| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Also changed the exception to UnpermittedParameters
|
|\
| |
| | |
Exception on unexpected params when enabled.
|
| |
| |
| |
| | |
provided.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
| |
|
| |
|
|
|
|
| |
This is version of #8640 for master
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
These tests are needed only if we are using MiniTest::Spec
|
|
|
|
|
| |
minitest/autorun load minitest/spec polluting the global namespace with
the DSL that we don't want on Rails
|
|\
| |
| |
| |
| | |
senny/8661_should_not_append_charset_if_already_present
Charset should not be appended to image/* type
|
| |
| |
| |
| |
| |
| |
| | |
1) Failure:
test_head_created_with_image_png_content_type(RenderTest) [test/controller/render_test.rb:1238]:
Expected: "image/png"
Actual: "image/png; charset=utf-8"
|
|\ \
| |/
|/| |
fix testcase: ruby-2.0.0 warned unused variables
|
| |
| |
| |
| | |
unused variables
|
| |
| |
| |
| | |
`false`
|
| | |
|
|\ \
| | |
| | | |
if format is unknown NullMimeTypeObject is returned
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If a request has an unknown format, the methods html?, xml?, json? ...etc
not raise an Exception.
This patch add a class Mime::NullType, that is returned when request.format is unknown
and it responds false to the methods that ends with '?' and true to 'nil?'.
It refers to #7837, this issue is considered a improvement not a bug.
|
|\ \ \
| |/ /
|/| | |
Digestor explicit dependency should not contain trailing whitespace
|
| | |
| | |
| | |
| | | |
test for rails/rails#8586
|
| | |
| | |
| | |
| | | |
with Rails 4.0.
|
|\ \ \
| |/ /
|/| | |
Http token parser bug
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adding a test for the equal trun bug
Adding a test for the after equal trunc bug
Adding a test for the slash bug
Adding a test for the slash quote bug
Adding a helper method for creating a sample request object with token
Writing a method to create params array from raw params
Writing a method to rewrite param values in the params
Writing a method to get the token params from an authorization value
Refactoring the token_and_options method to fix bugs
Removing unnessecary test
A constant for this shared regex seemed appropriate
Wanting to split up this logic
Adding small documentation pieces
|
| |
| |
| |
| |
| |
| |
| |
| | |
Move the Journey code underneath the ActionDispatch namespace so
that we don't pollute the global namespace with names that may
be used for models.
Fixes rails/journey#49.
|
| |
| |
| |
| |
| |
| | |
Removes support for :encode, :replace_at, and :replace_dot
options from the mail_to helper. Support for these options
has been extracted to the 'actionview-encoded_mail_to' gem.
|
|/
|
|
| |
closes #8388
|
|\
| |
| |
| | |
Removed :if / :unless conditions to fragment cache in favour of *cache_i...
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cache_if(condition, option, &block) and cache_unless(condition, option, &block).
In the PR #8371 was introduced conditional options :if and :unless in
the cache method.
Example:
<%= cache @model, if: some_condition(@model) do %>
...
<%end%>
This is a good feature but *cache_if* and and *cache_unless*
are more concise and close to the standard of rails view helpers
(ex: link_to_if and link_to_unless).
Example:
<%= cache_if condition, @model do %>
...
<%end%>
|
|/
|
|
|
| |
Remove all the old url helper methods when clear! is called on the
route set because it's possible that some routes have been removed.
|
|
|
|
|
|
|
|
|
| |
If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to
the result of #body (which will return env['rack.input'] if
env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind
the result of another call to #body. Since env['RAW_POST_DATA'] has
already been set, the result of #body is not env['rack.input'] anymore.
This causes env['rack.input'] to never be rewound.
|
|\
| |
| | |
Prevent raising EOFError on multipart GET request.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.
It's similar fix to Rack's one:
https://github.com/chneukirchen/rack/blob/8025a4ae9477d1e6231344c2b7d795aa9b3717b6/lib/rack/request.rb#L224
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
This reverts commit c59734f756b79c39486c45273d2cc5d42cd0c864.
|
|
|
|
|
|
|
|
|
|
| |
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes #6421
|
|
|
|
| |
[Stephen Ausman + Fabrizio Regini]
|
| |
|
|
|
|
|
|
| |
be ignored. A regular expression constraint gets overwritten when the
routes.rb file is processed. Changed the overwriting to an ||= instead
of an = assignment.
|
|
|
|
| |
whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.
|