| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
navigation
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
there are no errors
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
| |
default response status and error messages should be returned
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
| |
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
|
|
| |
It seems like in 89c5b9aee7d7db95cec9e5a934c3761872ab107e Aaron actually put the test in action_dispatch folder. However, there's already a `test/dispatch` directory which I think it's more appropriate.
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
|
|
|
|
|
|
|
| |
match the (.:format) segment [#6605 state:resolved]
After some discussion with Andrew White, it seems like this is a better approach for handling a wildcard route. However, user can still bring back the old behavior by supplying `:format => false` to the route.
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
|
|
|
| |
authentication with a single class method call [DHH]
|
|
|
|
|
|
|
|
| |
protocol
This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action.
This featured was requested by DHH.
|
| |
|
|
|
|
| |
of through the :html hash [DHH]
|
|
|
|
|
|
| |
template, test included
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
|
|
|
| |
The method_name argument is "default_render" for implicit actions
so use the action_name attribute to determine which callbacks to run.
[#5673 state:resolved]
|
|
|
|
| |
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
|
|
|
| |
This will make the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default
|
| |
|
| |
|
|
|
|
|
|
| |
than 1 but greater than -1 [#6576 state:resolved]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
| |
|
|
|
|
|
|
| |
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
Signed-off-by: Xavier Noria <fxn@hashref.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear
[#6272 state:resolved]
|
| |
|
|
|
|
| |
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
| |
|
|
|
|
|
|
| |
[#4551 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
always renders a nil response body. It now correctly renders the response body.
Note that only GET and HTTP 200 responses can be cached.
[#6480 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
| |
that anonymous classes are supported
|
| |
|
|
|
|
|
|
| |
not Time.zone_default.
[#6410 state:committed]
|
|
|
|
| |
nil value
|
| |
|
|
|
|
| |
[#6389 state:resolved]
|
|
|
|
| |
[#6416 state:resolved]
|
| |
|
|
|
|
| |
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
| |
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
| |
corrects issues with ordering and duplicates.
|
|
|
|
|
|
|
|
| |
they are expanded, and removing duplicates.
When individual js assets are specified, they will override the order of the same asset specified in an expansion.
[#5938 state:resolved]
|
|
|
|
|
|
| |
nested attributes and erb
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the HTML 4.01 spec:
Buttons created with the BUTTON element function just like buttons
created with the INPUT element, but they offer richer rendering
possibilities: the BUTTON element may have content. For example, a
BUTTON element that contains an image functions like and may resemble
an INPUT element whose type is set to "image", but the BUTTON element
type allows content.
Since rich content is the main purpose of the <button> element, it makes
sense for the button_tag helper to accept a block.
http://www.w3.org/TR/html401/interact/forms.html#edef-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#the-button-element
Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
"submit" is the default value of the <button> element's type attribute
according to the HTML 4.01 and the HTML5 draft specs, so if button_tag
is going to have a default, type="submit" is a more sensible choice than
type="button".
http://www.w3.org/TR/html401/interact/forms.html#adef-type-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#attr-button-type
Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
|
|
|
|
|
|
| |
the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned.
Signed-off-by: José Valim <jose.valim@gmail.com>
|
|
|
|
|
|
|
|
| |
with the same same."
Applied the wrong version.
This reverts commit 98c0c5db50a7679b3d58769ac22cb0a27a62c930.
|
|
|
|
| |
the same same.
|
|
|
|
|
|
|
|
| |
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
X-CSRF-Token: ...
This fixes CVE-2011-0447
|
| |
|
|
|
|
|
|
| |
filesystems.
This fixes CVE-2011-0449
|