| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |\
| |
| | |
RFC: Introduce Template::File
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous behaviour of render file: was essentially the same as
render template:, except that templates can be specified as an absolute
path on the filesystem.
This makes sense for historic reasons, but now render file: is almost
exclusively used to render raw files (not .erb) like public/404.html. In
addition to complicating the code in template/resolver.rb, I think the
current behaviour is surprising to developers.
This commit deprecates the existing "lookup a template from anywhere"
behaviour and replaces it with "render this file exactly as it is on
disk". Handlers will no longer be used (it will render the same as if
the :raw handler was used), but formats (.html, .xml, etc) will still be
detected (and will default to :plain).
The existing render file: behaviour was the path through which Rails
apps were vulnerable in the recent CVE-2019-5418. Although the
vulnerability has been patched in a fully backwards-compatible way, I
think it's a strong hint that we should drop the existing
previously-vulnerable behaviour if it isn't a benefit to developers.
|
| | | |
|
| |/ |
|
| |
|
|
| |
`MissingRequestError` is no longer used since 1e2b0ce.
|
| | |
|
| |
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| | |
|
| |
|
|
|
|
| |
Regexp#match? should be considered to be part of the Ruby core library. We are
emulating it for < 2.4, but not having to require the extension is part of the
illusion of the emulation.
|
| | |
|
| |
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
| |
|
|
|
| |
Where appropriate, prefer the more concise Regexp#match?,
String#include?, String#start_with?, or String#end_with?
|
| |
|
|
|
|
|
| |
- Changed formatted_code_for to return array of logs to be tagged for each line
- Changed some render tests to match new behaviour of return
Fixes #22979
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you re-raise an ActionView::Template::Error, the #cause can change.
You can see this behaviour with [nack]. Currently, `web-console` doesn't
run the console in the proper binding in the case of errors in the
views, because when we follow the `#cause` of the exception it is an
[`EOFError`][EOFError].
This also affects [pow] as it runs on [nack].
[nack]: https://github.com/josh/nack
[pow]: http://pow.cx/
[EOFError]: https://github.com/josh/nack/blob/d523cc870c0a11dcf349388a15adfecba9314f97/lib/nack/server.rb#L108
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Missing partial folder/_partial instead of folder/partial.
Closes #13002.
|
| | |
|
| |
|
