aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | html_escape should escape single quotesSantiago Pastorino2012-08-029-31/+31
|/ | | | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb
* Bump to 3.2.8.rc1Santiago Pastorino2012-08-011-2/+2
|
* Revert "Deprecate link_to_function and button_to_function helpers"Rafael Mendonça França2012-08-013-28/+16
| | | | This reverts commit 9dc57fe9c4807fc0ad4b1590a931891d9faa3164.
* Revert "Deprecate `:mouseover` options for `image_tag` helper."Rafael Mendonça França2012-08-013-42/+10
| | | | | | | This reverts commit 1aff7725c7a04cde202cca906208560a55409e6a. Conflicts: actionpack/CHANGELOG.md
* Fix CHANGELOGSRafael Mendonça França2012-08-011-11/+22
|
* Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` ↵Rafael Mendonça França2012-08-017-187/+62
| | | | | | | | | | | option" Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers." This reverts commit fc092a9cba5fceec38358072e50e09250cf58840. This reverts commit e9051e20aeb2c666db06b6217954737665878db7. This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1. This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
* Add missing CHANGELOG entriesSantiago Pastorino2012-08-011-0/+5
| | | | [ci skip]
* adds a missing require from Active SupportXavier Noria2012-07-281-0/+1
| | | | This file uses mattr_accessor.
* updating release dateAaron Patterson2012-07-261-1/+1
|
* bumping to 3.2.7Aaron Patterson2012-07-261-1/+1
|
* updating the changelogAaron Patterson2012-07-261-0/+2
|
* * Do not convert digest auth strings to symbols. CVE-2012-3424Aaron Patterson2012-07-261-2/+2
|
* updating the versionAaron Patterson2012-07-231-2/+2
|
* updating changelogsAaron Patterson2012-07-231-0/+16
|
* Bump Journey requirements to 1.0.4Andrew White2012-07-231-1/+1
| | | | | There are some Action Pack tests for regressions from 3.1 that require a later version of Journey to pass so bump to the current version.
* Add support for optional root segments containing slashesAndrew White2012-07-172-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Optional segments with a root scope need to have the leading slash outside of the parentheses, otherwise the generated url will be empty. However if the route has non-optional elements then the leading slash needs to remain inside the parentheses otherwise the generated url will have two leading slashes, e.g: Blog::Application.routes.draw do get '/(:category)', :to => 'posts#index', :as => :root get '/(:category)/author/:name', :to => 'posts#author', :as => :author end $ rake routes root GET /(:category)(.:format) posts#index author GET (/:category)/author/:name(.:format) posts#author This change adds support for optional segments that contain a slash, allowing support for urls like /page/2 for the root path, e.g: Blog::Application.routes.draw do get '/(page/:page)', :to => 'posts#index', :as => :root end $ rake routes root GET /(page/:page)(.:format) posts#index Fixes #7073 (cherry picked from commit d8745decaf59aad32aa2f09abdba99b8d0e48b31)
* Fixed bug creating invalid HTML in select optionsRusty Geldmacher2012-07-102-5/+18
| | | | | | | | | When a select tag is created for a field with errors, and that select tag has :prompt or :include_blank options, then the inserted first option will errantly have a <div class="field_with_errors"> wrapping it. See https://github.com/rails/rails/issues/7017
* Show in log correct wrapped keysDmitry Vorotilin2012-07-052-1/+10
|
* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered ↵Mark J. Titorenko2012-07-021-90/+159
| | | | | | | | | | instead of line continuations. While I'm at it, wrap long comment lines consistently. Conflicts: actionpack/lib/action_view/helpers/number_helper.rb There was just one conflict related to the addition of the :format option to number_to_percentage.
* Merge pull request #6649 from route/logger_in_metal_3_2Carlos Antonio da Silva2012-06-182-2/+21
|\ | | | | Logger in metal backport for 3.2
| * Added test for case when view doesn't have logger method when using ↵Dmitry Vorotilin2012-06-161-0/+17
| | | | | | | | ActionController::Metal controller.
| * ActionController::Metal doesn't have logger method, check it and then delegateDmitry Vorotilin2012-06-161-2/+4
| |
* | It should also include text/css => Build FixArun Agrawal2012-06-161-1/+1
| |
* | Merge pull request #6752 from steveklabnik/fix_5680Rafael Mendonça França2012-06-163-4/+21
|/ | | | Respect absolute paths in compute_source_path.
