aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | | | Merge pull request #6034 from ↵Piotr Sarnacki2012-04-302-7/+3
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | willbryant/flash_must_not_load_session_on_every_request_master Fix the Flash middleware loading the session on every request
| * | | | | | | fix the Flash middleware loading the session on every request (very ↵Will Bryant2012-04-282-7/+3
| | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called
* | | | | | | wrap translate defaults to use translate helper features, closes #1102Sergey Nartimov2012-04-303-1/+41
| |/ / / / / |/| | | | |
* | | | | | Add note about using 303 See Other for XHR requests other than GET/POSTAndrew White2012-04-301-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | IE since version 6 and recently Chrome and Firefox have started following 302 redirects from XHR requests other than GET/POST using the original request method. This can lead to DELETE requests being redirected amongst other things. Although it doesn't directly affect the Rails framework since it doesn't return a 302 redirect to any non-GET/POST request a note has been added to raise awareness of the issue. Some references: Original article from @technoweenie: http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/ Hacker News discussion of the article: http://news.ycombinator.com/item?id=2903493 WebKit bug report: https://bugs.webkit.org/show_bug.cgi?id=46183 Firefox bug report and changeset: https://bugzilla.mozilla.org/show_bug.cgi?id=598304 https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d Chrome bug report: http://code.google.com/p/chromium/issues/detail?id=56373 HTTPbis bug report and changeset: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160 http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428 Roy T. Fielding's history of the issue: http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html Automated browser tests for the issue: http://www.mnot.net/javascript/xmlhttprequest/ Fixes #4144
* | | | | | Remove `button_to_function` and `link_to_function` helpersRafael Mendonça França2012-04-303-65/+2
| | | | | |
* | | | | | Add missing require when helpers are used in isolationRafael Mendonça França2012-04-301-0/+1
| | | | | |
* | | | | | Merge pull request #6074 from mark-rushakoff/unused-variablesJeremy Kemper2012-04-292-2/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Remove some unused variable assignments
| * | | | | | Remove unused assignmentsMark Rushakoff2012-04-291-1/+0
| | | | | | |
| * | | | | | Remove unused assignment in actionpack date helper testMark Rushakoff2012-04-291-1/+1
| | | | | | |
* | | | | | | Restore interpolation of path option in redirect routesAndrew White2012-04-292-1/+42
| | | | | | |
* | | | | | | Escape interpolated params when redirecting - fixes #5688Andrew White2012-04-292-1/+36
| | | | | | |
* | | | | | | Add failing test case for #6053Andrew White2012-04-291-0/+21
| | | | | | |
* | | | | | | Fix controller_class_name for anonymous controllers.Michael Schuerig2012-04-291-1/+1
| | | | | | |
* | | | | | | Merge pull request #6059 from rafaelfranca/check_box_invertedJosé Valim2012-04-292-6/+100
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Change check_box to work inverting the checked and unchecked value
| * | | | | | | Change check_box to work inverting the checked and unchecked valueRafael Mendonça França2012-04-292-6/+100
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes: * Boolean with inverted logic * Integer with inverted logic * BigDecimal with inverted logic Fixes #3995
* | | | | | | Merge pull request #6006 from ↵José Valim2012-04-295-16/+39
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | carlosantoniodasilva/partial-layout-collection-item Partial layout collection item
| * | | | | | | Add changelog entry and some docs for collection + layoutCarlos Antonio da Silva2012-04-292-3/+10
| | | | | | | |
| * | | | | | | Move layout logic with collection to be handled only with explicit template ↵Carlos Antonio da Silva2012-04-291-15/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | is given Layout is never an available option when rendering with the shortcut `render @collection`.
