aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-083-147/+86
| | | | | | | | | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* | Use Mime::Type references.José Valim2011-02-087-6/+26
| |
* | Ensure render is case sensitive even on systems with case-insensitive ↵José Valim2011-02-082-3/+22
| | | | | | | | | | | | filesystems. This fixes CVE-2011-0449
* | Be sure to javascript_escape the email address to prevent apostrophes ↵Michael Koziarski2011-02-082-9/+11
| | | | | | | | | | | | inadvertently causing javascript errors. This fixes CVE-2011-0446
* | fields_for with inline blocks and nested attributes already persisted does ↵Santiago Pastorino2011-02-081-10/+7
| | | | | | | | | | | | not render properly [#6381 state:committed]
* | Add tests showing the LH issue #6381: fields_for with inline blocks and ↵Carlos Antonio da Silva2011-02-081-1/+85
| | | | | | | | | | | | nested attributes already persisted Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | cleaning up some warnings on 1.9.3Aaron Patterson2011-02-078-27/+25
| |
* | put authenticity_token option in parity w/ remoteDan Pickett2011-02-062-6/+7
| | | | | | | | | | | | [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | Allow page_cache_directory to be set as a PathnameAndre Arko2011-02-062-1/+12
| | | | | | | | | | | | For example, page_cache_directory = Rails.root.join("public/cache") Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | Added tests for form_for and an authenticity_token option. Added docs for ↵Timothy N. Tsvetkov2011-02-052-0/+36
|/ | | | | | | | for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-02-051-17/+39
|\
| * improve routing docs, mostly for #matchGabriel Horner2011-02-051-12/+34
| |
| * keep options titles consistent to "Options"Gabriel Horner2011-02-031-5/+5
| |
* | fixed bug with nested resources within shallow scopegerman2011-02-042-1/+63
| | | | | | | | | | | | [#6372 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | removing generation of id in submit helperFranco Brusatti2011-02-032-7/+7
| | | | | | | | | | | | [#6369 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | Add a test for 'render :layout'Anton Astashov2011-02-032-0/+9
| | | | | | | | | | | | | | | | | | To make sure it will show block contents if it is placed after 'render :partial' [#5557 state:resolved] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | revises a metal exampleXavier Noria2011-02-021-4/+4
| |
* | copy-edits 2446b13Xavier Noria2011-02-021-14/+13
| |
* | Protocol-relative URL support.Stephen Celis2011-02-022-3/+19
|/ | | | | | [#5774 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-02-024-99/+249
|\
| * Provide documentation for ActionController::MetalBernerd Schaefer2011-02-021-5/+55
| |
| * explain different ways to use match()Jonathan Dance + Gabriel Horner2011-01-291-9/+16
| |
| * organize and expand on options for routing methodsJonathan Dance + Gabriel Horner2011-01-291-81/+161
| |
| * corrected the location of status code symbolsmisfo2011-01-291-1/+1
| |
| * add cross-references and documentation for scopeJonathan Dance + Gabriel Horner2011-01-281-0/+12
| |
| * fix cross-references in HttpHelper methodsJonathan Dance + Gabriel Horner2011-01-281-4/+4
| |
| * clarify what the "they" that are is and what the "are" in question isMatt Jankowski2011-01-271-1/+2
| |
* | add test to check class is being escaped in form_classSantiago Pastorino2011-02-011-0/+4
| |
* | Allow customization of form class for button_toAndrei Bocan2011-02-012-3/+17
| | | | | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | auto_link: avoid recognizing full width chars as a part of URI schemeAkira Matsuda2011-02-012-2/+8
| | | | | | | | | | | | | | | | fixes regression by http://github.com/rails/rails/commit/133ada6ab0f0cb7bef2bd40dbc18f2d5bc6b964e [#5503 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | Accept String value for render_partial :as optionAkira Matsuda2011-02-013-4/+9
| | | | | | | | | | | | [#6222 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | Use run_callbacks; the generated _run_<name>_callbacks method is not a ↵John Firebaugh2011-01-312-5/+5
| | | | | | | | | | | | public interface. Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* | render_to_string must ensure that response_bodyNeeraj Singh2011-01-252-1/+11
| | | | | | | | | | | | | | | | is nil [ #5875 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* | If I want to set respond_body to nil then itNeeraj Singh2011-01-251-1/+1
| | | | | | | | | | | | | | should be nil and not [nil]. If anything other than nil then wrap it in array Signed-off-by: José Valim <jose.valim@gmail.com>
* | A patch so that http status codes are still included in logs even during an ↵Doug Fales2011-01-252-1/+20
| | | | | | | | | | | | exception [#6333 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
* | use spec compliant YAMLAaron Patterson2011-01-211-1/+1
| |
* | Add tld_length option when using domain :all in cookiesbrainopia2011-01-212-9/+45
| | | | | | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* | Support list of possible domains for cookiesbrainopia2011-01-212-0/+48
|/ | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Solve SystemStackError when changing locale inside ActionMailer [#5329 ↵José Valim2011-01-193-7/+8
| | | | state:resolved]
* removing usesless variable assignmentsAaron Patterson2011-01-182-16/+14
|
* Merge branch 'template_error' into mergeAaron Patterson2011-01-182-4/+14
|\ | | | | | | | | | | * template_error: Ensure original exception message is present in both Template::Error#message and Template::Error#inspect. ActiveSupport::Deprecation.silence no longer needed.
| * Ensure original exception message is present in both Template::Error#message ↵John Firebaugh2010-10-292-4/+14
| | | | | | | | | | | | and Template::Error#inspect. Previously, #inspect would produce #<ActionView::Template::Error: ActionView::Template::Error>, which is not very useful.
| * ActiveSupport::Deprecation.silence no longer needed.John Firebaugh2010-10-291-1/+1
| |
* | Issue one Cache#read command instead of two in the case of a fragment cache hitChristos Trochalakis2011-01-182-6/+6
| |
* | minitest added @__io__, so we should ignore it tooAaron Patterson2011-01-171-0/+1
| |
* | fixing space errorsAaron Patterson2011-01-171-1/+1
| |
* | fixing wrong testAaron Patterson2011-01-171-1/+1
| |
* | removing more unused variablesAaron Patterson2011-01-171-1/+1
| |
* | button_tag should escape it contentSantiago Pastorino2011-01-122-1/+8
| |
* | use raise to create exceptions and to set the backtraceAaron Patterson2011-01-122-2/+2
| |