* adding a test for #6459Aaron Patterson2012-06-141-0/+10
|
* ActionController::Caching depends on RackDelegation and ↵Santiago Pastorino2012-06-132-0/+35
| | | | AbstractController::Callbacks
* updating changelogsAaron Patterson2012-06-121-1/+3
|
* bumping version numbersAaron Patterson2012-06-111-1/+1
|
* updating changelogs with security fixesAaron Patterson2012-06-111-0/+2
|
* Array parameters should not contain nil values.Aaron Patterson2012-06-112-2/+8
|
* Duplicate tests removed.Arun Agrawal2012-06-091-16/+0
|
* Fix railties test suitePiotr Sarnacki2012-06-081-2/+1
| | | | | | Apparently asset_environment should not be invoked if it's not needed. This fixes broken build by getting back to the code more similar to the version changed here: 5b0a891
* Fix asset tags for files with more than one dotPiotr Sarnacki2012-06-074-1/+9
| | | | | | | | | | | | | | | After the fix done in 39f9f02a, there are cases that will not work correctly. If you have file with "2 extensions", like foo.min.js and you reference the file without extension, like: javascript_include_tag "foo.min" it will fail because sprockets finds foo.min.js with foo.min argument. This commit fixes this case and will get the right file even when referrencing it without extension. (closes #6598)
* Revert "fix the Flash middleware loading the session on every request (very ↵Rafael Mendonça França2012-06-052-3/+7
| | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request).
* Add test to flash sweep after two redirectsRafael Mendonça França2012-06-051-0/+20
| | | | | This test is needed to avoid regressions in the way that flash works now (swept in every request).
* Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` optionCarlos Galdino2012-06-055-21/+127
| | | | | | | | | | | | This deprecation applies to: `button_to` `button_tag` `image_submit_tag` `link_to` `submit_tag` As :confirm is an UI specific option is better to use the data attributes, teaching users about unobtrusive JavaScript and how Rails works with it.
* Allow to use mounted helpers in ActionView::TestCasePiotr Sarnacki2012-06-014-1/+24
| | | | | Similarly to 6525002, this allows to use routes helpers for mounted helpers, but this time in ActionView::TestCase
* Merge pull request #6588 from nbibler/polymorphic_to_modelJosé Valim2012-06-012-2/+34
|\ | | | | Correct the use of to_model in polymorphic routing
| * Use to_model delegates for polymorphic route generationNathaniel Bibler2012-06-012-2/+34
| |
* | Add release date of 3.2.5 on the CHANGELOGRafael Mendonça França2012-06-011-0/+7
| |
* | Include routes.mounted_helpers into integration testsPiotr Sarnacki2012-06-013-2/+28
|/ | | | | | | | | | | | | | | In integration tests, you might want to use helpers from engines that you mounted in your application. It's not hard to add it by yourself, but it's unneeded boilerplate. mounted_helpers are now included by default. That means that given engine mounted like: mount Foo::Engine => "/foo", :as => "foo" you will be able to use paths from this engine in tests this way: foo.root_path #=> "/foo" (closes #6573)
* bumping to 3.2.5Aaron Patterson2012-05-311-1/+1
|
* bumping to 3.2.4Aaron Patterson2012-05-311-1/+1
|
* adding security notifications to CHANGELOGsAaron Patterson2012-05-311-0/+3
|
* Merge branch '3-2-stable-sec' into 3-2-relAaron Patterson2012-05-312-1/+28
|\ | | | | | | | | | | * 3-2-stable-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
| * Strip [nil] from parameters hash.Aaron Patterson2012-05-302-1/+28
| | | | | | | | | | | | Thanks to Ben Murphy for reporting this! CVE-2012-2660
* | updating changelogsAaron Patterson2012-05-311-1/+11
|/
* bumping to 3.2.4.rc1Aaron Patterson2012-05-281-2/+2
|
* remove unnecessary memcache equire in ActionDispatch::Session::CacheStoreBrian Durand2012-05-261-1/+0
|
* Assets: don't add extension if other given and file existsSergey Nartimov2012-05-213-2/+10
| | | | | | | | | | | | | | We should lookup if asset without appended extension exists. When sprockets are disabled the asset tag helpers incorporate this logic. When sprockets are enabled we should have the same logic. For example, we have style.ext file in app/assets/stylesheets and we use stylesheet_link_tag in the layout. In this case we should have /assets/style.ext instead of /assets/style.ext.css in the output. Closes #6310