| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option
to provide custom host for the asset
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
{day: params[:day].to_i, month: params[:month].to_id}
Adds in test test_date_select_with_selected_in_hash and change log
fixes typo in CHANGELOG
|
|\
| |
| | |
Fix a faulty form_for test
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Stumbled upon this one while trying to deprecate the String/Symbol
passing to `form_for`.
This test passed on an accident, because the signature of `form_for`
currently accepts 2 positional arguments and a block. Calling it with
the wrong number of arguments caused:
```ruby
(byebug) form_for(:post, @post, html: { id: 'create-post' })
*** ArgumentError Exception: wrong number of arguments (3 for 1..2)
```
This made the test pass, because it was still an `ArgumentError`. :-)
|
| |
| |
| |
| |
| |
| | |
It's already represented in the key name. Demonstrate with a test.
Also test that the default isn't output.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
When `require 'active_support/rails'`, 'active_support/deprecation'
is automatically loaded.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Fix - Prevent adding of `data-disable-with` option twice in html.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Earlier
when `data-disable-with` option is added direclty as in options then
```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." data-disable-with="Processing..." />
```
Now
when `data-disable-with` option is added direclty as in options then
```ruby
submit_tag("Save", { "data-disable-with" => "Processing..." })
# => <input type="submit" name="commit" value="Save" data-disable-with="Processing..." />
```
|
| | | |
|
|\ \ \
| | | |
| | | | |
Added test cases where collection partial cached & rendered with different keys
|
| | | |
| | | |
| | | |
| | | | |
rendered for different key
|
|\ \ \ \
| | | | |
| | | | | |
Handle nested fields_for by adding indexes to record_name
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In case of the form with nested fields_for, i. e.
<%= form_for :foos, url: root_path do |f| %>
<% @foos.each do |foo| %>
<%= f.fields_for 'foo[]', foo do |f2| %>
<%= f2.text_field :id %>
<% foo.bars.each do |bar| %>
<%= f2.fields_for 'bar[]', bar do |b| %>
<%= b.text_field :id %>
<% end %>
<% end %>
<% end %>
<% end %>
<%= f.submit %>
<% end %>
rails doesn't add index for 'foo' in the inner fields_for block, so field names
in the outer fields_for looks like "foos[foo][#{foo_index}][id]" and in the
inner "foos[foo[]][bar][#{bar_index}][id]". Submitting of such form leads to an
error like:
>ActionController::BadRequest (Invalid request parameters: expected Array
>(got Rack::QueryParser::Params) for param `foo'):
This commit adds indexes for the foos in the inner blocks, so field names
become "foos[foo][#{foo_index}][bar][#{bar_index}][id]" and submitting of such
form works fine as expected.
Fixes #15332
|
| | | | |
| | | | |
| | | | |
| | | | | |
as string
|
| |/ / /
|/| | |
| | | |
| | | |
| | | | |
This will avoid a error be raised when the only input on the form is the
`collection_radio_buttons`.
|
| |_|/
|/| | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
This can still be added to the middleware stack, but is really not
necessary. I'll follow up with a commit that deprecates the constant
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
kirs/feature/translation-helper-include-interpolation
Include interpolation values to translation_missing helper
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Due to e25fdad2f147e6f368958f9a06a5ac9d10288408, we are correctly using
path escaping for email addresses. This commit fixes the tests to
expect path escaping.
|
| |_|/
|/| | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `url_for` methods in `actionpack` and `actionview`
now make a copy of the provided options
before generating polymorphic paths or URLs.
The bug in the previous behavior
is most noticeable in a case like:
url_options = [:new, :post, param: 'value']
if current_page?(url_options)
css_class = "active"
end
link_to "New Post", url_options, class: css_class
|
|/ |
|
|
|
|
|
|
|
|
|
|
| |
user passed `options[:delimited_regex]` if available. Changed `DELIMITED_REGEX` to `DEFAULT)DELIMITED_REGEX` to signify what it means.
- Added tests for number to delimited and number to currency in both actionview and activesupport.
Changes
Changes
|
| |
|
| |
|
|\
| |
| | |
make disable_with default in submit_tag
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prevents double submission by making disable_with the default.
Default disable_with option will only be applied if user has not
specified her/his own disable_with option, whether that is in the
`data-disable-with` string form or the
`:data => { :disable_with => "Saving..." }` hash form. disable_with
will default to the value attribute.
A configuration option was added to opt out of this functionality if
the user so desires.
`config.action_view.automatically_disable_submit_tag = false`
|
|/
|
|
|
|
|
|
| |
Oops, I broke the build :(
Fixes the method signature of `assign_parameters` which now takes 6
arguments instead of 4. We likely will end up chaning the method
signature further so good to know this test is here.
|
|
|
|
|
|
|
|
|
|
| |
today the only option we have is "\n" and is hardcoded.
With this change you will be able to specify any break sequence ("\r\n" for example) as an option.
adding proper documentation for break_sequence in ActionView::Helpers::TextHelper.word_wrap
adding some more documentation for word_wrap custom break sequence and making sure we use new hash syntax
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the string version of the class reference is now deprecated when
referencing middleware. This should be written as a class not as a string.
Deprecation warning that this change fixes:
```
DEPRECATION WARNING: Passing strings or symbols to the middleware
builder is deprecated, please change
them to actual class references. For example:
"ActionDispatch::ShowExceptions" => ActionDispatch::ShowExceptions
```
|
|\
| |
| | |
Add wildcard template dependencies.
|
| | |
|
|/ |
|
|\
| |
| | |
Use digest cache in development.
|
| | |
|
| |
| |
| |
| |
| |
| | |
Avoid computing the same fragment digest many times when looping over templates.
The cache is cleared on every request so template changes are still picked up.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
|
|/
|
|
|
| |
ActionController::TestResponse was removed in d9fe10c and caused a test
failure on Action View as its test case still refers to it.
|