aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
| * | fixed http token authentication formattingJakub Kuźma2012-06-121-8/+13
| | |
| * | on CSRF whitelisting the argument for :if must be a symbolDaniel Lopes2012-06-071-1/+1
| | |
| * | fix typos on the CSRF whitelisting docDaniel Lopes2012-06-071-3/+3
| | |
| * | Document the CSRF whitelisting on get requestsDaniel Lopes2012-06-071-5/+16
| | |
* | | AV::TestCase does not need to be loaded when eagerly loading theAaron Patterson2012-06-141-1/+2
| | | | | | | | | | | | framework
* | | i suck, fixing error messageAaron Patterson2012-06-141-1/+1
| | |
* | | Wrap up missing helper exceptionsAaron Patterson2012-06-141-2/+10
| | | | | | | | | | | | | | | | | | | | | The `path` method on missing helper errors is inconsistent with the implementation on LoadError in Ruby 2.0. Wrap up the missing helper exceptions so that the inconsistent behavior is mirrored in Ruby 2.0 (until we can figure out *why* it's inconsistent).
* | | using hax to fix tests on Ruby 2.0Aaron Patterson2012-06-131-1/+6
| | |
* | | Fix buildSantiago Pastorino2012-06-131-2/+2
| | |
* | | Merge pull request #6721 from homakov/patch-2Santiago Pastorino2012-06-131-3/+0
|\ \ \ | | | | | | | | These lines don't help to mitigate CVE. They only turn [nil] into nil, w...
| * | | These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o ↵Egor Homakov2012-06-131-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job.
* | | | ActionController::Caching depends on RackDelegation and ↵Santiago Pastorino2012-06-132-0/+35
|/ / / | | | | | | | | | AbstractController::Callbacks
* | | Merge branch 'master-sec'Aaron Patterson2012-06-122-2/+8
|\ \ \ | | | | | | | | | | | | | | | | * master-sec: Array parameters should not contain nil values.
| * | | Array parameters should not contain nil values.Aaron Patterson2012-06-122-2/+8
| | | |
* | | | content_type is already a Mime::Type objectSantiago Pastorino2012-06-121-1/+1
| | | |
* | | | This consider_all_requests_local doesn't make senseSantiago Pastorino2012-06-122-21/+2
|/ / / | | | | | | | | | | | | This middleware is only for Public Exceptions. This follows bd8c0b8a
* | | Return proper format on exceptionsSantiago Pastorino2012-06-113-14/+81
| | |
* | | both string and sumbol will be interpolated as string no need to convert to_sganesh2012-06-112-8/+8
| | |
* | | Symbol responds_to :upcase & :downcase in Ruby >= 1.9Akira Matsuda2012-06-062-4/+4
| | |
* | | stop `to_s`ing method namesAkira Matsuda2012-06-061-16/+16
| | | | | | | | | | | | Module#methods are Symbols in Ruby >= 1.9
* | | fix meaningless test caseAkira Matsuda2012-06-061-1/+1
| | | | | | | | | | | | | | | Module#instance_methods returns an Array of Symbols in Ruby >= 1.9 So this was not actually testing anything
* | | One-liner code for logger in ActionView::Helpers::ControllerHelperDmitry Vorotilin2012-06-051-5/+1
| | |
* | | Merge pull request #6631 from yuki24/use_block_in_button_helperJosé Valim2012-06-052-3/+18
|\ \ \ | | | | | | | | Accept a block in FormHelper#button
| * | | accept a block in button helper.Yuki Nishijima2012-06-052-3/+18
| |/ /
* / / Metal controller doesn't have logger method, check it and then delegateDmitry Vorotilin2012-06-051-2/+8
|/ /
* | Allow to use mounted helpers in ActionView::TestCasePiotr Sarnacki2012-06-014-1/+24
| | | | | | | | | | Similarly to 6525002, this allows to use routes helpers for mounted helpers, but this time in ActionView::TestCase
* | Merge pull request #6588 from nbibler/polymorphic_to_modelJosé Valim2012-06-012-2/+34
| | | | | | | | Correct the use of to_model in polymorphic routing
* | Sync CHANGLOG with the 3-2-stable branchRafael Mendonça França2012-06-011-0/+32
| |
* | Include routes.mounted_helpers into integration testsPiotr Sarnacki2012-06-014-3/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In integration tests, you might want to use helpers from engines that you mounted in your application. It's not hard to add it by yourself, but it's unneeded boilerplate. mounted_helpers are now included by default. That means that given engine mounted like: mount Foo::Engine => "/foo", :as => "foo" you will be able to use paths from this engine in tests this way: foo.root_path #=> "/foo" (closes #6573)
* | Merge branch 'master-sec'Aaron Patterson2012-05-312-1/+28
|\ \ | | | | | | | | | | | | | | | * master-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
| * | Strip [nil] from parameters hash.Aaron Patterson2012-05-302-1/+28
| | | | | | | | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
| * | Fix the buildSantiago Pastorino2012-05-221-1/+0
| | |
| * | require active_support/lazy_load_hooks where is neededSantiago Pastorino2012-05-221-0/+1
| | |
* | | Extracted redirect logic from ActionController::Force::ClassMethods.force_sslJeremy Friesen2012-05-313-7/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this patch the existing .force_ssl method handles both defining the filter and handling the logic for performing the redirect. With this patch the logic for redirecting to the HTTPS protocol is separated from the filter logic that determines if a redirect should occur. By separating the two levels of behavior, an instance method for ActionController (i.e. #force_ssl_redirect) is exposed and available for more granular SSL enforcement. Cleaned up indentation.
