Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | Change the CSRF whitelisting to only apply to get requests | Michael Koziarski | 2011-02-08 | 3 | -147/+86 | |
| | | | | | | | | | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447 | |||||
* | | Use Mime::Type references. | José Valim | 2011-02-08 | 7 | -6/+26 | |
| | | ||||||
* | | Ensure render is case sensitive even on systems with case-insensitive ↵ | José Valim | 2011-02-08 | 2 | -3/+22 | |
| | | | | | | | | | | | | filesystems. This fixes CVE-2011-0449 | |||||
* | | Be sure to javascript_escape the email address to prevent apostrophes ↵ | Michael Koziarski | 2011-02-08 | 2 | -9/+11 | |
| | | | | | | | | | | | | inadvertently causing javascript errors. This fixes CVE-2011-0446 | |||||
* | | fields_for with inline blocks and nested attributes already persisted does ↵ | Santiago Pastorino | 2011-02-08 | 1 | -10/+7 | |
| | | | | | | | | | | | | not render properly [#6381 state:committed] | |||||
* | | Add tests showing the LH issue #6381: fields_for with inline blocks and ↵ | Carlos Antonio da Silva | 2011-02-08 | 1 | -1/+85 | |
| | | | | | | | | | | | | nested attributes already persisted Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | cleaning up some warnings on 1.9.3 | Aaron Patterson | 2011-02-07 | 8 | -27/+25 | |
| | | ||||||
* | | put authenticity_token option in parity w/ remote | Dan Pickett | 2011-02-06 | 2 | -6/+7 | |
| | | | | | | | | | | | | [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | Allow page_cache_directory to be set as a Pathname | Andre Arko | 2011-02-06 | 2 | -1/+12 | |
| | | | | | | | | | | | | For example, page_cache_directory = Rails.root.join("public/cache") Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | Added tests for form_for and an authenticity_token option. Added docs for ↵ | Timothy N. Tsvetkov | 2011-02-05 | 2 | -0/+36 | |
|/ | | | | | | | | for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-02-05 | 1 | -17/+39 | |
|\ | ||||||
| * | improve routing docs, mostly for #match | Gabriel Horner | 2011-02-05 | 1 | -12/+34 | |
| | | ||||||
| * | keep options titles consistent to "Options" | Gabriel Horner | 2011-02-03 | 1 | -5/+5 | |
| | | ||||||
* | | fixed bug with nested resources within shallow scope | german | 2011-02-04 | 2 | -1/+63 | |
| | | | | | | | | | | | | [#6372 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | removing generation of id in submit helper | Franco Brusatti | 2011-02-03 | 2 | -7/+7 | |
| | | | | | | | | | | | | [#6369 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | Add a test for 'render :layout' | Anton Astashov | 2011-02-03 | 2 | -0/+9 | |
| | | | | | | | | | | | | | | | | | | To make sure it will show block contents if it is placed after 'render :partial' [#5557 state:resolved] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | revises a metal example | Xavier Noria | 2011-02-02 | 1 | -4/+4 | |
| | | ||||||
* | | copy-edits 2446b13 | Xavier Noria | 2011-02-02 | 1 | -14/+13 | |
| | | ||||||
* | | Protocol-relative URL support. | Stephen Celis | 2011-02-02 | 2 | -3/+19 | |
|/ | | | | | | [#5774 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-02-02 | 4 | -99/+249 | |
|\ | ||||||
| * | Provide documentation for ActionController::Metal | Bernerd Schaefer | 2011-02-02 | 1 | -5/+55 | |
| | | ||||||
| * | explain different ways to use match() | Jonathan Dance + Gabriel Horner | 2011-01-29 | 1 | -9/+16 | |
| | | ||||||
| * | organize and expand on options for routing methods | Jonathan Dance + Gabriel Horner | 2011-01-29 | 1 | -81/+161 | |
| | | ||||||
| * | corrected the location of status code symbols | misfo | 2011-01-29 | 1 | -1/+1 | |
| | | ||||||
| * | add cross-references and documentation for scope | Jonathan Dance + Gabriel Horner | 2011-01-28 | 1 | -0/+12 | |
| | | ||||||
| * | fix cross-references in HttpHelper methods | Jonathan Dance + Gabriel Horner | 2011-01-28 | 1 | -4/+4 | |
| | | ||||||
