| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
rails view directory
CVE-2016-0752
|
| |
|
|\
| |
| | |
wrapping i18n missing keys made optional
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`I18n.translate` helper will wrap the missing translation keys
in a <span> tag only if `debug_missing_translation` configuration has
a truthy value. Default value is `true`. For example in `application.rb`:
# in order to turn off missing key wrapping
config.action_view.debug_missing_translation = false
|
| |
| |
| |
| | |
:tada: :beers:
|
|\ \
| |/
|/| |
Prevent ActionController::Parameters in url_for
|
| | |
|
|\ \
| | |
| | |
| | | |
Update CHANGELOG.md for readability
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/
|/|
| |
| |
| |
| | |
Introduced in e56c63542780fe2fb804636a875f95cae08ab3f4, `CacheHelper#fragment_cache_key` is a duplicate of `ActionController::Caching::Fragments#fragment_cache_key`.
We now require the view to provide this method on its own (as with `view_cache_dependencies`); `ActionController::Caching::Fragments` exports its version as a `helper_method`.
|
| |
| |
| |
| |
| |
| | |
According to pr #22443 in the guides there's always a dollar sign before every command, so why is in the main README a `$` and in every submodule a `%`?
Just eye candy..
|
|\ \
| | |
| | | |
In url_for, never append ? when the query string is empty anyway.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It used to behave like this:
url_for(controller: 'x', action: 'y', q: {})
# -> "/x/y?"
We previously avoided empty query strings in most cases by removing
nil values, then checking whether params was empty. But as you can
see above, even non-empty params can yield an empty query string. So
I changed the code to just directly check whether the query string
ended up empty.
(To make everything more consistent, the "removing nil values"
functionality should probably move to ActionPack's Hash#to_query, the
place where empty hashes and arrays get removed. However, this would
change a lot more behavior.)
|
|\ \ \
| | | |
| | | | |
Fix improper value types used to instantiate a Template in AV::NullResol...
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
While trying to provide a reproducible test for #17008 I stumbled on
this one. Seems to be quite an old piece of code, but its definitely
useful in situations like the reproducible test cases like the one
above.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Erroneously removed in 58910dc7.
The stubbing was a regression test to ensure `time_zone_select` wasn't implemented with
`grep`. Rename the test and add a comment to make the intent clearer.
|
| | | |
| | | |
| | | |
| | | | |
We never touch the index, so don't bother.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When calling `test_time_zone_select_with_priority_zones_as_regexp` it would
define `=~` on the fake zones, but it would never be cleaned up because of
the zone cache.
Nuke it so `test_time_zone_select_with_priority_zones_as_regexp_using_grep_finds_no_zones`
accidentally find any zones because of `=~` being implemented.
|
|\ \ \ \
| | | | |
| | | | | |
Removed Mocha from Action View
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \ |
|
| | |_|/ /
| |/| | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
[ci skip] Fix CHANGELOG.md format from list to italic.
|
| | | | | | |
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | | |
This commit fixes the bug convering `false` to `locals[as]` when
`options[:object]` is `false` (close #22260).
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.
[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Now both `javascript_include_tag` and `stylesheet_tag` can accept `host` option
to provide custom host for the asset
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
|
| | | | | |
|
|/ / / / |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
{day: params[:day].to_i, month: params[:month].to_id}
Adds in test test_date_select_with_selected_in_hash and change log
fixes typo in CHANGELOG
|
|\ \ \ \
| | | | |
| | | | | |
Fix a faulty form_for test
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Stumbled upon this one while trying to deprecate the String/Symbol
passing to `form_for`.
This test passed on an accident, because the signature of `form_for`
currently accepts 2 positional arguments and a block. Calling it with
the wrong number of arguments caused:
```ruby
(byebug) form_for(:post, @post, html: { id: 'create-post' })
*** ArgumentError Exception: wrong number of arguments (3 for 1..2)
```
This made the test pass, because it was still an `ArgumentError`. :-)
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
It's already represented in the key name. Demonstrate with a test.
Also test that the default isn't output.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When `require 'active_support/rails'`, 'active_support/deprecation'
is automatically loaded.
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
Follow DRY principle and remove duplication
|
| | | | | |
|
|/ / / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
|
|\ \ \ \
| | | | |
| | | | | |
Fix usage of word alternatively in docs [ci skip]
|