| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We can just use nokogiri
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Loofah-integration
Conflicts:
actionpack/CHANGELOG.md
actionview/CHANGELOG.md
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
abstract_unit.rb.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
never work. Switched to assert_matching the reponse body.
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
<encoded> wrapper. Updated tests to reflect this.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
elements[0] and elements[1].
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
recognize the namespace.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
selectors.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fixed a Nokogiri::CSS::SyntaxError by using its expected format for unicode characters.
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
This updates rails to use edge rack
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Prior to this commit shallow resources would only generate paths for
non-direct children (with a nested depth greater than 1).
Take the following routes file.
resources :blogs do
resources :posts, shallow: true do
resources :comments do
resources :tags
end
end
end
This would generate shallow paths for `tags` nested under `posts`,
e.g `/posts/:id/tags/`, however it would not generate shallow paths
for `comments` nested under `posts`, e.g `/posts/:id/comments/new`.
This commit changes the behaviour of the route mapper so that it
generate paths for direct children of shallow resources, for example
if you take the previous routes file, this will now generate
shallow paths for `comments` nested under `posts`, .e.g
`posts/:id/comments/new`.
This was the behaviour in Rails `4.0.4` however this was broken in
@jcoglan's fix for another routes related issue[1].
This also fixes an issue[2] reported by @smdern.
[1] https://github.com/rails/rails/commit/d0e5963
[2] https://github.com/rails/rails/issues/15783
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Remove symbolized_path_parameters.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This pull request is a continuation of https://github.com/rails/rails/commit/925bd975 and https://github.com/rails/rails/commit/8d8ebe3d.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Improve token_and_options regex and test
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
add a test case to test the regex for the helper method raw_params
|
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The controller can set the response format as 'JSON' before the renderer code be
evaluated, so we must replace it when necessary.
Fixes #15081
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Add always permitted parameters as a configurable option.
[Rafael Mendonça França + Gary S. Weaver]
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* General style fixes.
* Add changes to configuration guide.
* Add missing tests.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix state leak.
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fixes issue #15511.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
ActionController::Parameters#require now accepts FalseClass values
|
|/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fixes #15685.
|
| | | | | | | | |
|
| | | | | | | | |
|
| |_|_|/ / / /
|/| | | | | |
| | | | | | |
| | | | | | | |
warning: assigned but unused variable - scope_called, path and strexp
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Restore test deliveries for ActionMailer.
|
| |/ / / / / / |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
.. even when the producer is blocked for a write.
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is a regression test for 29844dd.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.
In a forthcoming commit I am going to add a test that covers why we need
to cache by value.
Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.
I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.
This reverts commit e63be2769c039e4e9ada523a8497ce3206cc8a9b.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Reset callbacks after test.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Otherwise the state of callback chain is leaked.
|