| * | | | | | | Allow access to current object_counter variable from layout when rendering ↵Carlos Antonio da Silva2012-04-293-5/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with partial + collection
| * | | | | | | Allow layout to access current object being rendered when using render ↵Carlos Antonio da Silva2012-04-292-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | partial + object
| * | | | | | | Allow layout rendering to access current object being rendered when using ↵Carlos Antonio da Silva2012-04-293-8/+18
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | partial + collection
* | | | | | | Merge pull request #6017 from larzconwell/remove_sanitize_dom_idJeremy Kemper2012-04-291-6/+1
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Removed the sanitize_dom_id method
| * | | | | | Removed the sanitize_dom_id method because HTML5 doctype let's us use ↵Larz Conwell2012-04-271-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | anything except nothing and whitespace for id's
* | | | | | | Add changelog entry for jsonp mimetype change, fix failing testCarlos Antonio da Silva2012-04-292-1/+3
| |_|_|/ / / |/| | | | | | | | | | | | | | | | | Fix failing test: Mime::JS generates "text/javascript"
* | | | | | Don't convert params if the request isn't HTML - fixes #5341Andrew White2012-04-292-8/+58
| | | | | |
* | | | | | Avoid calling content type multiple timesJosé Valim2012-04-291-4/+6
| | | | | |
* | | | | | Merge pull request #2321 from omjokine/masterJosé Valim2012-04-292-2/+5
|\ \ \ \ \ \ | | | | | | | | | | | | | | JSONP should use mimetype application/javascript
| * \ \ \ \ \ Merge remote-tracking branch 'upstream/master'Olli Jokinen2011-12-01180-6991/+9152
| |\ \ \ \ \ \
| * | | | | | | fixed test case test_render_json_with_callback to use content_type ↵Olli Jokinen2011-07-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | application/javascript
| * | | | | | | Change mimetype to Mime::JS if JSONP is usedOlli Jokinen2011-07-281-1/+4
| | | | | | | |
* | | | | | | | Lazy load `default_form_builder` if it's passed as a stringPiotr Sarnacki2012-04-283-1/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | closes #3341
* | | | | | | | Merge session arg with existing session instead of overwritingAndrew White2012-04-283-1/+28
| |_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This may break existing tests that are asserting the whole session contents but should not break existing tests that are asserting individual keys - e.g: class SomeControllerTest < ActionController::TestCase setup do session['user_id'] = 1 end test "some test" do get :some_action, nil, { 'another_var' => 2 } # This assertion will now fail assert_equal({ 'another_var' => 2 }, session) # This assertion will still pass assert_equal 2, session['another_var] end end Fixes #1529.
* | | | | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-04-282-4/+4
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | |
| * | | | | | Use <tt>Foo::Bar</tt> instead of +Foo::Bar+Mark Rushakof2012-04-272-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latter doesn't render as code in HTML output. Regex used in Rubymine to locate the latter form: (\+)(:*\w+:(?::|\w)+)(\+)
* | | | | | | Merge pull request #5989 from arunagw/warning_removed_master_apJon Leighton2012-04-271-3/+3
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Shadowing variable warning removed
| * | | | | | | Shadowing variable warning removedArun Agrawal2012-04-261-3/+3
| | | | | | | |
* | | | | | | | remove calls to deprecated find(:first) in actionpack test suiteSergey Nartimov2012-04-261-2/+2
| | | | | | | |
* | | | | | | | refactor content_tag_for helperSergey Nartimov2012-04-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - do not use merge! just for 2 values - there is no need to check block arity
* | | | | | | | use safe_join in number helperSergey Nartimov2012-04-261-1/+1
| | | | | | | |
* | | | | | | | remove unnecessary else statementVasiliy Ermolovich2012-04-261-3/+3
| | | | | | | |
* | | | | | | | fix number_to_human docs [ci skip]Vijay Dev2012-04-261-2/+2
|/ / / / / / /
* | | | | | | Fix the buildYehuda Katz2012-04-251-1/+2
| | | | | | |
* | | | | | | Allow loading external route files from the routerJose and Yehuda2012-04-252-0/+18
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This feature enables the ability to load an external routes file from the router via: draw :filename External routes files go in +config/routes+. This feature works in both engines and applications.
* | | | | | Merge branch 'master' of github.com:lifo/docrailsVijay Dev2012-04-252-1/+4
|\ \ \ \ \ \
| * | | | | | Missed checked in Form Helper exampleAlexey Vakhov2012-04-241-1/+1
| | | | | | |
| * | | | | | Add distance_of_time_in_words example for secondsAlexey Vakhov2012-04-221-0/+3
| | |_|_|/ / | |/| | | |
* | | | | | Merge pull request #5980 from gazay/valid_ipsJeremy Kemper2012-04-252-42/+182
|\ \ \ \ \ \ | | | | | | | | | | | | | | Remote ip logic and validation. IPv6 support.
| * | | | | | Valid ips v4 and v6. Right logic for working with X-FORWARDED-FOR header and ↵Alexey Gaziev2012-04-252-42/+182
| |/ / / / / | | | | | | | | | | | | | | | | | | tests.
* | | | | | Remove unnecessary empty line José Valim2012-04-251-1/+0
| | | | | |
* | | | | | Remove default match without specified methodJose and Yehuda2012-04-2440-343/+353
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 00:12:51 +0000