Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Do not mark strip_tags result as html_safe | Santiago Pastorino | 2012-08-09 | 1 | -2/+2 | |
| | | | | | | Thanks to Marek Labos & Nethemba CVE-2012-3465 | |||||
* | push drawing once to it's own module | Aaron Patterson | 2012-08-09 | 1 | -32/+20 | |
| | ||||||
* | refactor the before_setup hooks to a module | Aaron Patterson | 2012-08-09 | 1 | -13/+12 | |
| | ||||||
* | switch callbacks to minitest hooks | Aaron Patterson | 2012-08-09 | 1 | -3/+6 | |
| | ||||||
* | some tests | Egor Homakov | 2012-08-09 | 1 | -0/+27 | |
| | ||||||
* | Allow data attributes to be set as a first-level option for form_for, so you ↵ | David Heinemeier Hansson | 2012-08-08 | 1 | -0/+6 | |
| | | | | can write `form_for @record, data: { behavior: 'autosave' }` instead of `form_for @record, html: { data: { behavior: 'autosave' } }` *DHH* | |||||
* | Deprecate `button_to_function` and `link_to_function` helpers. | Rafael Mendonça França | 2012-08-07 | 1 | -0/+42 | |
| | | | | | | | | | | | | | | | | | | | | | | We recommend the use of Unobtrusive JavaScript instead. For example: link_to "Greeting", "#", :class => "nav_link" $(function() { $('.nav_link').click(function() { // Some complex code return false; }); }); or link_to "Greeting", '#', onclick: "alert('Hello world!'); return false", class: "nav_link" for simple cases. This reverts commit 3acdd652e9fe99481c879c84c5807a84eb9ad724. | |||||
* | Revert "Merge pull request #7033 from kron4eg/master". Not a a fan at all of ↵ | David Heinemeier Hansson | 2012-08-07 | 1 | -54/+0 | |
| | | | | | | | what this makes ERB files look like. This reverts commit 46b8bceedd3e47169c50a04c93161424909c75fb, reversing changes made to 2f58795e783150f2e1b1f6c64e305703f0061129. | |||||
* | Restoring the '%' trim mode for ERb templates, allowing for a leading ↵ | Artiom Di | 2012-08-07 | 1 | -0/+54 | |
| | | | | percent sign on a line to indicate non-inserted Ruby code. | |||||
* | Do not include application.js if it doesn't exists | Prem Sichanugrist | 2012-08-06 | 1 | -0/+9 | |
| | | | | | | Rails were including 'application.js' to the pack when using `javascript_include_tag :all` even there's no application.js in the public directory. | |||||
* | Don't use `html_escape` to test the escaping | Rafael Mendonça França | 2012-08-05 | 4 | -4/+4 | |
| | ||||||
* | removes usage of Object#in? from the code base (the method remains defined ↵ | Xavier Noria | 2012-08-06 | 7 | -12/+13 | |
| | | | | | | | | | | | | | | | | | | | by Active Support) Selecting which key extensions to include in active_support/rails made apparent the systematic usage of Object#in? in the code base. After some discussion in https://github.com/rails/rails/commit/5ea6b0df9a36d033f21b52049426257a4637028d we decided to remove it and use plain Ruby, which seems enough for this particular idiom. In this commit the refactor has been made case by case. Sometimes include? is the natural alternative, others a simple || is the way you actually spell the condition in your head, others a case statement seems more appropriate. I have chosen the one I liked the most in each case. | |||||
* | Revert "polymorphic_url with an array generates a query string" | Andrew White | 2012-08-04 | 1 | -14/+0 | |
| | | | | | Passing options as the last value in an array doesn't work with form_for. This reverts commit 61c8a4d926343903593a27080216af7e4ed81268. | |||||
* | Revert "Refactor passing url options via array for polymorphic_url" | Andrew White | 2012-08-04 | 1 | -7/+0 | |
| | | | | | Passing options as the last value in an array doesn't work with form_for. This reverts commit 6be564c7a087773cb0b51c54396cc190e4f5c983. | |||||
* | Renamed _path_segments to _recall | Bogdan Gusiev | 2012-08-04 | 1 | -1/+1 | |
| | ||||||
* | Refactor passing url options via array for polymorphic_url | Andrew White | 2012-08-04 | 1 | -0/+7 | |
| | | | | | | | | Rather than keep the url options in record_or_hash_or_array, extract it and reverse merge with options as it may contain important private keys like `:routing_type`. Closes #7259 | |||||
* | polymorphic_url with an array generates a query string | Romain Tribes | 2012-08-04 | 1 | -0/+14 | |
| | | | | | Generating an URL with an array of records is now able to build a query string if the last item of the array is a hash. | |||||
* | Add test select_tag escapes prompt | Santiago Pastorino | 2012-08-03 | 1 | -0/+6 | |
| | ||||||
* | make sure the body finishes rendering before checking response closure | Aaron Patterson | 2012-08-03 | 1 | -1/+2 | |
| | ||||||
* | Collapsed dual checks (one for content headers and one for content) into a ↵ | Armand du Plessis | 2012-08-02 | 2 | -4/+34 | |
