| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |/ |
|
| |
| |
| |
| | |
we call them only in the tests
|
|/
|
|
|
|
|
|
|
| |
In #26672 we blocked use of Ruby keywords as identifiers for view
locals but inadvertently broke the use of instance variable names
as identifiers. Whilst not explicitly documented this behavior has
been around for a long time and there's no need to break it now.
Fixes #27480.
|
|
|
|
| |
because Struct.new returns a Class, we just can give it a name and use it directly without inheriting from it
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
| |
|
| |
|
|
|
|
| |
Actually, private methods cannot be called with `self.`, so it's not just redundant, it's a bad habit in Ruby
|
|\
| |
| | |
Add "check_parameters" option to "current_page?"
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Example:
For "http://www.example.com/shop/checkout?order=desc&page=1"
current_page?('http://www.example.com/shop/checkout')
=> true
current_page?(
'http://www.example.com/shop/checkout',
check_parameters: true
)
=> false
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```
% git grep -n permited
actionview/test/template/url_helper_test.rb:238: def test_button_to_with_permited_strong_params
actionview/test/template/url_helper_test.rb:245: def test_button_to_with_unpermited_strong_params
activerecord/test/cases/relations_test.rb:1620: def test_update_on_relation_passing_active_record_object_is_not_permited
```
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When you ask to generate multiple nested inputs using:
field_for('comments[]', Comment.new) do |c|
c.text_field :body
Rails should generated the names like `post[comments][][body]`.
To make sure we don't have regression the fake models now use the same
implementation of `#to_param` as `ActiveRecord::Base`
Fixes #26942
|
|/
|
|
|
|
| |
When using the hash form of the data option, prevent duplicate
data-disable-with attributes from appearing in the submit tag due to
both string and symbol forms of the hash key being present.
|
|\
| |
| | |
do not mutate `object_name` of class in `fields_for`
|
| |
| |
| |
| |
| |
| | |
Since it affects the entire form, should not mutate `object_name` of class.
Fixes #26931
|
|/
|
|
|
|
| |
Some methods were added to public API in
5b14129d8d4ad302b4e11df6bd5c7891b75f393c and they should be not part of
the public API.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Ensure the support works like form_with.
|
|
|
|
|
|
|
|
| |
Has the handy effect of making the initial examples in the form_with
docs work too.
Had to do some finagling such that form_with's without a scope didn't
wrap their names in braces ala `[title]`.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes that the following ERB template would result in invalid HTML
output:
<%= form_with model: Post.new, local: true do |form| %>
<% end %>
Specifically, the resulting form tag would have a spurious `remote`
attribute:
<form remote="false" ...>
|
|
|
|
|
|
|
|
|
|
|
| |
Continuing 67f81cc where we decided not to output ids
by default in the new form helpers.
Went with @dhh's suggestion of just requiring ids on
fields being labelled:
https://github.com/rails/rails/issues/25197#issuecomment-231797117
Seems okay enough.
|
| |
|
|
|
|
| |
Remove `block` keyword from reserved method names
|
|\
| |
| | |
stop using removed `render :text`
|
| |
| |
| |
| | |
Follow up to 79a5ea9eadb4d43b62afacedc0706cbe88c54496
|
|/
|
|
| |
Now Text class is only used to render text mime type pages
|
|
|
|
|
| |
`Gem.win_platform?` check if it is Windows more accurately.
Ref: https://github.com/ruby/ruby/blob/ruby_2_2/lib/rubygems.rb#L945..L952
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`depend_on` message format is `"No such file to load -- %s.rb"`.
But `require_dependency` message is missing `.rb` suffix.
```
% git grep -n 'No such file to load'
actionview/test/actionpack/abstract/helper_test.rb:112: assert_equal "No such file to load -- very_invalid_file_name.rb", e.message
activesupport/lib/active_support/dependencies.rb:245: def require_dependency(file_name, message = "No such file to load -- %s.rb")
activesupport/lib/active_support/dependencies.rb:333: def depend_on(file_name, message = "No such file to load -- %s.rb")
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add form_with to unify form_tag/form_for.