| * | clarify what the "they" that are is and what the "are" in question is | Matt Jankowski | 2011-01-27 | 1 | -1/+2 | |
| | | ||||||
* | | add test to check class is being escaped in form_class | Santiago Pastorino | 2011-02-01 | 1 | -0/+4 | |
| | | ||||||
* | | Allow customization of form class for button_to | Andrei Bocan | 2011-02-01 | 2 | -3/+17 | |
| | | | | | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | auto_link: avoid recognizing full width chars as a part of URI scheme | Akira Matsuda | 2011-02-01 | 2 | -2/+8 | |
| | | | | | | | | | | | | | | | | fixes regression by http://github.com/rails/rails/commit/133ada6ab0f0cb7bef2bd40dbc18f2d5bc6b964e [#5503 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | Accept String value for render_partial :as option | Akira Matsuda | 2011-02-01 | 3 | -4/+9 | |
| | | | | | | | | | | | | [#6222 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | Use run_callbacks; the generated _run_<name>_callbacks method is not a ↵ | John Firebaugh | 2011-01-31 | 2 | -5/+5 | |
| | | | | | | | | | | | | public interface. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | |||||
* | | render_to_string must ensure that response_body | Neeraj Singh | 2011-01-25 | 2 | -1/+11 | |
| | | | | | | | | | | | | | | | | is nil [ #5875 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | | If I want to set respond_body to nil then it | Neeraj Singh | 2011-01-25 | 1 | -1/+1 | |
| | | | | | | | | | | | | | | should be nil and not [nil]. If anything other than nil then wrap it in array Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | | A patch so that http status codes are still included in logs even during an ↵ | Doug Fales | 2011-01-25 | 2 | -1/+20 | |
| | | | | | | | | | | | | exception [#6333 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | | use spec compliant YAML | Aaron Patterson | 2011-01-21 | 1 | -1/+1 | |
| | | ||||||
* | | Add tld_length option when using domain :all in cookies | brainopia | 2011-01-21 | 2 | -9/+45 | |
| | | | | | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | | Support list of possible domains for cookies | brainopia | 2011-01-21 | 2 | -0/+48 | |
|/ | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | |||||
* | Solve SystemStackError when changing locale inside ActionMailer [#5329 ↵ | José Valim | 2011-01-19 | 3 | -7/+8 | |
| | | | | state:resolved] | |||||
* | removing usesless variable assignments | Aaron Patterson | 2011-01-18 | 2 | -16/+14 | |
| | ||||||
* | Merge branch 'template_error' into merge | Aaron Patterson | 2011-01-18 | 2 | -4/+14 | |
|\ | | | | | | | | | | | * template_error: Ensure original exception message is present in both Template::Error#message and Template::Error#inspect. ActiveSupport::Deprecation.silence no longer needed. | |||||
| * | Ensure original exception message is present in both Template::Error#message ↵ | John Firebaugh | 2010-10-29 | 2 | -4/+14 | |
| | | | | | | | | | | | | and Template::Error#inspect. Previously, #inspect would produce #<ActionView::Template::Error: ActionView::Template::Error>, which is not very useful. | |||||
| * | ActiveSupport::Deprecation.silence no longer needed. | John Firebaugh | 2010-10-29 | 1 | -1/+1 | |
| | | ||||||
* | | Issue one Cache#read command instead of two in the case of a fragment cache hit | Christos Trochalakis | 2011-01-18 | 2 | -6/+6 | |
| | | ||||||
* | | minitest added @__io__, so we should ignore it too | Aaron Patterson | 2011-01-17 | 1 | -0/+1 | |
| | | ||||||
* | | fixing space errors | Aaron Patterson | 2011-01-17 | 1 | -1/+1 | |
| | | ||||||
* | | fixing wrong test | Aaron Patterson | 2011-01-17 | 1 | -1/+1 | |
| | | ||||||
* | | removing more unused variables | Aaron Patterson | 2011-01-17 | 1 | -1/+1 | |
| | | ||||||
* | | button_tag should escape it content | Santiago Pastorino | 2011-01-12 | 2 | -1/+8 | |
| | | ||||||
* | | use raise to create exceptions and to set the backtrace | Aaron Patterson | 2011-01-12 | 2 | -2/+2 | |
| | |