aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Kill rake bundleJeremy Kemper2009-10-151-10/+0
|
* AP tests depend on ARJeremy Kemper2009-10-151-0/+1
|
* Make the erubis implementation easier for plugins to change.Michael Koziarski2009-10-151-1/+4
|
* Add a read-only method which plugin authors can use to determine if xss ↵Michael Koziarski2009-10-151-0/+5
| | | | | | | escaping. This doesn't provide a way to turn off the escaping, but alternative template engine authors can figure out what their default should be by calling this. Avoids a messy version + plugin check.
* Don't push siblings on load path if using bundled envJeremy Kemper2009-10-141-5/+8
|
* Merge branch 'arel'Jeremy Kemper2009-10-141-6/+10
|\
| * Clarify AR dependencyJeremy Kemper2009-10-141-6/+10
| |
* | Punt on ConcurrentHash [#3322 state:resolved]Joshua Peek2009-10-141-5/+5
| |
* | Rename Orchestra to Notifications [#3321 state:resolved]Joshua Peek2009-10-145-10/+10
|/
* Make IntegrationTest::Runner propagate method_missing to ancestors.George Ogata2009-10-152-2/+24
| | | | | | | Fixes RSpec integration example groups, which mixes its Matchers module into ActiveSupport::TestCase. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Test cases should see all the cookies, not just cookies that have been set ↵Craig Smith2009-10-152-1/+18
| | | | | | | | | | | | | in the controller. Previously this example would always pass, even when cookies.delete was not called. @request.cookies['foo'] = 'bar' get :delete_cookie assert_nil cookies['foo'] Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2768 state:committed]
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-152-1/+6
|
* Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the ↵Michael Koziarski2009-10-152-2/+2
| | | | latter isn't
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-152-4/+14
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-145-13/+33
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* CookieJar#delete should return the key's value, consistent with a HashJeffrey Hardy2009-10-143-3/+11
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Callbacks, DeprecatedCallbacks = NewCallbacks, CallbacksJoshua Peek2009-10-122-6/+4
|
* Use "run_callbacks :foo" since it is the public api for callbacks [#3329Joshua Peek2009-10-122-4/+4
| | | | state:resolved]
* Bundle with system gem sources rather than gems.rubyforge.org defaultJeremy Kemper2009-10-111-0/+2
|
* Kill mock routing assertion that tests router implementationJoshua Peek2009-10-101-13/+0
|
* Fix failing safe buffer test. We don't patch CGI.escapeHTML, only ERB:Util.Joshua Peek2009-10-101-1/+1
|
* Move safe buffer into test/templateJoshua Peek2009-10-101-0/+0
|
* Relative url generations are covered more thoroughly by url rewriter testsJoshua Peek2009-10-101-12/+0
|
* Add define another "stuff" controller to support routing testsJoshua Peek2009-10-101-0/+1
|
* Drop implementation specific routing test assertionsJoshua Peek2009-10-101-3/+0
|
* Add define a "stuff" controller in fixtures to support routing testsJoshua Peek2009-10-101-0/+1
|
* Fix a bug where render :text could not handle yield :symbol. Fixes guides ↵Yehuda Katz2009-10-101-9/+13
| | | | generation
* Fix issue with standalone ActionViewYehuda Katz2009-10-091-1/+4
|
* Avoid super in define_method for RubiniusYehuda Katz2009-10-091-1/+6
|
* Get rid of constant name usage for stack trace help in favor of overriding ↵Yehuda Katz2009-10-091-9/+9
| | | | #inspect and .name.
* Finish porting over the initializers to the app object and fix all the testsCarl Lerche2009-10-082-3/+6
|
* API change: content_tag_for outputs prefixed class nameJoshua Peek2009-10-082-4/+4
|
* Fix warning spew for 1.9Carl Lerche2009-10-081-1/+5
|
* error procs have to be safe tooMichael Koziarski2009-10-081-1/+1
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-0833-41/+237
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Not calling a private method anymoreYehuda Katz2009-10-071-2/+5
|
* Fix warning spewYehuda Katz2009-10-061-1/+3
|
* Coerce all out going body parts to StringsJoshua Peek2009-10-054-0/+71
|
* Revert "Revert "Fix Dispatch.new so passenger works" as it broke the build"Joshua Peek2009-10-051-1/+1
| | | | This reverts commit 49b52cadc2e66c11a025e7719837ae77b3736046.
* Revert "Fix Dispatch.new so passenger works" as it broke the buildMichael Koziarski2009-10-051-1/+1
| | | | This reverts commit c97c31b096e627480b64403d1460065738941c3e.
* Fix Dispatch.new so passenger worksJoshua Peek2009-10-041-1/+1
|
* Only draw default route onceJoshua Peek2009-10-031-22/+37
|
* Use with_routing helper in tests instead of modifying global route setJoshua Peek2009-10-034-101/+125
|
* Redraw default routes on all internal integration tests. We don't need ↵Joshua Peek2009-10-0315-41/+34
| | | | SimpleRouteCase anymore
* Avoid creating new controller constants during test runtime. All routable ↵Joshua Peek2009-10-032-68/+21
| | | | controllers should be defined beforehand.
* Moved shared form helper models into fake_modelsJoshua Peek2009-10-033-99/+98
|
* NumberHelper depends on big decimal extensionsJoshua Peek2009-10-031-0/+1
|
* Changing directories during the test breaks file loading when ran by itselfJoshua Peek2009-10-032-32/+22
|
* Don't load rubygems for isolated testsJoshua Peek2009-10-031-2/+3
|
* Move improved isolated test runner to APJoshua Peek2009-10-032-6/+21
|