| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
* 3-2-stable-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| |
| |
| |
| |
| |
| | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should lookup if asset without appended extension exists.
When sprockets are disabled the asset tag helpers incorporate
this logic. When sprockets are enabled we should have the same
logic.
For example, we have style.ext file in app/assets/stylesheets and
we use stylesheet_link_tag in the layout. In this case we should
have /assets/style.ext instead of /assets/style.ext.css in the
output.
Closes #6310
|
|\
| |
| | |
TagHelper creates invalid data attributes when value is a BigDecimal
|
| | |
|
|\ \
| |/
|/| |
Template concurrency fixes
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
`excerpt` text helper uses `:radius`, not `line_width` (that is used by
`word_wrap` helper).
Also cleanup some whitespaces.
|
| |
| |
| |
| | |
Render img tag with empty src if empty string is passed to image_tag.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
`button_to` and `submit_tag` helpers.
|
| | |
|
| |
| |
| |
| | |
Support data: url scheme
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.
Specifically the following issues have been addressed:
* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
|
|\ \
| | |
| | | |
Make sure that javascript_include_tag/stylesheet_link_tag methods don't consider duplicated assets
|
| | |
| | |
| | |
| | | |
sprockets/helpers/rails_helper.rb discard duplicated assets
|
| | |
| | |
| | |
| | | |
fallback
|
| | |
| | |
| | |
| | | |
when using the :head method/shortcut
|
|/ /
| |
| |
| | |
The role option identifies which parameters are accessible and should be wrapped. The default role is :default.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.
To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.
Fixes #2510.
(cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
|
| | |
|
| |
| |
| |
| | |
dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.
Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:
Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/
Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493
WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183
Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d
Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373
HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428
Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html
Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/
Fixes #4144
(cherry picked from commit 24f143789a8989f3bccde14ff28067de25cafd87)
|
| |
| |
| |
| |
| | |
Closes #5886
Closes #3093
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
* The method for persisted records in 3-2-branch is 'PUT'
* size is generated by default in inputs
|
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit 7a80b69e00f68e673c6ceb5cc684aa9196ed3d9f)
Conflicts:
actionpack/test/controller/test_test.rb
|
| |
| |
| |
| | |
closes #3341
|
| | |
|
| | |
|
| |
| |
| |
| | |
Seriously people, please run the test before submitting pull request.
|
|\ \
| | |
| | | |
Catch nil.to_sym errors in partial_renderer, and raise ArgumentError instead
|
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionpack/test/template/render_test.rb
|
| | | |
|