aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-084-5/+38
| | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-085-51/+5
| | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* Merge branch 'master-sec'Aaron Patterson2013-01-085-5/+51
|\ | | | | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
| * CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| |
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-074-5/+38
| | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-01-0910-26/+34
|\ \ | | | | | | | | | | | | Conflicts: guides/source/getting_started.md
| * | prefer american spelling of 'behavior'Gosha Arinich2013-01-071-1/+1
| | |
| * | HTTP 302 means Found, not MovedChase DuBois2013-01-051-1/+1
| | |
| * | extract alert= and notice= examples to FlashHash#now [ci skip]Francesco Rodriguez2013-01-031-17/+15
| | |
| * | Revert "TODO typo fix"Akira Matsuda2013-01-041-1/+1
| | | | | | | | | | | | | | | | | | This reverts commit 1a59a6dfdca217e31a52779d92aa56b67c6689cb. I guess it's not a typo: https://github.com/jorlhuda/exceptron
| * | TODO typo fixGosha Arinich2013-01-041-1/+1
| | |
| * | Add examples `alert=` and `notice=`, using memeslambda_2013-01-031-0/+10
| | |
| * | Change `Example for` to `Example of`lambda_2013-01-031-2/+2
| | |
| * | PUT => PATCHAkira Matsuda2013-01-033-6/+6
| | |
| * | s/ERb/ERB/Akira Matsuda2013-01-021-1/+1
| | |
| * | PUT => PATCH or PUTAkira Matsuda2013-01-021-1/+1
| | |
| * | find_or_create_by is deprecated in AR 4Akira Matsuda2013-01-021-3/+3
| | |
| * | Model.scoped is deprecated in favour of Model.allAkira Matsuda2013-01-021-4/+4
| | |
* | | view_cache_dependency APIJamis Buck2013-01-086-10/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A declarative API for specifying dependencies that affect template cache digest computation. In your controller, specify any of said dependencies: view_cache_dependency { "phone" if using_phone? } When the block is evaluated, the resulting value is included in the cache digest calculation, allowing you to generate different digests for effectively the same template. (Mostly useful if you're mucking with template load paths.)
* | | Merge pull request #8810 from NARKOZ/image-submit-tagSteve Klabnik2013-01-083-9/+14
|\ \ \ | | | | | | | | set 'alt' attribute for image_submit_tag
| * | | set 'alt' attribute for image_submit_tagNihad Abbasov2013-01-083-9/+14
| | | |
* | | | Revert "unpermitted params" exception -- it's just not going to work. See ↵David Heinemeier Hansson2013-01-083-102/+11
| | | | | | | | | | | | | | | | the discussion on https://github.com/rails/strong_parameters/pull/75.
* | | | Never treat action or controller as unpermitted paramsDavid Heinemeier Hansson2013-01-082-6/+25
| | | |
* | | | Bump rack dependency to 1.4.3Carlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It includes security bug fixes and changes the initialization of Rack::File to accept a hash, otherwise generating warnings. See 295806e for the warnings fix.
* | | | Eliminate Rack::File headers deprecation warningSam Ruby2013-01-081-1/+1
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html rake test produces: "Rack::File headers parameter replaces cache_control after Rack 1.5." Despite what the message says, it appears that the hearders parameter change will be effective as of Rack 1.5: https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24
* | | Do not generate local vars for partials without object or collectionCarlos Antonio da Silva2013-01-084-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously rendering a partial without giving :object or :collection would generate a local variable with the partial name by default. This was noticed due to warnings in Ruby 2.0 of not used variables, which turned out to be the generation of not used variables inside partials that do not contain objects related to them.
* | | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| |/ |/| | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | improve StrongParameters documentation [ci skip]Francesco Rodriguez2013-01-071-8/+7
| |
* | access `@path` and `@routes` via reader methods in journeyGosha Arinich2013-01-072-3/+3
| |
* | refactor ShowExceptions' #call to use def-rescue instead of begin-rescueGosha Arinich2013-01-071-7/+4
| |
* | remove begin-rescue in favor of def-rescueGosha Arinich2013-01-071-10/+9
| |
* | Fix operators precedence issueRafael Mendonça França2013-01-061-1/+1
| |
* | Merge pull request #8787 from tank-bohr/masterRafael Mendonça França2013-01-061-2/+2
|\ \ | | | | | | masgn and response variable
| * | return multiple assingment and response variabletank-bohr2013-01-071-2/+2
| | |
* | | Merge pull request #8785 from goshakkk/refactor-debug-exceptionsRafael Mendonça França2013-01-061-2/+1
|\ \ \ | |/ / |/| | Refactor DebugExceptions
| * | refactor DebugExceptions by combining two conditionals into oneGosha Arinich2013-01-071-2/+1
| | |
* | | Reduce number of Strings a bitAkira Matsuda2013-01-072-4/+4
| | |
* | | Namespace HashWithIndifferentAccessAkira Matsuda2013-01-074-6/+5
|/ /
* | Merge pull request #8783 from goshakkk/refactor-journey-routesRafael Mendonça França2013-01-061-12/+11
|\ \ | | | | | | Refactor Journey::Routes
| * | refactor Journey::RoutesGosha Arinich2013-01-071-12/+11
| | | | | | | | | | | | | | | * prefer do-end for multiline blocks * prefer or-equals over returns with checks
* | | fix for rbxtank-bohr2013-01-071-2/+2
|/ / | | | | | | | | | | | | | | | | Rubinius returns a boolean after such assingment response = (_, headers, body = @app.call(env)) see https://github.com/rubinius/rubinius/issues/2117 get rid of a local variable
* | Needless requiresAkira Matsuda2013-01-062-6/+0
| |
* | Missing requiresAkira Matsuda2013-01-062-0/+2
| |
* | These are already required through AS/railsAkira Matsuda2013-01-065-6/+0
| | | | | | | | | | | | | | * core_ext/object/blank * concern * core_ext/class/attribute * deprecation
* | Rename route_wrapper partial layout to tableCarlos Antonio da Silva2013-01-062-1/+1
| | | | | | | | | | | | It is used by the table formatter only, and it's already inside a routes directory that namespaces it properly, so calling it just "table" seems simpler.
* | Move table routes formatter class to the inspector and rename itCarlos Antonio da Silva2013-01-063-19/+19
| | | | | | | | | | | | | | It feels more consistent to have this class called "HtmlTableFormatter", and to have it here with the routes inspector and console formatter, since it's used for both routing error exceptions and the rails info page.
* | Merge pull request #8777 from goshakkk/delegate-classAndrew White2013-01-062-2/+2
|\ \ | | | | | | Delegate to :class rather than 'self.class'
| * | delegate to :class rather than 'self.class'Gosha Arinich2013-01-062-2/+2
| | |
* | | Refactor the logic that checks whether or not to emit the hidden id fieldCarlos Antonio da Silva2013-01-061-7/+6
| | | | | | | | | | | | | | | By checking for object.persisted? first, we avoid the hash lookups for new objects.
* | | Move the hidden :id field logic to where it belongs toCarlos Antonio da Silva2013-01-061-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | When dealing with nested forms, Rails automatically generates a hidden field with the id value of the current object being generated by fields_for. This logic was inside the method that's available from the template object, but we just need it when really dealing with nested attributes, so moving the code to here makes more sense.