aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
* AC::Parameters#permit! permits hashes in array valuesXavier Noria2013-12-231-3/+11
|
* Move the null mime type to request.formatCarlos Antonio da Silva2013-12-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
* optimizes array conversion in AC::ParametersXavier Noria2013-12-211-0/+5
|
* converts hashes in arrays of unfiltered params to unpermitted params [fixes ↵Xavier Noria2013-12-211-0/+7
| | | | #13382]
* Merge pull request #13188 from imanel/skip_deep_mungeJeremy Kemper2013-12-191-0/+15
|\ | | | | | | | | | | | | Add configuration option to optionally disable deep_munge Conflicts: actionpack/CHANGELOG.md
| * Add configuration option to optionally disable deep_mungeBernard Potocki2013-12-051-0/+15
| |
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-12-201-1/+1
|\ \
| * | Typos. return -> returns. [ci skip]Lauro Caetano2013-12-031-1/+1
| | |
* | | Fix assertions for testing unknown formats using Mime::NullTypeCarlos Antonio da Silva2013-12-191-5/+5
| | |
* | | Show routes defined under assets prefixRyunosuke SATO2013-12-191-0/+12
| | | | | | | | | | | | Closes #9625
* | | Prefer assert_raise instead of flunk + rescue to test for exceptionsCarlos Antonio da Silva2013-12-192-20/+9
| | | | | | | | | | | | | | | | | | Change most tests to make use of assert_raise returning the raised exception rather than relying on a combination of flunk + rescue to check for exception types/messages.
* | | Change all `MiniTest` to `Minitest` since, `MiniTest` namespace has been ↵Vipul A M2013-12-181-5/+5
| | | | | | | | | | | | | | | | | | renamed to `Minitest` Ref: https://github.com/seattlerb/minitest/blob/master/History.txt
* | | Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-171-0/+10
| | |
* | | Merge pull request #13345 from jeremy/get-csrfJeremy Kemper2013-12-173-12/+72
|\ \ \ | | | | | | | | CSRF protection from cross-origin <script> tags
| * | | CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-173-12/+72
| | | | | | | | | | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* | | | Disable available locales checks to avoid warnings running the testsCarlos Antonio da Silva2013-12-171-0/+3
|/ / /
* | | Spelling and Grammar check [ci skip]Akshay Vishnoi2013-12-161-1/+1
| | |
* | | Make ActionDispatch::Request::Session#fetch behave like Hash#fetchTrent Ogren2013-12-111-3/+2
| | | | | | | | | | | | | | | | | | Session#fetch was mutating the session when given a default argument and/or a block. Since Session duck-types as a Hash, it should behave like one in these cases.
* | | Fix mounting engines inside a resources blockPiotr Sarnacki2013-12-101-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a route is mounted inside a resources block, it's automatically prefixed, so a following code: resources :users do mount Blog::Engine => '/blog' end will generate a user_blog path helper. In order to access engine helpers, we also use "mounted_helpers", a list of helpers associated with each mounted engine, so a path to blog's post can be generated using user_blog.post_path(user, post). The problem I'm fixing here is that mount used a raw :as option, without taking nestings into account. As a result, blog was added to a route set as a `user_blog`, but helper was generated for just `blog`. This commit applies the proper logic for defining a helper for a mounted engine nested in resources or resource block. (closes #8533)
* | | Inline variants syntaxŁukasz Strzałkowski2013-12-102-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those situations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | | Revert "Merge pull request #13235 from strzalek/variants-inline" -- needs a ↵David Heinemeier Hansson2013-12-081-13/+1
| | | | | | | | | | | | | | | | | | | | | little more work! This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
* | | Inline variants syntaxŁukasz Strzałkowski2013-12-081-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In most cases, when setting variant specific code, you're not sharing any code within format. Inline syntax can vastly simplify defining variants in those sitiations: respond_to do |format| format.js { render "trash" } format.html do |variant| variant.phone { redirect_to progress_path } variant.none { render "trash" } end end ` Becomes: respond_to do |format| format.js { render "trash" } format.html.phone { redirect_to progress_path } format.html.none { render "trash" } end
* | | Variants can be declared without a block to signify their presence in the ↵David Heinemeier Hansson2013-12-072-1/+2
| | | | | | | | | | | | controller
* | | Allow code execution in case no variant has been set with variant.noneDavid Heinemeier Hansson2013-12-071-0/+16
| | |
* | | Fixed test for Mime::VCFArun Agrawal2013-12-061-3/+3
| | | | | | | | | | | | Added here 13dd38cee79be39f7b399e142fd78295dddd2abb
* | | Remove missing integration points of AV extractionCarlos Antonio da Silva2013-12-052-3/+1
| |/ |/|
* | Action Pack VariantsŁukasz Strzałkowski2013-12-044-1/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, variants in the templates will be picked up if a variant is set and there's a match. The format will be: app/views/projects/show.html.erb app/views/projects/show.html+tablet.erb app/views/projects/show.html+phone.erb If request.variant = :tablet is set, we'll automatically be rendering the html+tablet template. In the controller, we can also tailer to the variants with this syntax: class ProjectsController < ActionController::Base def show respond_to do |format| format.html do |html| @stars = @project.stars html.tablet { @notifications = @project.notifications } html.phone { @chat_heads = @project.chat_heads } end format.js format.atom end end end The variant itself is nil by default, but can be set in before filters, like so: class ApplicationController < ActionController::Base before_action do if request.user_agent =~ /iPad/ request.variant = :tablet end end end This is modeled loosely on custom mime types, but it's specifically not intended to be used together. If you're going to make a custom mime type, you don't need a variant. Variants are for variations on a single mime types.
