aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
| * Fix a few more 1.9 bugs. Rack 1.0.1 is required for 1.9 compliance but not ↵Yehuda Katz2009-10-152-2/+2
| | | | | | | | release, so bundling 1.0.1 from git
| * Rack responses need to wrap Strings in 1.9Yehuda Katz2009-10-151-1/+1
| |
| * Update MetalTest for constant scoping change in 1.9Yehuda Katz2009-10-151-2/+2
| |
| * Fix test to correctly handle 1.9 Array#to_s behaviorYehuda Katz2009-10-151-1/+1
| |
| * Work around apparent bug in 1.9Yehuda Katz2009-10-151-2/+2
| |
| * Change config implementation in AV slightlyYehuda Katz2009-10-151-1/+10
| |
* | Renamed Orchestra to Notifications once again [#3321 state:resolved]José Valim2009-10-156-11/+11
| |
* | Unify benchmark APIs.José Valim2009-10-156-181/+12
| |
* | Instrument cache store events only if required.José Valim2009-10-151-1/+1
| |
* | Update Orchestra instrumentations and move part of logging to Orchestra.José Valim2009-10-156-42/+23
| |
* | Revert "Rename Orchestra to Notifications [#3321 state:resolved]"José Valim2009-10-155-10/+10
|/ | | | This reverts commit 8cbf825425dc8ad3770881ea4e100b9023c69ce2.
* Make this less brittle and work on 1.8Yehuda Katz2009-10-151-9/+9
|
* Kill rake bundleJeremy Kemper2009-10-151-10/+0
|
* AP tests depend on ARJeremy Kemper2009-10-151-0/+1
|
* Make the erubis implementation easier for plugins to change.Michael Koziarski2009-10-151-1/+4
|
* Add a read-only method which plugin authors can use to determine if xss ↵Michael Koziarski2009-10-151-0/+5
| | | | | | | escaping. This doesn't provide a way to turn off the escaping, but alternative template engine authors can figure out what their default should be by calling this. Avoids a messy version + plugin check.
* Don't push siblings on load path if using bundled envJeremy Kemper2009-10-141-5/+8
|
* Merge branch 'arel'Jeremy Kemper2009-10-141-6/+10
|\
| * Clarify AR dependencyJeremy Kemper2009-10-141-6/+10
| |
* | Punt on ConcurrentHash [#3322 state:resolved]Joshua Peek2009-10-141-5/+5
| |
* | Rename Orchestra to Notifications [#3321 state:resolved]Joshua Peek2009-10-145-10/+10
|/
* Make IntegrationTest::Runner propagate method_missing to ancestors.George Ogata2009-10-152-2/+24
| | | | | | | Fixes RSpec integration example groups, which mixes its Matchers module into ActiveSupport::TestCase. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Test cases should see all the cookies, not just cookies that have been set ↵Craig Smith2009-10-152-1/+18
| | | | | | | | | | | | | in the controller. Previously this example would always pass, even when cookies.delete was not called. @request.cookies['foo'] = 'bar' get :delete_cookie assert_nil cookies['foo'] Signed-off-by: Michael Koziarski <michael@koziarski.com> [#2768 state:committed]
* Make sure non-escaped urls aren't considered safeMichael Koziarski2009-10-152-1/+6
|
* Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the ↵Michael Koziarski2009-10-152-2/+2
| | | | latter isn't
* ActionView.url_for doesn't escape by defaultPhil Darnowsky2009-10-152-4/+14
| | | | | | | | | | | | | | | | | ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by default. This was most commonly seen when generating a path with multiple query parameters, e.g. url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456) would return http://example.com/foo/bar?that=456&amp;this=123 escaping an ampersand that shouldn't be escaped. This is both wrong and inconsistent with the behavior of ActionController#url_for, and is changed. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Start adding configuration to ActionView instead of using constants.Yehuda Katz2009-10-145-13/+33
| | | | | | | By using config rather than hardcoded constants, we can evolve the configuration system over time (we'd just need to update the config method with more robust capabilities and all consumers would get the capabilities with no code changes)
* CookieJar#delete should return the key's value, consistent with a HashJeffrey Hardy2009-10-143-3/+11
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Callbacks, DeprecatedCallbacks = NewCallbacks, CallbacksJoshua Peek2009-10-122-6/+4
|
* Use "run_callbacks :foo" since it is the public api for callbacks [#3329Joshua Peek2009-10-122-4/+4
| | | | state:resolved]
* Bundle with system gem sources rather than gems.rubyforge.org defaultJeremy Kemper2009-10-111-0/+2
|
* Kill mock routing assertion that tests router implementationJoshua Peek2009-10-101-13/+0
|
* Fix failing safe buffer test. We don't patch CGI.escapeHTML, only ERB:Util.Joshua Peek2009-10-101-1/+1
|
* Move safe buffer into test/templateJoshua Peek2009-10-101-0/+0
|
* Relative url generations are covered more thoroughly by url rewriter testsJoshua Peek2009-10-101-12/+0
|
* Add define another "stuff" controller to support routing testsJoshua Peek2009-10-101-0/+1
|
* Drop implementation specific routing test assertionsJoshua Peek2009-10-101-3/+0
|
* Add define a "stuff" controller in fixtures to support routing testsJoshua Peek2009-10-101-0/+1
|
* Fix a bug where render :text could not handle yield :symbol. Fixes guides ↵Yehuda Katz2009-10-101-9/+13
| | | | generation
* Fix issue with standalone ActionViewYehuda Katz2009-10-091-1/+4
|
* Avoid super in define_method for RubiniusYehuda Katz2009-10-091-1/+6
|
* Get rid of constant name usage for stack trace help in favor of overriding ↵Yehuda Katz2009-10-091-9/+9
| | | | #inspect and .name.
* Finish porting over the initializers to the app object and fix all the testsCarl Lerche2009-10-082-3/+6
|
* API change: content_tag_for outputs prefixed class nameJoshua Peek2009-10-082-4/+4
|
* Fix warning spew for 1.9Carl Lerche2009-10-081-1/+5
|
* error procs have to be safe tooMichael Koziarski2009-10-081-1/+1
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-0833-41/+237
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* Not calling a private method anymoreYehuda Katz2009-10-071-2/+5
|
* Fix warning spewYehuda Katz2009-10-061-1/+3
|
* Coerce all out going body parts to StringsJoshua Peek2009-10-054-0/+71
|