| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
CSRF protection from cross-origin <script> tags
|
| |
| |
| |
| | |
Thanks to @homakov for sounding the alarm about JSONP-style data leaking
|
|\ \
| | |
| | | |
Release notes fixes [ci skip]
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Added release notes for secrets.yml and mentioned it in the highlights
* Added release notes for Mailer previews and mentioned it in the highlights
* Added release notes for Module#concerning
* Removed mention for AV extraction from the highlights
* Rearranged the major features to put highlighted features first
* Various improvements and typo fixes
[ci skip]
|
|/ |
|
| |
|
|\
| |
| | |
Spelling and Grammar check [ci skip]
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
Without parenthesis, ruby assumes that curly braces denote the beginning
of a block.
|
|\|
| |
| | |
Spelling and Grammar checks [ci skip]
|
| | |
|
|\ \
| |/
|/| |
Variants inline syntax documentation
|
| |
| |
| |
| |
| |
| | |
* Extend method documentation
* Mention it in actionpack/CHANGELOG
* Update release notes
|
|/ |
|
|\
| |
| | |
Fix typo in action_controller responder.rb [ci skip]
|
| | |
|
|\ \
| |/
|/| |
s/everytime/every time/
|
| | |
|
| |
| |
| |
| |
| | |
This reverts the changes to CHANGELOG.md in commit
38f8872aa5fd8f0a1d0895e9eb41f73261acd040.
|
|/
|
|
|
|
| |
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a route is mounted inside a resources block, it's automatically
prefixed, so a following code:
resources :users do
mount Blog::Engine => '/blog'
end
will generate a user_blog path helper.
In order to access engine helpers, we also use "mounted_helpers", a list
of helpers associated with each mounted engine, so a path to blog's post
can be generated using user_blog.post_path(user, post).
The problem I'm fixing here is that mount used a raw :as option, without
taking nestings into account. As a result, blog was added to a route set
as a `user_blog`, but helper was generated for just `blog`.
This commit applies the proper logic for defining a helper for a mounted
engine nested in resources or resource block.
(closes #8533)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those situations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
|
|
|
|
|
|
|
| |
little more work!
This reverts commit 186161148a189839a1e0924043f068a8d155ce69, reversing
changes made to cad9eb178ea5eec0e27d74e93518f4ed34e2f997.
|
|\
| |
| | |
Inline syntax for variants
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those sitiations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
`
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
|
|/ |
|
|
|
|
| |
controller
|
| |
|
|
|
|
| |
Added here 13dd38cee79be39f7b399e142fd78295dddd2abb
|
| |
|
|\
| |
| | |
Retain ActionPack dependency on ActionView. Fixes #12979.
|
| | |
|
| | |
|
| |
| |
| |
| | |
Discoverd by #13175.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before ec16ba75a5493b9da972eea08bae630eba35b62f,
ActionView::Helpers::TranslationHelper#translate has raised errors with
specifying options[:raise] to true.
This should work by this fix:
begin
t(:"translations.missing", raise: true)
rescue I18n::MissingTranslationData
p :hello!
end
|
| | |
|
| |
| |
| |
| |
| | |
Return Nil is implicit in a method and this syntax is used in the others
classes
|
| |
| |
| |
| |
| | |
Avoid one-liner conditionals when they are too big. Avoid concatenating
strings to build error messages. Improve messages a bit.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
|
| |
| |
| |
| |
| |
| |
| |
| | |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
|/|
| |
| | |
Conflicts:
actionpack/CHANGELOG.md
|