`form_tag` and `form_for` serve very similar use cases. This
PR unifies that usage such that `form_with` can output just
the opening form tag akin to `form_tag` and can just work with
a url, for instance.
`form_with` by default doesn't attach class or id to the form —
removing them on fields is moved out to a default revisiting PR later.
Ported over old tests where applicable to ensure maximum coverage,
but left some commented out because they don't yet apply (e.g.
`fields_for` later being replaced by `fields`).
[ Kasper Timm Hansen & Marek Kirejczyk ]
* Add fields DSL method.
Strips `_for` and requires models passed as a keyword argument.
* Document form_with.
Graft the `form_for` docs: rewrite, revise and expand where
needed.
Also test that a `format` isn't used when an explicit URL
is passed.
* Enable remote by default.
Brand new world! Forms submit via XHRs by default, woah.
* Invert `include_id` to `skip_id`.
`skip_id: true` reads better than `include_id: false` (since the
`include_id` default is true).
* Invert `remote` to `local`.
Since forms are remote by default, the option name makes more sense
as `local: true`.
* Invert `enforce_utf8` to `skip_enforcing_utf8`.
* Refer to the brand spanking new rails-ujs.
Soon to be bundled in Rails proper, so jquery-ujs is out.
* Make `form_with` a bit more composed.
The flow is still not quite what it should be because the legacy
methods and these new ones pull at opposite ends.
Lots of options have been renamed, so now the new pieces don't fit
in so well.
I'll try to work on this in later commits after this PR (it's likely
there's a much better way to structure this whole part of Action View).
|
| |
|
|
|
|
|
|
| |
Regexp#match? should be considered to be part of the Ruby core library. We are
emulating it for < 2.4, but not having to require the extension is part of the
illusion of the emulation.
|
|\
| |
| |
| | |
Convert ActionController::Parameters to a hash in button_to
|
|/
|
|
|
|
|
|
|
|
|
| |
Before, an error would be raised saying that the method `to_param` was
undefined on the instance of `ActionController::Parameters`. Now, we are
checking to see if the `params` object being passed to `button_to`
responds to the `permitted?` method, and if so, we will call `to_h` on it. If it
does not respond to `permitted?`, then the `params` will remain
unchanged.
[Jon Moss, Rafael Mendonça França]
|
|\
| |
| | |
Undeprecate plural positional argument
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
```ruby
pluralize people.count, 'person', 'people'
```
reads more naturally than
```ruby
pluralize people.count, 'person', plural: 'people'
```
so let's not deprecate it.
We could label both, but that's a mouthful:
```ruby
pluralize people.count, singular: 'person', plural: 'people'
```
(The `plural:` kwarg shipped in 5.0.0, so we're keeping it.)
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this lets you pass ruby keywords to templates:
<%= render 'example', class: "cool" %>
<%= render 'example', "spaces are" => "a-ok" %>
<%= render 'example', Foo: "bar" %>
Previously you'd see confusing syntax errors like this:
SyntaxError (.../_example.html.erb:1: syntax error, unexpected '='
Now you can reference invalid identifiers through local_assigns.
If you try to use an invalid keyword (e.g. class) in your template, you
get a syntax error on the line where you use it.
|
|\
| |
| | |
improve error message when include assertions fail
|
| |
| |
| |
| |
| |
| | |
assert [1, 3].includes?(2) fails with unhelpful "Asserting failed" message
assert_includes [1, 3], 2 fails with "Expected [1, 3] to include 2" which makes it easier to debug and more obvious what went wrong
|
|/
|
|
|
|
|
|
|
|
|
| |
Commit d270da569 changed the `form_for` API from `:object_name` to `:as`.
It also change the related test body, but not its title, which is changed here.
See https://github.com/rails/rails/commit/d270da569efeabd7cd563028816452236713aa9f#diff-52455f1e82acf12551bc5e7e26b82008
I realize this is a small commit but I was having trouble understanding what
the test was about since there is no "object_name" in the code.
I imagine the same may happen to other developers, therefore this commit.
|
|
|
|
|
|
| |
All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772.
But comments was still kept absolute position. This commit aligns
comments with method definitions for consistency.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
|
|
|
|
|
| |
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))`
CVE-2016-6316
|