their presence in the ↵David Heinemeier Hansson2013-12-072-1/+2
| | | | | | | | | | | | controller
* | | Allow code execution in case no variant has been set with variant.noneDavid Heinemeier Hansson2013-12-071-0/+16
| | |
* | | Fixed test for Mime::VCFArun Agrawal2013-12-061-3/+3
| | | | | | | | | | | | Added here 13dd38cee79be39f7b399e142fd78295dddd2abb
* | | Remove missing integration points of AV extractionCarlos Antonio da Silva2013-12-052-3/+1
| |/ |/|
* | Action Pack VariantsŁukasz Strzałkowski2013-12-044-1/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* | Merge branch 'master-sec'Aaron Patterson2013-12-031-0/+15
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * | Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* | | Merge branch 'format_localized_template' of https://github.com/acapilleri/railsGuillermo Iguaran2013-12-032-0/+12
|\ \ \ | |/ / |/| | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * | Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-032-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
* | | Merge pull request #12123 from aredondo/masterCarlos Antonio da Silva2013-12-021-0/+8
|\ \ \ | | | | | | | | | | | | | | | | Add regression test for IpSpoofAttackError issue Closes #10780
| * | | Add regression test for IpSpoofAttackError issueAlvaro Redondo2013-09-031-0/+8
| | | | | | | | | | | | | | | | See #10780
* | | | Try to escape each part of a path redirect route correctlyAndrew White2013-12-021-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A path redirect may contain any and all parts of a url which have different escaping rules for each part. This commit tries to escape each part correctly by splitting the string into three chunks - path (which may also include a host), query and fragment; then it applies the correct escape pattern to each part. Whilst using `URI.parse` would be better, unfortunately the possible presence of %{name} parameters in the path redirect string prevents us from using it so we have to use a regular expression instead. Fixes #13110.
* | | | Typo fixes [ci skip]Akshay Vishnoi2013-11-301-2/+2
| | | |
* | | | fixed-case when invalid action name has passedKuldeep Aggarwal2013-11-281-0/+3
| | | |
* | | | fixed typo `destory` => `destroy` [ci skip]Kuldeep Aggarwal2013-11-281-1/+1
| |/ / |/| |
* | | Better error message for typos in assert_response argument.Victor Costan2013-11-251-0/+8
| | | | | | | | | | | | | | | This commit makes it really easy to debug errors due to typos like "assert_response :succezz".
* | | Raise RuntimeErrors with inspectable and MRI-independent messages.Federico Ravasio2013-11-242-4/+4
| |/ |/| | | | | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation.
* | Build fix for Routing InspectorArun Agrawal2013-11-221-2/+2
| | | | | | | | | | | | Broken by 6701b4cf41f6f3d9cfc6a93715acbf852d1e468e
* | Fix for routes taskSıtkı Bağdat2013-11-211-16/+16
| | | | | | | | This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
* | `skiping` => `skipping`Kuldeep Aggarwal2013-11-191-1/+1
| |
* | Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+18
| |
* | Skip test which is broken on jrubyGaurish Sharma2013-11-091-0/+4
| | | | | | | | | | | | This test is broken from quite a while & is expected to remain broken as encoding issues are hardest to fix in JRuby. so lets skip this test for now
* | Eliminate `JSON.{parse,load,generate,dump}` and `def to_json`Godfrey Chan2013-11-055-21/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JSON.{dump,generate} offered by the JSON gem is not compatiable with Rails at the moment and can cause a lot of subtle bugs when passed certain data structures. This changed all direct usage of the JSON gem in internal Rails code to always go through AS::JSON.{decode,encode}. We also shouldn't be implementing `to_json` most of the time, and these occurances are replaced with an equivilent `as_json` implementation to avoid problems down the road. See [1] for all the juicy details. [1]: intridea/multi_json#138 (comment)
* | Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-023-32/+1
| | | | | | | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* | Merge pull request #9660 from ↵Guillermo Iguaran2013-11-013-1/+32
|\ \ | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * | Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-113-1/+32
| | | | | | | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | | session#fetch doesn't behave exactly like Hash#fetch.Damien Mathieu2013-10-301-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Mention it in the changelog and add a test checking for regressions. Hash#fetch isn't adding the defaultly returned value. However, in the session, saving it is the behavior we should expect. See discussion in #12692
* | | add the fetch method to sessionsDamien Mathieu2013-10-291-0/+13
| | |
* | | don't mutate hash with fetchDoug Cole2013-10-261-0/+6
| | |
* | | pass app config to controller helper proxyTima Maslyuchenko2013-10-241-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After this fix application config become available when calling helper outisde of view config/application.rb #... config.asset_host = 'http://mycdn.com' #... Somewhere else ActionController::Base.helpers.asset_path('fallback.png') # => http://mycdn.com/assets/fallback.png