Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed session ID fixation for ActiveRecord::SessionStore | Joseph Wong | 2011-07-12 | 1 | -0/+31 |
| | | | | | | | | | | | | | | | | | I have found that Rails will take an invalid session ID specified by the client and materialize a session based on that session ID. This means that it is possible, among other things, for a client to use an arbitrarily weak session ID or for a client to resurrect a previous used session ID. In other words, we cannot guarantee that all session IDs are generated by the server and that they are (statistically) unique through time. The fix is to always generate a new session ID in #get_session if an existing session cannot be found under the incoming session ID. Also added new tests that make sure that an invalid session ID is never materialized into a new session, regardless of whether it comes in via a cookie or a URL parameter (when :cookie_only => false). | ||||
* | Grouped select helper | Andrew Radev | 2011-07-11 | 1 | -0/+36 |
| | | | | FormBuilder#select now works with a nested data structure. | ||||
* | config should always be an AS::InheritableOptions object. Closes #1992 | Santiago Pastorino | 2011-07-08 | 1 | -0/+4 |
| | |||||
* | use Zlib.crc2 rather that bytes.sum, as per Aaron's suggestion | Xavier Noria | 2011-07-08 | 1 | -1/+2 |
| | | | | | | That integer is rather irrelevant, the only thing that matters is that it is consistent and with no apparent bias. Zlib.crc32 is 8-10 times faster than bytes.sum, so use that. | ||||
* | removing brittle assertion | Aaron Patterson | 2011-07-07 | 1 | -1/+0 |
| | |||||
* | Using the sum of bytes instead the hash of the path when replacing the ↵ | Albert Callarisa Roca | 2011-07-08 | 1 | -2/+3 |
| | | | | wildcard of the assets path because in ruby 1.9 is not consistent | ||||
* | Remove stream at the class level. | José Valim | 2011-07-06 | 1 | -1/+1 |
| | | | | | | This is because only template rendering works with streaming. Setting it at the class level was also changing the behavior of JSON and XML responses, closes #1337. | ||||
* | Merge pull request #1925 from spohlenz/refactor-asset-paths | José Valim | 2011-07-02 | 2 | -0/+13 |
|\ | | | | | Refactor sprockets asset paths to allow for alternate asset environments | ||||
| * | Add tests for alternate asset prefix/environment | Sam Pohlenz | 2011-07-01 | 2 | -0/+13 |
| | | |||||
* | | provide a more explicit message when using url_for with nil | Damien Mathieu | 2011-07-02 | 2 | -0/+15 |
| | | | | | | This fixes the problem of having a non-explicit message when the :location option is not provided in respond_with. | ||||
* | | Revert "Add method fields_for_with_index to FormHelper" | José Valim | 2011-07-01 | 1 | -125/+0 |
| | | | | | | | | | | | | | | | | This reverts commit 7c562d5e460d97b18e4f3367b3cfb13401732920. Conflicts: actionpack/lib/action_view/helpers/form_helper.rb | ||||
* | | Merge pull request #1927 from bogdan/select_multiple_index | José Valim | 2011-07-01 | 1 | -0/+7 |
|\ \ | |/ |/| | Fixed ActionView::FormOptionsHelper#select with :multiple => false | ||||
| * | Fixed ActionView::FormOptionsHelper#select with :multiple => false | Bogdan Gusiev | 2011-06-30 | 1 | -0/+7 |
| | | |||||
* | | Make sure respond_with with :js tries to render a template in all cases | José Valim | 2011-06-30 | 2 | -6/+16 |
| | | |||||
* | | Add has_key? and key? methods to CookieJar removed in 0ca69ca65f83b4bb34f8 | José Valim | 2011-06-30 | 1 | -0/+9 |
|/ | |||||
* | No need to register again. As it's default now. | Arun Agrawal | 2011-06-28 | 1 | -3/+3 |
| | | | Removing gif from here because when it got unregister it start failing other places. | ||||
* | Fix test to use Mime::Zip | Arun Agrawal | 2011-06-28 | 1 | -1/+1 |
| | |||||
* | Make send_file guess content-type from file extension, if type wasn't ↵ | Esad Hajdarevic | 2011-06-28 | 1 | -0/+19 |
| | | | | supplied (Issue #1847). Update tests & documentation. | ||||
* | Merge pull request #1870 from chriseppstein/asset_urls_master | Santiago Pastorino | 2011-06-27 | 2 | -14/+87 |
|\ | | | | | Asset urls master | ||||
| * | Added a configuration setting: | Chris Eppstein | 2011-06-27 | 2 | -7/+34 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | config.action_controller.default_asset_host_protocol It's best to leave this unset. When unset the :request protocol is used whenever it can be and :relative is used in the other situations. When set to :request then assets hosts will be disabled when there is no request in scope and will use the request protocol whenever a request is in scope. If set to :relative, then a relative protocol is always used except for stylesheet link tags which must use the :request protocol to avoid double downloads in IE6&7. Conflicts: actionpack/lib/sprockets/helpers/rails_helper.rb actionpack/test/template/sprockets_helper_test.rb | ||||
| * | Stylesheet link tags should use the request protocol to avoid duplicate ↵ | Chris Eppstein | 2011-06-27 | 1 | -8/+8 |
