aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | | Merge pull request #8821 from jamis/masterRafael Mendonça França2013-01-102-7/+3
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Evaluate view_cache_dependencies at the instance level Conflicts: actionpack/lib/action_controller/caching.rb
| * | evaluate the dependency blocks at the instance level, not class levelJamis Buck2013-01-082-7/+3
| | |
* | | Remove redundant double quotation markszires2013-01-101-1/+1
| | |
* | | adding missing requiresAaron Patterson2013-01-092-0/+9
| | |
* | | Fix typo in deprecation warningNathaniel Jones2013-01-091-1/+1
| | |
* | | Merge pull request #8824 from mjtko/fix/cookie-store-inheritanceSantiago Pastorino2013-01-082-5/+26
|\ \ \ | | | | | | | | Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372]
| * | | Revert cb3181e - no longer required.Mark J. Titorenko2013-01-081-2/+0
| | | |
| * | | Fix CookieStore middleware inheritance hierarchy s.t. it inherits from ↵Mark J. Titorenko2013-01-081-3/+26
| | | | | | | | | | | | | | | | Rack::Session::Abstract::ID rather than Rack::Session::Cookie.
* | | | Remove :yaml related tests and fix other related to parsing empty arraysCarlos Antonio da Silva2013-01-082-45/+2
| | | | | | | | | | | | | | | | All Action Pack tests are green.
* | | | Fix warning: & interpreted as argument prefixCarlos Antonio da Silva2013-01-081-1/+1
| | | |
* | | | remove yaml as a param parser :burn:Aaron Patterson2013-01-081-2/+0
| | | | | | | | | | | | | | | | | | | | If you revert this commit, I will hunt you down, I will make you regret ever terrible thing you've ever done, I will make you suffer.
* | | | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| | | |
* | | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-084-5/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* | | | Revert "Merge branch 'master-sec'"Jeremy Kemper2013-01-085-51/+5
| | | | | | | | | | | | | | | | | | | | This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing changes made to f049016cd348627bf8db0d72382d7580bf802a79.
* | | | Merge branch 'master-sec'Aaron Patterson2013-01-085-5/+51
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | * master-sec: CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
| * | | | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| | | | |
| * | | | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-074-5/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/http/request.rb actionpack/lib/action_dispatch/middleware/params_parser.rb activerecord/CHANGELOG.md activerecord/lib/active_record/relation/predicate_builder.rb activerecord/test/cases/relation/where_test.rb
* | | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-01-0910-26/+34
|\ \ \ \ \ | |_|_|/ / |/| | | | | | | | | | | | | | Conflicts: guides/source/getting_started.md
| * | | | prefer american spelling of 'behavior'Gosha Arinich2013-01-071-1/+1
| | | | |
| * | | | HTTP 302 means Found, not MovedChase DuBois2013-01-051-1/+1
| | | | |
| * | | | extract alert= and notice= examples to FlashHash#now [ci skip]Francesco Rodriguez2013-01-031-17/+15
| | | | |
| * | | | Revert "TODO typo fix"Akira Matsuda2013-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1a59a6dfdca217e31a52779d92aa56b67c6689cb. I guess it's not a typo: https://github.com/jorlhuda/exceptron
| * | | | TODO typo fixGosha Arinich2013-01-041-1/+1
| | | | |
| * | | | Add examples `alert=` and `notice=`, using memeslambda_2013-01-031-0/+10
| | | | |
| * | | | Change `Example for` to `Example of`lambda_2013-01-031-2/+2
| | | | |
| * | | | PUT => PATCHAkira Matsuda2013-01-033-6/+6
| | | | |
| * | | | s/ERb/ERB/Akira Matsuda2013-01-021-1/+1
| | | | |
| * | | | PUT => PATCH or PUTAkira Matsuda2013-01-021-1/+1
| | | | |
| * | | | find_or_create_by is deprecated in AR 4Akira Matsuda2013-01-021-3/+3
| | | | |
| * | | | Model.scoped is deprecated in favour of Model.allAkira Matsuda2013-01-021-4/+4
| | | | |
* | | | | view_cache_dependency APIJamis Buck2013-01-086-10/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A declarative API for specifying dependencies that affect template cache digest computation. In your controller, specify any of said dependencies: view_cache_dependency { "phone" if using_phone? } When the block is evaluated, the resulting value is included in the cache digest calculation, allowing you to generate different digests for effectively the same template. (Mostly useful if you're mucking with template load paths.)
* | | | | Merge pull request #8810 from NARKOZ/image-submit-tagSteve Klabnik2013-01-083-9/+14
|\ \ \ \ \ | | | | | | | | | | | | set 'alt' attribute for image_submit_tag
| * | | | | set 'alt' attribute for image_submit_tagNihad Abbasov2013-01-083-9/+14
| | | | | |
* | | | | | Revert "unpermitted params" exception -- it's just not going to work. See ↵David Heinemeier Hansson2013-01-083-102/+11
| | | | | | | | | | | | | | | | | | | | | | | | the discussion on https://github.com/rails/strong_parameters/pull/75.
* | | | | | Never treat action or controller as unpermitted paramsDavid Heinemeier Hansson2013-01-082-6/+25
| | | | | |
* | | | | | Bump rack dependency to 1.4.3Carlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It includes security bug fixes and changes the initialization of Rack::File to accept a hash, otherwise generating warnings. See 295806e for the warnings fix.
* | | | | | Eliminate Rack::File headers deprecation warningSam Ruby2013-01-081-1/+1
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html rake test produces: "Rack::File headers parameter replaces cache_control after Rack 1.5." Despite what the message says, it appears that the hearders parameter change will be effective as of Rack 1.5: https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24 https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24
* | | / / Do not generate local vars for partials without object or collectionCarlos Antonio da Silva2013-01-084-1/+15
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously rendering a partial without giving :object or :collection would generate a local variable with the partial name by default. This was noticed due to warnings in Ruby 2.0 of not used variables, which turned out to be the generation of not used variables inside partials that do not contain objects related to them.
* | | | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| |/ / |/| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | | improve StrongParameters documentation [ci skip]Francesco Rodriguez2013-01-071-8/+7
| | |
* | | access `@path` and `@routes` via reader methods in journeyGosha Arinich2013-01-072-3/+3
| | |
* | | refactor ShowExceptions' #call to use def-rescue instead of begin-rescueGosha Arinich2013-01-071-7/+4
| | |
* | | remove begin-rescue in favor of def-rescueGosha Arinich2013-01-071-10/+9
| | |
* | | Fix operators precedence issueRafael Mendonça França2013-01-061-1/+1
| | |
* | | Merge pull request #8787 from tank-bohr/masterRafael Mendonça França2013-01-061-2/+2
|\ \ \ | | | | | | | | masgn and response variable
| * | | return multiple assingment and response variabletank-bohr2013-01-071-2/+2
| | | |
* | | | Merge pull request #8785 from goshakkk/refactor-debug-exceptionsRafael Mendonça França2013-01-061-2/+1
|\ \ \ \ | |/ / / |/| | | Refactor DebugExceptions
| * | | refactor DebugExceptions by combining two conditionals into oneGosha Arinich2013-01-071-2/+1
| | | |
* | | | Reduce number of Strings a bitAkira Matsuda2013-01-072-4/+4
| | | |
* | | | Namespace HashWithIndifferentAccessAkira Matsuda2013-01-074-6/+5
|/ / /