* | Merge branch 'master-sec'Aaron Patterson2013-12-031-0/+15
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | * master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
| * | Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-021-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
* | | Merge branch 'format_localized_template' of https://github.com/acapilleri/railsGuillermo Iguaran2013-12-032-0/+12
|\ \ \ | |/ / |/| | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * | Fix header Content-Type: #<Mime::NullType:...> in localized templateAngelo capilleri2013-12-032-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | This PR fixes #13064 regression bug introduced by the #8085 Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type. In this way the method Response#assign_default_content_type_and_charset can write the the default mime_type.
* | | Merge pull request #12123 from aredondo/masterCarlos Antonio da Silva2013-12-021-0/+8
|\ \ \ | | | | | | | | | | | | | | | | Add regression test for IpSpoofAttackError issue Closes #10780
| * | | Add regression test for IpSpoofAttackError issueAlvaro Redondo2013-09-031-0/+8
| | | | | | | | | | | | | | | | See #10780
* | | | Try to escape each part of a path redirect route correctlyAndrew White2013-12-021-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A path redirect may contain any and all parts of a url which have different escaping rules for each part. This commit tries to escape each part correctly by splitting the string into three chunks - path (which may also include a host), query and fragment; then it applies the correct escape pattern to each part. Whilst using `URI.parse` would be better, unfortunately the possible presence of %{name} parameters in the path redirect string prevents us from using it so we have to use a regular expression instead. Fixes #13110.
* | | | Typo fixes [ci skip]Akshay Vishnoi2013-11-301-2/+2
| | | |
* | | | fixed-case when invalid action name has passedKuldeep Aggarwal2013-11-281-0/+3
| | | |
* | | | fixed typo `destory` => `destroy` [ci skip]Kuldeep Aggarwal2013-11-281-1/+1
| |/ / |/| |
* | | Better error message for typos in assert_response argument.Victor Costan2013-11-251-0/+8
| | | | | | | | | | | | | | | This commit makes it really easy to debug errors due to typos like "assert_response :succezz".
* | | Raise RuntimeErrors with inspectable and MRI-independent messages.Federico Ravasio2013-11-242-4/+4
| |/ |/| | | | | | | | | Previous behaviour was MRI-dependent, now we're making sure the message is correctly shown: something that can be relyied upon across every Ruby implementation.
* | Build fix for Routing InspectorArun Agrawal2013-11-221-2/+2
| | | | | | | | | | | | Broken by 6701b4cf41f6f3d9cfc6a93715acbf852d1e468e
* | Fix for routes taskSıtkı Bağdat2013-11-211-16/+16
| | | | | | | | This commit fixes formatting issue for `rake routes` task, when a section is shorter than a header.
* | `skiping` => `skipping`Kuldeep Aggarwal2013-11-191-1/+1
| |
* | Take Hash with options inside Array in #url_forAndrey Ognevsky2013-11-151-0/+18
| |
* | Skip test which is broken on jrubyGaurish Sharma2013-11-091-0/+4
| | | | | | | | | | | | This test is broken from quite a while & is expected to remain broken as encoding issues are hardest to fix in JRuby. so lets skip this test for now
* | Eliminate `JSON.{parse,load,generate,dump}` and `def to_json`Godfrey Chan2013-11-055-21/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | JSON.{dump,generate} offered by the JSON gem is not compatiable with Rails at the moment and can cause a lot of subtle bugs when passed certain data structures. This changed all direct usage of the JSON gem in internal Rails code to always go through AS::JSON.{decode,encode}. We also shouldn't be implementing `to_json` most of the time, and these occurances are replaced with an equivilent `as_json` implementation to avoid problems down the road. See [1] for all the juicy details. [1]: intridea/multi_json#138 (comment)
* | Revert "Merge pull request #9660 from ↵Guillermo Iguaran2013-11-023-32/+1
| | | | | | | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour" This reverts commit c2b5a8e61ba0f35015e6ac949a5c8fce2042a1f2, reversing changes made to 1918b12c0429caec2a6134ac5e5b42ade103fe90. See: https://github.com/rails/rails/pull/9660#issuecomment-27627493
* | Merge pull request #9660 from ↵Guillermo Iguaran2013-11-013-1/+32
|\ \ | | | | | | | | | | | | sebasoga/change_strong_parameters_require_behaviour Change ActionController::Parameters#require behavior when value is empty
| * | Change ActionController::Parameters#require behavior when value is emptySebastian Sogamoso2013-03-113-1/+32
| | | | | | | | | | | | | | | When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading. With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
* | | session#fetch doesn't behave exactly like Hash#fetch.Damien Mathieu2013-10-301-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | Mention it in the changelog and add a test checking for regressions. Hash#fetch isn't adding the defaultly returned value. However, in the session, saving it is the behavior we should expect. See discussion in #12692
* | | add the fetch method to sessionsDamien Mathieu2013-10-291-0/+13
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 10:09:10 +0000