| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| | |
Added test for case when view doesn't have logger method when using
ActionController::Metal controller.
|
| |
| |
| |
| | |
ActionController::Metal controller.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several aspects to this commit, that don't well fit into broken down
commits, so they are detailed here:
* When a user uses response.headers['Cache-Control'] = some_value, then the
documented convention in ConditionalGet is not adhered to, in this case,
response.cache_control is ignored due to `return if
self[CACHE_CONTROL].present?`
* When a middleware sets cache-control headers that would clobber, they're
converted to symbols directly, without underscores. This would lead to bugs.
* Items that would live in :extras if set through expires_in, are placed
directly in the @cache_control hash, and not respected in many cases
(somewhat adhering to the aforementioned documentation).
* Although quite useless, any directive named 'extras' would be ignored.
The general convention applied is that expires_* take precedence, but no longer
overwrite everything and expires_* are ALWAYS applied, even if the header is
set.
I am still unhappy about the contents of this commit, and the code in general.
Ideally it should be refactored to no longer use :extras. I'd likely recommend
expanding @cache_control into a class, and giving it the power to handle the
merge in a more efficient fashion. Such a commit would be a larger change that
could have additional semantic changes for other libraries unless they utilize
expires_in in very standard ways.
|
| |
|
|\
| |
| | |
Respect absolute paths in compute_source_path.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using compute_source_path to determine the full path of an
asset, if our source begins with '/', we don't want to include
the directory. Examples are illustrative:
> compute_source_path("foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/stylesheets/foo.css"
> compute_source_path("/foo", "stylesheets", "css")
=> "/Users/steve/src/my_app/public/foo.css"
Before this patch, the second example would return the same as the
first.
Fixes #5680.
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
This reverts commit f5e7cb84cd377feb1b60c5356ce02123e9c94380.
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
framework
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
The `path` method on missing helper errors is inconsistent with the
implementation on LoadError in Ruby 2.0. Wrap up the missing helper
exceptions so that the inconsistent behavior is mirrored in Ruby 2.0
(until we can figure out *why* it's inconsistent).
|
| | |
|
| | |
|
|\ \
| | |
| | | |
These lines don't help to mitigate CVE. They only turn [nil] into nil, w...
|
| | |
| | |
| | |
| | |
| | |
| | | |
them [nil] turns into [] and that is quite innocent.
generated SQL - `IN (NULL)`
compact! did all the job.
|
|/ /
| |
| |
| | |
AbstractController::Callbacks
|
|\ \
| | |
| | |
| | |
| | | |
* master-sec:
Array parameters should not contain nil values.
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| | |
This middleware is only for Public Exceptions.
This follows bd8c0b8a
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Module#methods are Symbols in Ruby >= 1.9
|
| |
| |
| |
| |
| | |
Module#instance_methods returns an Array of Symbols in Ruby >= 1.9
So this was not actually testing anything
|
| | |
|
|\ \
| | |
| | | |
Accept a block in FormHelper#button
|
| |/ |
|
|/ |
|
|
|
|
|
| |
Similarly to 6525002, this allows to use routes helpers for mounted
helpers, but this time in ActionView::TestCase
|
|
|
|
| |
Correct the use of to_model in polymorphic routing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In integration tests, you might want to use helpers from engines that
you mounted in your application. It's not hard to add it by yourself,
but it's unneeded boilerplate. mounted_helpers are now included by
default. That means that given engine mounted like:
mount Foo::Engine => "/foo", :as => "foo"
you will be able to use paths from this engine in tests this way:
foo.root_path #=> "/foo"
(closes #6573)
|
|\
| |
| |
| |
| |
| | |
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
|
| |
| |
| |
| |
| |
| | |
Thanks to Ben Murphy for reporting this!
CVE-2012-2660
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this patch the existing .force_ssl method handles both defining
the filter and handling the logic for performing the redirect.
With this patch the logic for redirecting to the HTTPS protocol is
separated from the filter logic that determines if a redirect should
occur. By separating the two levels of behavior, an instance method
for ActionController (i.e. #force_ssl_redirect) is exposed and available
for more granular SSL enforcement.
Cleaned up indentation.
|