| | | | | | | | | | | | | single check. Rails includes a single character body to a head(:no_content) response to work around an old Safari bug where headers were ignored if no body sent. This patch brings the behavior slightly closer to spec if :no_content/204 is explicity requested via a head only response. Status comparison done on symbolic and numeric values Not returning any content when responding with head and limited to a status code that explicitly states no content will be returned - 100..199, 204, 205, 304. | |||||
* | Merge pull request #7240 from steveklabnik/fix_2301 | Rafael Mendonça França | 2012-08-02 | 1 | -3/+4 | |
|\ | | | | | Fix for digest authentication bug - issue #2301 in rails/rails | |||||
| * | Fix for digest authentication bug - issue #2301 in rails/rails | Arthur Smith | 2012-08-02 | 1 | -3/+4 | |
| | | ||||||
* | | load active_support/core_ext/object/inclusion in active_support/rails | Xavier Noria | 2012-08-02 | 7 | -7/+0 | |
| | | ||||||
* | | Improve error handling when using partial name with hyphen. Fix #7079 | kennyj | 2012-08-03 | 1 | -0/+7 | |
|/ | ||||||
* | html_escape should escape single quotes | Santiago Pastorino | 2012-07-31 | 8 | -25/+25 | |
| | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 | |||||
* | close the response when the response body is set so that normal render calls ↵ | Aaron Patterson | 2012-07-29 | 1 | -0/+9 | |
| | | | | will work | |||||
* | header hash is duped before being sent up the rack stack | Aaron Patterson | 2012-07-29 | 1 | -0/+13 | |
| | ||||||
* | freeze the header object | Aaron Patterson | 2012-07-29 | 1 | -0/+2 | |
| | ||||||
* | make sure set_response! sets the correct response object | Aaron Patterson | 2012-07-29 | 1 | -0/+6 | |
| | ||||||
* | Controller actions are processed in a separate thread for live | Aaron Patterson | 2012-07-29 | 1 | -3/+69 | |
| | | | | | | | | | | responses. Processing controller actions in a separate thread allows us to work around the rack api - we can allow the user to set status and headers, then block until the first bytes are written. As soon as the first bytes are written, the main thread can return the status, headers, and (essentially) a queue for the body. | |||||
* | raise exceptions on header set after response committed | Aaron Patterson | 2012-07-29 | 1 | -0/+19 | |
| | ||||||
* | make sure appropriate headers are set and deleted | Aaron Patterson | 2012-07-29 | 1 | -0/+11 | |
| | ||||||
* | added live responses which can be written and read in separate threads | Aaron Patterson | 2012-07-29 | 2 | -0/+60 | |
| | ||||||
* | flushing output should write to the stream rather than mutating the response ↵ | Aaron Patterson | 2012-07-29 | 1 | -3/+3 | |
| | | | | object | |||||
* | remove dead test | Aaron Patterson | 2012-07-29 | 1 | -4/+0 | |
| | ||||||
* | adding a buffered stream to the response object | Aaron Patterson | 2012-07-29 | 2 | -0/+50 | |
| | ||||||
* | Remove warning renaming the test classes to use the test convention | Rafael Mendonça França | 2012-07-29 | 2 | -2/+2 | |
| | ||||||
* | Remove deprecation warning, since scoped waas deprecated | Rafael Mendonça França | 2012-07-29 | 1 | -1/+1 | |
| | ||||||
* | this test is not a controller test, so switch to AS::TC | Aaron Patterson | 2012-07-28 | 1 | -1/+1 | |
| | ||||||
* | fix failure test 'test_can_wait_until_commit(ResponseTest)' in actionpack | Vladimir Strakhov | 2012-07-28 | 1 | -2/+2 | |
| | ||||||
* | threads can wait on responses to be committed | Aaron Patterson | 2012-07-27 | 1 | -0/+9 | |
| | ||||||
* | Replace the flush parameter with a Hash. | Lucas Mazza | 2012-07-24 | 1 | -9/+9 | |
| | ||||||
* | Remove ActionDispatch::Head middleware in favor of Rack::Head | Santiago Pastorino | 2012-07-23 | 2 | -9/+1 | |
| | | | | Closes #7110 there's more work to do on rack-cache issue 69 | |||||
* | Add one more test case to make sure that data attributes are being | Rafael Mendonça França | 2012-07-22 | 1 | -0/+7 | |
| | | | | escaped | |||||
* | Merge pull request #7123 from nashby/data-in-options | Rafael Mendonça França | 2012-07-22 | 1 | -7/+14 | |
|\ | | | | | don't escape options in option_html_attributes method | |||||
| * | don't escape options in option_html_attributes method | Vasiliy Ermolovich | 2012-07-22 | 1 | -7/+14 | |
| | | | | | | | | | | | | | | | | we don't need to escape values in this method as we pass these html attributes to `tag_options` method that handle escaping as well. it fixes the case when we want to pass html5 data options | |||||
* | | Remove deprecation warnings | Carlos Galdino + Rafael Mendonça França | 2012-07-21 | 2 | -2/+2 | |
| | | ||||||
* | | Add back `:disable_with` and change deprecation horizon to 4.1 | Carlos Galdino + Rafael Mendonça França | 2012-07-21 | 2 | -2/+34 | |
| | | ||||||
* | | Add back `:confirm` and change deprecation horizon to 4.1 | Carlos Galdino + Rafael Mendonça França | 2012-07-21 | 2 | -0/+86 | |
|/ | ||||||
* | Merge pull request #7099 from f1sherman/sweeper-clean-up-if-exception-raised | Rafael Mendonça França | 2012-07-20 | 1 | -0/+11 | |
|\ | | | | | Clean up Sweeper controller accessor when an Error is raised |