| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| | |
* master-sec:
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dealing with empty hashes. Thanks Damien Mathieu
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
|
|\ \
| | |
| | |
| | |
| | | |
Conflicts:
guides/source/getting_started.md
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 1a59a6dfdca217e31a52779d92aa56b67c6689cb.
I guess it's not a typo: https://github.com/jorlhuda/exceptron
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A declarative API for specifying dependencies that affect template
cache digest computation. In your controller, specify any of said
dependencies:
view_cache_dependency { "phone" if using_phone? }
When the block is evaluated, the resulting value is included in the
cache digest calculation, allowing you to generate different digests
for effectively the same template. (Mostly useful if you're mucking
with template load paths.)
|
|\ \ \
| | | |
| | | | |
set 'alt' attribute for image_submit_tag
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
the discussion on https://github.com/rails/strong_parameters/pull/75.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It includes security bug fixes and changes the initialization of
Rack::File to accept a hash, otherwise generating warnings.
See 295806e for the warnings fix.
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html
rake test produces:
"Rack::File headers parameter replaces cache_control after Rack 1.5."
Despite what the message says, it appears that the hearders parameter change
will be effective as of Rack 1.5:
https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24
https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.
This was noticed due to warnings in Ruby 2.0 of not used variables,
which turned out to be the generation of not used variables inside
partials that do not contain objects related to them.
|
| |/
|/|
| |
| | |
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
masgn and response variable
|
| | | |
|
|\ \ \
| |/ /
|/| | |
Refactor DebugExceptions
|
| | | |
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
Refactor Journey::Routes
|
| | |
| | |
| | |
| | |
| | | |
* prefer do-end for multiline blocks
* prefer or-equals over returns with checks
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Rubinius returns a boolean after such assingment
response = (_, headers, body = @app.call(env))
see https://github.com/rubinius/rubinius/issues/2117
get rid of a local variable
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
* core_ext/object/blank
* concern
* core_ext/class/attribute
* deprecation
|
| |
| |
| |
| |
| |
| | |
It is used by the table formatter only, and it's already inside a routes
directory that namespaces it properly, so calling it just "table" seems
simpler.
|
| |
| |
| |
| |
| |
| |
| | |
It feels more consistent to have this class called "HtmlTableFormatter",
and to have it here with the routes inspector and console formatter,
since it's used for both routing error exceptions and the rails info
page.
|
|\ \
| | |
| | | |
Delegate to :class rather than 'self.class'
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
By checking for object.persisted? first, we avoid the hash lookups for
new objects.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When dealing with nested forms, Rails automatically generates a hidden
field with the id value of the current object being generated by
fields_for. This logic was inside the method that's available from the
template object, but we just need it when really dealing with nested
attributes, so moving the code to here makes more sense.
|
| | |
| | |
| | |
| | | |
Just use it internally from fields_for until we come up with a better solution.
|
| | | |
|