| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| | |
|
| |
| |
| |
| |
| |
| | |
rails view directory
CVE-2016-0752
|
| |
| |
| |
| |
| |
| | |
of html_safe in favour of raw() in AV helpers.
Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A Set can't be implicitly converted into an Array:
```
irb(main):012:0> formats = [ :rss ]
=> [:rss]
irb(main):013:0> formats &= SET.symbols
TypeError: no implicit conversion of Set into Array
from (irb):13:in `&'
from (irb):13
from /Users/kasperhansen/.rbenv/versions/2.2.3/bin/irb:11:in `<main>'
```
Besides `Mime::SET.symbols` returns an Array, so we're closer to that.
|
| |
| |
| |
| | |
Match `Mime::SET.symbols`.
|
| |
| |
| |
| | |
If they aren't symbols, then they aren't likely to be in the set anyway.
|
| |
| |
| |
| | |
We'll be using this to map over to Action Dispatch's Mime::Set.
|
| |
| |
| |
| |
| | |
The template types is a private abstraction to fill in basic blanks from Action Dispatch's
mime types. As such we can modify the data structure ourselves.
|
| |
| |
| |
| |
| |
| | |
Spares a to_sym call by aliasing to_sym to ref.
Then the delegate felt meager for one method; ditch and define method ourselves.
|
| |
| |
| |
| |
| |
| |
| | |
The @symbol has already been converted to a symbol in initialize, so no need to call to_sym
when comparing it.
Ditch early return for a simple unless statement.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We delegate to_sym to the internal symbol, which we've already called to_sym on in
initialize, so we don't need to do that.
We also know to_sym will never return a falsy value, so we'll never hit to_s.
Just return the symbolized symbol.
|
|\ \
| | |
| | |
| | | |
Use ActiveSupport::SafeBuffer when flushing content_for
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, when content_for is flushed, the content
was replaced directly by a new value in
ActionView::OutputFlow#set. The problem is this new
value passed to the method may not be an instance of
ActiveSupport::SafeBuffer.
This change forces the value to be set to a new
instance of ActiveSupport::SafeBuffer.
|
|\ \ \
| | | |
| | | | |
Pass the current locale to Inflector from the pluralize text helper.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The pluralize text helper uses the Inflector to determine the plural
form. The inflector accepts an optional parameter for the locale,
so we can pass it from the text helper to have locale-aware pluralizations
on the text helpers level.
The pluralize text helper now only accepts 2 positional arguments:
`count` and `singular`. Passing `plural` as a positional argument
is now deprecated.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | | |
but rather very often used inside helpers to directly return a String value.
[ci skip]
|
|\ \ \ \
| | | | |
| | | | | |
Per-form CSRF tokens
|
| | | | | |
|
| | | | | |
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes the case when you try to render an html you know safe and the
file is named something.html. With this commit the content of the html
won't be escaped anymore because AV won't use Raw handler and choose
Html handler instead.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
stevenspiel/titleize_model_name_for_default_submit_button_value
titleize the model name on default submit buttons
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
the radios
Fixes #22773
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes #22827
ActionView::TestCase::TestController#parameters should return an
instance of ActionController::Parameters rather than a hash. This
enables helper methods to use the correct interface.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Add support for Petabyte and Exabyte in number to human size
|
| |/ / / / |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I've worked on a few applications that have gone through the
internationalization process and had issues because they were using
`number_to_currency`. The minute a user is allowed to change their
locale, they can change the price displayed on a page from 10 US dollars
to 10 Mexican Pesos, which is far from the same amount of money.
Unlike other helpers that rely on i18n, `number_to_currency` does not
produce equivalent results when the locale is changed.
As I've explained this to a few groups of developers now, I thought it
might make for a good caveat in the docs.
|
|/ / / / |
|
| |_|/
|/| |
| | |
| | | |
`div_for` removed in 01e94ef
|
|\ \ \
| | | |
| | | | |
wrapping i18n missing keys made optional
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`I18n.translate` helper will wrap the missing translation keys
in a <span> tag only if `debug_missing_translation` configuration has
a truthy value. Default value is `true`. For example in `application.rb`:
# in order to turn off missing key wrapping
config.action_view.debug_missing_translation = false
|
|/ / /
| | |
| | |
| | | |
:tada: :beers:
|
| | |
| | |
| | |
| | |
| | |
| | | |
Introduced in e56c63542780fe2fb804636a875f95cae08ab3f4, `CacheHelper#fragment_cache_key` is a duplicate of `ActionController::Caching::Fragments#fragment_cache_key`.
We now require the view to provide this method on its own (as with `view_cache_dependencies`); `ActionController::Caching::Fragments` exports its version as a `helper_method`.
|
|\ \ \
| | | |
| | | | |
Fix improper value types used to instantiate a Template in AV::NullResol...
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
While trying to provide a reproducible test for #17008 I stumbled on
this one. Seems to be quite an old piece of code, but its definitely
useful in situations like the reproducible test cases like the one
above.
|
| | | | |
|
|\ \ \ \ |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This commit fixes the bug convering `false` to `locals[as]` when
`options[:object]` is `false` (close #22260).
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.
[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option
to provide custom host for the asset
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
|
|/ / / / |
|