| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
Make Resolver#find_all_anywhere equivalent to #find_all
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, when using `render file:`, it was possible to render files
not only at an absolute path or relative to the current directory, but
relative to ANY view paths. This was probably done for absolutely
maximum compatibility when addressing CVE-2016-0752, but I think is
unlikely to be used in practice.
Tihs commit removes the ability to `render file:` with a path relative
to a non-fallback view path.
Make FallbackResolver.new private
To ensure nobody is making FallbackResolvers other than "/" and "".
Make reject_files_external_... no-op for fallbacks
Because there are only two values used for path: "" and "/", and
File.join("", "") == File.join("/", "") == "/", this method was only
testing that the absolute paths started at "/" (which of course all do).
This commit doesn't change any behaviour, but it makes it explicit that
the FallbackFileSystemResolver works this way.
Remove outside_app_allowed argument
Deprecate find_all_anywhere
This is now equivalent to find_all
Remove outside_app argument
Deprecate find_file for find
Both LookupContext#find_file and PathSet#find_file are now equivalent to
their respective #find methods.
|
| |
| |
| |
| | |
in #35826
|
|/ |
|
| |
|
| |
|
| |
|
|\
| |
| | |
Deprecate render layout with an absolute path
|
| |
| |
| |
| |
| |
| |
| | |
This has similar problems to render file:.
I've never seen this used, and believe it's a relic from when all
templates could be rendered from an absolute path.
|
| |
| |
| |
| |
| |
| |
| | |
* add leading `#` before `=>` since hash rocket is valid Ruby code
* add backticks
* remove trailing spaces
* and more
|
|\ \
| |/
|/| |
RFC: Introduce Template::File
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The previous behaviour of render file: was essentially the same as
render template:, except that templates can be specified as an absolute
path on the filesystem.
This makes sense for historic reasons, but now render file: is almost
exclusively used to render raw files (not .erb) like public/404.html. In
addition to complicating the code in template/resolver.rb, I think the
current behaviour is surprising to developers.
This commit deprecates the existing "lookup a template from anywhere"
behaviour and replaces it with "render this file exactly as it is on
disk". Handlers will no longer be used (it will render the same as if
the :raw handler was used), but formats (.html, .xml, etc) will still be
detected (and will default to :plain).
The existing render file: behaviour was the path through which Rails
apps were vulnerable in the recent CVE-2019-5418. Although the
vulnerability has been patched in a fully backwards-compatible way, I
think it's a strong hint that we should drop the existing
previously-vulnerable behaviour if it isn't a benefit to developers.
|
| | |
|
|\ \
| |/
|/|
| |
| | |
erose/better-error-reporting-for-syntax-errors-in-templates
Display a more helpful error message when an ERB template has a Ruby syntax error.
|
| | |
|
|\ \
| | |
| | | |
Aligned the order of the arguments of render_template and render_with_layout
|
| | | |
|
|\ \ \
| | | |
| | | | |
Bump RuboCop to 0.66.0
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
### Summary
RuboCop 0.66.0 has been released.
https://github.com/rubocop-hq/rubocop/releases/tag/v0.66.0
And rubocop-0-66 channel is available in Code Climate.
https://github.com/codeclimate/codeclimate/releases/tag/v0.84.0
RuboCop 0.66.0 fixed the false negative to indentation for
modifier. And this PR applied the auto-correction fixed by it.
https://github.com/rubocop-hq/rubocop/pull/6792
In addtion, this PR is also updating the following 4 gems that
RuboCop depends on.
- Update Psych gem ... https://github.com/rubocop-hq/rubocop/pull/6766
- Update Parser gem to 2.6.2.0 that supports Ruby 2.5.5 and 2.6.2 ...
https://github.com/whitequark/parser/blob/v2.6.2.0/CHANGELOG.md#changelog
- Remove powerpack gem ... https://github.com/rubocop-hq/rubocop/pull/6806
- Update unicode-display_width gem ... https://github.com/rubocop-hq/rubocop/pull/6813
|
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Custom glob patterns tie the implementation (Using Dir.glob) to the API
we provide.
It also doesn't really work. extract_handler_and_format_and_variant
expects the handler, format, and variant to be at the end of the
template path, and in the same order as they are in the default pattern.
