aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* The tag helper may bypass escaping.Jeremy Kemper2007-09-243-17/+32
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Cache asset ids.Jeremy Kemper2007-09-242-3/+14
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7607 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* escape_once uses negative lookahead to avoid double-escaping instead of a ↵Jeremy Kemper2007-09-241-6/+1
| | | | | | second gsub git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Optimized named routes respect AbstractRequest.relative_url_root. Closes #9612.Jeremy Kemper2007-09-233-4/+13
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7605 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Dont need all of test/unit (closes #6673) [zenspider/josh]David Heinemeier Hansson2007-09-231-1/+0
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7602 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Remove , and ; (comma and semicolon) from routing separators again. ↵Jeremy Kemper2007-09-232-3/+3
| | | | | | References #8558. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7599 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed cache_page to use the request url instead of the routing options when ↵David Heinemeier Hansson2007-09-232-8/+20
| | | | | | picking a save path (closes #8614) [josh] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Introduce ActionController::Base.rescue_from to declare exception-handling ↵Jeremy Kemper2007-09-233-12/+91
| | | | | | methods. Cleaner style than the case-heavy rescue_action_in_public. Closes #9449. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7597 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Rename some RequestForgeryProtection methods. The class method is now ↵Rick Olson2007-09-238-44/+50
| | | | | | #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* move TextHelper#sanitize config options to the TextHelper module so it can ↵Rick Olson2007-09-232-130/+146
| | | | | | be included and used with any class, not just ActionView::Base git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7595 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model ↵Rick Olson2007-09-2316-22/+368
| | | | | | that verifies session-specific _tokens for non-GET requests. [Rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. ↵Rick Olson2007-09-234-53/+423
| | | | | | Closes #8877. [Rick, lifofifo, Jacques Distler] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Test fix (closes #6911)David Heinemeier Hansson2007-09-221-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7587 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve tests (closes #7240) [josh]David Heinemeier Hansson2007-09-221-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7581 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Roll back #7578, tests failedDavid Heinemeier Hansson2007-09-222-12/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7580 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Improve the error message for assert_redirected_to (closes #7337) [sandofsky]David Heinemeier Hansson2007-09-222-3/+12
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7578 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Disable the routing optimisation code when dealing with foo_url helpers. ↵Michael Koziarski2007-09-222-9/+11
| | | | | | Add test to actionmailer to expose the problem they introduced. References #9450 [Koz] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7572 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Remove use of & logic operator. Closes #8114.Nicholas Seckar2007-09-222-1/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7571 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed JavaScriptHelper#escape_javascript to also escape closing tags (closes ↵David Heinemeier Hansson2007-09-223-1/+4
| | | | | | #8023) [rubyruy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed TextHelper#word_wrap for multiline strings with extra carrier returns ↵David Heinemeier Hansson2007-09-223-1/+9
| | | | | | (closes #8663) [seth] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7562 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Allow frameworks to be required by their gem name (closes #8845) [drnic]David Heinemeier Hansson2007-09-221-0/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7560 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Doc fix (closes #9123) [tzaharia]David Heinemeier Hansson2007-09-221-1/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7559 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Use rel="stylesheet" in lowercase as prescribed by XHTML standards (closes ↵David Heinemeier Hansson2007-09-222-36/+36
| | | | | | #8910) [RSL] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7558 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Doc fix (closes #9414) [Henrik N]David Heinemeier Hansson2007-09-221-3/+3
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7548 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that setting the :host option in url_for would automatically turn off ↵David Heinemeier Hansson2007-09-223-3/+24
| | | | | | :only_path (since :host would otherwise not be shown) (closes #9586) [Bounga] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7542 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added FormHelper#label (closes #8641) [jcoglan]David Heinemeier Hansson2007-09-223-1/+49
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7541 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Test CGI::Cookie#to_s. Closes #9624 [tarmo]Jeremy Kemper2007-09-221-0/+27
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7535 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix bufferDavid Heinemeier Hansson2007-09-221-0/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7534 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fix tests for atom feedDavid Heinemeier Hansson2007-09-211-21/+21
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7533 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) [DHH]David Heinemeier Hansson2007-09-213-0/+214
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7529 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* [html-scanner] Fix parsing of empty tags. Closes #7641. [anthony.bailey]Michael Koziarski2007-09-212-0/+23
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7528 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Forgotten changelog entryMichael Koziarski2007-09-211-0/+2
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7527 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Prevent clashing named routes when using uncountable resources. Closes #9598Michael Koziarski2007-09-211-2/+12
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7526 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an ↵David Heinemeier Hansson2007-09-214-37/+37
| | | | | | improvement for XSS attacks (closes #8895) [lifo/Spakman] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7525 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Submit missing fixture filesDavid Heinemeier Hansson2007-09-212-0/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7524 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Don't warn when a path segment precedes a required segment. Closes #9615.Nicholas Seckar2007-09-212-1/+7
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed CaptureHelper#content_for to work with the optional content parameter ↵David Heinemeier Hansson2007-09-213-4/+30
| | | | | | instead of just the block #9434 [sandofsky/wildchild] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7522 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added that render :json will automatically call .to_json unless its being ↵David Heinemeier Hansson2007-09-203-2/+34
| | | | | | passed a string [DHH] Added Mime::Type.register_alias for dealing with different formats using the same mime type [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7520 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Autolink behaves well with emails embedded in URLs. Closes #7313.Jeremy Kemper2007-09-203-5/+20
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7516 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Revert [7397]. Reopens #7313.Jeremy Kemper2007-09-202-15/+5
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7515 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed that default layouts did not take the format into account #9564 [lifofifo]David Heinemeier Hansson2007-09-184-3/+35
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7514 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* ERB::Util#html_escape creates fewer objectsJeremy Kemper2007-09-181-0/+10
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7513 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* tag_options creates fewer objectsJeremy Kemper2007-09-182-15/+18
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added security notice to Request#remote_ip underlining the fact that its ↵David Heinemeier Hansson2007-09-171-0/+8
| | | | | | value can be spoofed (and that you should use Request#remote_addr if thats a concern for your application) [Adrian Holovaty] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7502 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Disable optimisation code for UrlWriter as request.host doesn't make sense ↵Michael Koziarski2007-09-175-12/+47
| | | | | | | | | there. Don't try to use the .to_query method when the route has no dynamic segments. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7501 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Speed up and simplify query caching.Jeremy Kemper2007-09-171-6/+6
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7498 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Avoid RDoc warningDavid Heinemeier Hansson2007-09-151-1/+1
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7495 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Fixed optimized route segment escaping. Closes #9562.Jeremy Kemper2007-09-154-30/+38
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7487 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* Added block-acceptance to JavaScriptHelper#javascript_tag (closes #7527) ↵David Heinemeier Hansson2007-09-152-4/+40
| | | | | | [BobSilva/tarmo/rmm5t] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
* root_path returns '/' not ''. Closes #9563.Jeremy Kemper2007-09-153-7/+17
| | | | git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7482 5ecf4fe2-1ee6-0310-87b1-e25e094e27de