| | | | | | | | | | | | | | | | | | | download of stylesheets in IE7 and IE8. Conflicts: actionpack/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb actionpack/lib/sprockets/helpers/rails_helper.rb | ||||
| * | Add asset_url helper and refactor the asset paths so that asset hosts can be ↵ | Chris Eppstein | 2011-06-27 | 2 | -8/+54 |
| | | | | | | | | | | | | | | | | | | | | used during asset precompilation. Conflicts: actionpack/lib/action_view/asset_paths.rb actionpack/lib/sprockets/helpers/rails_helper.rb actionpack/test/template/sprockets_helper_test.rb | ||||
* | | the generated ALT attribute for images no longer contains the digest, if any | Xavier Noria | 2011-06-27 | 1 | -0/+8 |
|/ | |||||
* | Get the fixture_path from self.class instead of ActiveSupport::TestCase. | David Chelimsky | 2011-06-25 | 1 | -0/+7 |
| | | | | | | This allows test classes that are not subclasses of ActiveSupport::TestCase (like those in rspec-rails) to interact with with this variable without having to reference ActiveSupport::TestCase. | ||||
* | Merge pull request #1796 from jdeseno/master | Santiago Pastorino | 2011-06-22 | 1 | -0/+7 |
|\ | | | | | link_to doesn't allow rel attribute when also specifying method | ||||
| * | Adds a test to check link_to with method & rel options | Josh | 2011-06-21 | 1 | -0/+7 |
| | | |||||
* | | Merge pull request #1798 from jeroenj/cachesweeper-fix | Santiago Pastorino | 2011-06-22 | 1 | -0/+5 |
|\ \ | | | | | | | Fixes an issue where cache sweepers with only after filters would have no controller object | ||||
| * | | Tests only after filters in cache sweepers | Jeroen Jacobs | 2011-06-22 | 1 | -0/+5 |
| |/ | |||||
* | | Merge pull request #1778 from spohlenz/hash-models | José Valim | 2011-06-22 | 2 | -0/+27 |
|\ \ | |/ |/| | Fix nested fields_for when Hash-based model is passed. | ||||
| * | Use real hash model in nested fields_for with hash model test | Sam Pohlenz | 2011-06-22 | 2 | -4/+13 |
| | | |||||
| * | Test for extractable_options? within nested fields_for. | Sam Pohlenz | 2011-06-20 | 1 | -0/+18 |
| | | | | | | | | | | This fixes an error when a record object that is a subclass of Hash is passed to fields_for, which is incorrectly interpreted as field options. | ||||
* | | Do not change a frozen text passed to simple_format text helper | Tadas Tamosauskas | 2011-06-20 | 1 | -2/+9 |
|/ | |||||
* | Use assert_equal instead of assert in uploaded file test. | Lukáš Konarovský | 2011-06-15 | 1 | -1/+1 |
| | |||||
* | Make MissingTranslation exception handler respect :rescue_format | Andrew White | 2011-06-15 | 1 | -0/+8 |
| | |||||
* | all requests are utf-8. Don't use the external encoding. | Damien Mathieu | 2011-06-14 | 1 | -6/+1 |
| | |||||
* | encode the uploaded file's name in the default external encoding - Closes #869 | Damien Mathieu | 2011-06-14 | 1 | -0/+12 |
| | |||||
* | Define ActiveSupport#to_param as to_str - closes #1663 | Andrew White | 2011-06-12 | 1 | -0/+8 |
| | |||||
* | Merge pull request #1552 from bogdan/select | Piotr Sarnacki | 2011-06-11 | 1 | -2/+18 |
|\ | | | | | Fixing select[multiple] html specification problem. | ||||
| * | Fixing select[multiple] html specification problem. | Bogdan Gusiev | 2011-06-08 | 1 | -2/+18 |
| | | | | | | | | Generating hidden input with same name before each multiple select | ||||
* | | Merge pull request #549 from dlee/utf8_enforcer | José Valim | 2011-06-11 | 2 | -4/+4 |
|\ \ | | | | | | | Utf8 enforcer param customization | ||||
| * | | There are no snowmen here | David Lee | 2011-06-11 | 2 | -4/+4 |
| | | | |||||
* | | | remove meaningless assert true | Neeraj Singh | 2011-06-11 | 1 | -1/+0 |
| | | | |||||
* | | | expected message should come first | Neeraj Singh | 2011-06-11 | 1 | -2/+2 |
| | | | |||||
* | | | try not to use assert_blank when nil will would | Neeraj Singh | 2011-06-11 | 1 | -2/+2 |
|/ / | | | | | | | | | | | be considered as failure Test for specific value to the extent possible | ||||
* | | Revert "Make sure that we don't perform in-place mutation on SafeBuffer string" | Santiago Pastorino and José Ignacio Costa | 2011-06-10 | 1 | -5/+0 |
| | | | | | | | | This reverts commit 115e80dccc65c3ed9a9750649d9ca4ea2a7e64f1. | ||||
* | | Merge pull request #1644 from smartinez87/warns | Santiago Pastorino | 2011-06-10 | 1 | -1/+1 |
|\ \ | | | | | | | Remove unused variable causing warning in 1.9.3 | ||||
| * | | Remove unused variable causing warning in 1.9.3 | Sebastian Martinez | 2011-06-10 | 1 | -1/+1 |
| | | | |||||
* | | | Make sure that we don't perform in-place mutation on SafeBuffer string | Prem Sichanugrist | 2011-06-10 | 1 | -0/+5 |
| | | | | | | | | | | | | | | | | | | This will make sure `render :inline` is working. Closes #1633 | ||||
* | | | Ensure number helpers can handle HTML safe strings - closes #1597. | Andrew White | 2011-06-10 | 1 | -0/+7 |
| | | | |||||
* | | | add missing ensure | Neeraj Singh | 2011-06-10 | 1 | -0/+1 |
| | | |