This deprecates specifying a custom path for FileSystemResolver and
removes the pattern argument of OptimizedFileSystemResolver#initialize,
which does not work with a custom pattern.
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many tests were using `render file:`, but were only testing the
behaviour of `render template:` (file: just allows more paths/ is less
secure then template:).
The reason for so many `render file:` is probably that they were the old
default.
This commit replaces `render file:` with `render template:` anywhere the
test wasn't specifically interested in using `render file:`.
|
|\ \
| | |
| | | |
Validate types assigned to LookupContext#formats=
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is a developer quality of life improvement, to ensure that unknown
formats aren't assigned (which it would previously accept, but wouldn't
work 100% correctly due to caching).
|
| | |
| | |
| | |
| | |
| | | |
Having a format listed twice had no effect. This is mostly helpful to
avoid an extra format when assigning [:html, "*/*"]
|
| | |
| | |
| | |
| | |
| | | |
This also removes the mutation we were performing on the values being
passed in.
|
| | | |
|
|\ \ \
| | | |
| | | | |
Remove virtual_path from fallback templates
|
| |/ / |
|
|\ \ \
| |/ /
|/| | |
Raise exception when building invalid mime type
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows mime types in the form text/html, text/*, or */*
This required a few minor test/code changes where previously nil was
used as a mime string.
|
| | |
| | |
| | |
| | | |
See discussion in #32287
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 48e44edfd0a8a7a29aa8fad39638ac0ee5243f42.
See discussion in #32287
For HTML content in `ajax:success` handlers, `event.detail[0]` should
be an `HTMLDocument` instance.
|
| | |
| | |
| | |
| | | |
Here is only place where we use `mb_chars` internally.
|
|\ \ \
| | | |
| | | | |
Make Template::Resolver always cache
|
| | | | |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All actionview caches are already cleared at the start of each request
(when Resolver.caching is false) by PerExecutionDigestCacheExpiry, which
calls LookupContext::DetailsKey.clear (which clears all caches).
Because caches are always cleared per-request in dev, we shouldn't need
this extra logic to compare mtimes and conditionally reload templates.
This should make templates slightly faster in development (particularly
multiple renders of the same template)
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There was a recent change by @tenderlove to Action view which introduced
`ActionView::Base#run` [1].
We ran into an issue with our application because one of the core
concepts in our domain model is a `Run` which is exposed in most of our
views as a helper method, which now conflicts with this new method.
Although this is a public method it is not really meant to be part of
the public API.
In order to discourage public use of this method and to reduce the
chances of this method conflicting with helper methods we can prefix
this method with an underscore, renaming this method to `_run`.
[1] https://github.com/rails/rails/commit/c740ebdaf5
|
|\ \
| | |
| | |
| | | |
v6.0.0.beta3 release
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update RAILS_VERSION
* Bundle
* rake update_versions
* rake changelog:header
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Sample example ->
Before:
prathamesh@Prathameshs-MacBook-Pro-2 blog *$ rails server thin
DEPRECATION WARNING: Passing the Rack server name as a regular argument is deprecated
and will be removed in the next Rails version. Please, use the -u
option instead.
After:
prathamesh@Prathameshs-MacBook-Pro-2 squish_app *$ rails server thin
DEPRECATION WARNING: Passing the Rack server name as a regular argument is deprecated and will be removed in the next Rails version. Please, use the -u option instead.
|
|\ \ \
| | | |
| | | | |
Ruby 2.7 warning: creating a Proc without a block
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As of [Revision 66772](
https://bugs.ruby-lang.org/projects/ruby-trunk/repository/trunk/revisions/66772)
`Proc.new` without giving a block emits `warning: tried to create Proc object without a block`.
This commit fixes cases where Rails test suit tickles this warning.
See CI logs:
https://travis-ci.org/rails/rails/jobs/487205819#L1161-L1190
https://travis-ci.org/rails/rails/jobs/487205821#L1154-1159
https://travis-ci.org/rails/rails/jobs/487205821#L1160-L1169
https://travis-ci.org/rails/rails/jobs/487205821#L1189
https://travis-ci.org/rails/rails/jobs/487254404#L1307-L1416
https://travis-ci.org/rails/rails/jobs/487254405#L1174-L1191
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
ashishprajapati/ashishprajapati/important_textual_improvements
Added missing guide links in documentation and minor wording fix
|