* | | Simplify link_to using content_tagCarlos Antonio da Silva2012-05-312-12/+26
| | | | | | | | | | | | Add some tests for link_to with blocks and escaping content.
* | | Make link_to arguments explicitCarlos Antonio da Silva2012-05-311-8/+4
| | |
* | | Make button_to arguments explicit and refactor a bitCarlos Antonio da Silva2012-05-311-10/+6
| | | | | | | | | | | | Prefer Hash#[]= over Hash#merge when setting a value.
* | | Simplify logic to initialize valid conditions in RouteSetCarlos Antonio da Silva2012-05-311-7/+3
| | | | | | | | | | | | | | | | | | Remove :to_sym call from public_instance_methods iteration, as such methods in Ruby 1.9 already return symbols. Initialize valid conditions with controller/action instead of setting them afterwards.
* | | accept a block in button_to helperSergey Nartimov2012-05-303-3/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make possible to use a block in button_to helper if button text is hard to fit into the name parameter, e.g.: <%= button_to [:make_happy, @user] do %> Make happy <strong><%= @user.name %></strong> <% end %> # => "<form method="post" action="/users/1/make_happy" class="button_to"> # <div> # <button type="submit"> # Make happy <strong>Name</strong> # </button> # </div> # </form>"
* | | no need to pass an empty block to button_to helperSergey Nartimov2012-05-301-2/+2
| | |
* | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-05-301-1/+1
|\ \ \
| * | | fix typo in render_template [ci skip]Brent Vatne2012-05-291-1/+1
| | | |
* | | | Review requires from number helperCarlos Antonio da Silva2012-05-281-4/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some of these requires are now only necessary in ActiveSupport::NumberHelper. Add hash/keys require due to symbolize_keys usage in number helpers. Also remove some whitespaces. Closes #6414
* | | | Parse float value only once in number helpersCarlos Antonio da Silva2012-05-281-11/+11
| | | | | | | | | | | | | | | | | | | | Refactor number helpers output with safety handling to call float parsing only once. Also remove 'erb' require.
* | | | Merge pull request #6315 from ↵José Valim2012-05-283-285/+49
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | appfolio/moving_number_helper_methods_to_active_support Moving number helper from ActionView to Active Support
| * | | | Moving NumberHelpers from ActionView to ActiveSupportAndrew Mutz2012-05-273-285/+49
| |/ / /
* / / / Fix sorting of helpers from different pathsPiotr Sarnacki2012-05-285-2/+53
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When more than one directory for helpers is provided to a controller, it should preserver the order of directories. Given 2 paths: MyController.helpers_paths = ["dir1/helpers", "dir2/helpers"] helpers from dir1 should be loaded first. Before this commit, all helpers were mixed and then sorted alphabetically, which essentially would require to rename helpers to get desired order. This is a problem especially for engines, where you would like to be able to predict accurately which engine helpers will load first. (closes #6496)
* | | Add `:escape` option for `truncate`Rafael Mendonça França2012-05-263-2/+29
| | | | | | | | | | | | This options can be used to not escape the result by default.
* | | Update the documentation and add CHANGELOG entryRafael Mendonça França2012-05-262-3/+5
| | |
* | | Test that the block used in truncate is escaped if it is not HTML safeRafael Mendonça França2012-05-262-25/+23
| | | | | | | | | | | | Refactoring the truncate method to not do a sort-circuit return