aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support
Commit message (Collapse)AuthorAgeFilesLines
* Mute log info coming from the local_cache strategyPratik Naik2009-10-093-5/+14
|
* Ensure MessageVerifier raises appropriate exception on tampered dataPratik Naik2009-10-091-1/+1
|
* Switch to on-by-default XSS escaping for rails.Michael Koziarski2009-10-082-1/+45
| | | | | | | | | | | | This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) * New ERB implementation based on erubis which uses a SafeBuffer instead of a String Hat tip to Django for the inspiration.
* MessageVerifier#verify raises InvalidSignature if the signature is blankJeffrey Hardy2009-10-051-0/+2
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Fix the broken railties isolation testsCarl Lerche2009-09-291-4/+9
|
* Escaping symbol passed into Memoizable's flush_cache for query methods to ↵Jay Pignata2009-09-281-2/+2
| | | | | | | | allow them to be cleared Signed-off-by: Michael Koziarski <michael@koziarski.com> [#3138 state:committed]
* Use OpenSSL::Digest.const(...).new instead of OpenSSL::Digest::Digest.new(...)Jeremy Kemper2009-09-241-1/+1
|
* Explicitly require String#bytesize extensionJeremy Kemper2009-09-241-0/+2
|
* Check if the lib is in the load path and requirable before attempting to ↵Joshua Peek2009-09-241-9/+12
| | | | activate the gem version
* Skip addition to load path if an externally-provided lib is already in ↵Jeremy Kemper2009-09-241-2/+5
| | | | place. Just to keep the path shorter.
* Restore split between require-time and runtime load path mungery. Simplifies ↵Jeremy Kemper2009-09-2410-33/+15
| | | | vendor requires.
* Convert the other vendored libs to avoid pulling in old gems. Works even if ↵Jeremy Kemper2009-09-245-31/+16
| | | | rubygems isn't loaded.
* Avoid inadvertently loading an old tzinfo gemJeremy Kemper2009-09-242-9/+5
|
* Fixes Sam Ruby tests suite.José Valim2009-09-211-46/+109
| | | | Signed-off-by: Yehuda Katz <wycats@gmail.com>
* Instrumenting cache stores.José Valim2009-09-204-78/+84
|
* Use NewCallbacks on ActionDispatch::Callbacks.José Valim2009-09-201-2/+2
|
* Added Orchestra.José Valim2009-09-202-0/+104
|
* making nokogiri to hash less clever, more fast O_oAaron Patterson2009-09-171-20/+12
| | | | | | [#2243 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Allow Nokogiri XmlMini backend to process cdata elementsDeveloper2009-09-171-1/+1
| | | | | | [#3219 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Remove premature active_support/miniJeremy Kemper2009-09-141-9/+0
|
* Forgot to update load path dir for vendored memcacheJoshua Peek2009-09-142-2/+1
|
* Bump vendored memcache to 1.7.5Joshua Peek2009-09-131-93/+292
|
* Rollback AS bundler work and improve activation of vendored dependenciesJoshua Peek2009-09-1310-28/+48
|
* Callbacks need to require reportingJoshua Peek2009-09-131-0/+1
|
* Restore AS vendor file until we get things sorted out in railtiesJoshua Peek2009-09-131-0/+27
|
* Move AS vendor support into bundler.Joshua Peek2009-09-13150-30/+0
| | | Run `rake bundle` before running tests.
* require reporting before attempting to "shush"Joshua Peek2009-09-132-0/+3
|
* Shush, new_callbacksJeremy Kemper2009-09-131-2/+4
|
* Shush, rexmlJeremy Kemper2009-09-132-3/+3
|
* Prefer not to shadow a localJeremy Kemper2009-09-131-1/+1
|
* Clean up spurious JSON decoding test failureJeremy Kemper2009-09-133-8/+5
|
* Use Encoding.default_external, not _internalJeremy Kemper2009-09-131-2/+2
|
* making secure_compare fasterAaron Patterson2009-09-131-28/+8
| | | | | | [#3195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Dup the arguments to string compare so we can use force_encoding.Michael Koziarski2009-09-131-2/+2
|
* Revert "ruby 1.9 friendly secure_compare" because it breaks CI and Sam ↵Yehuda Katz2009-09-121-6/+9
| | | | | | Ruby's suite This reverts commit 5de75398c495f109772b622291362a98bc6c21d1.
* ruby 1.9 friendly secure_compareJakub Kuźma2009-09-121-9/+6
| | | | Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Remove redundant checks for valid character regexp in ↵Beau Harrington2009-09-101-2/+2
| | | | | | | | ActiveSupport::Multibyte#clean and #verify. [#3181 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Refactor new callbacks and AR implementation.José Valim2009-09-081-56/+58
| | | | Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Changed ActiveRecord to use new callbacks and speed up observers by only ↵José Valim2009-09-081-46/+53
| | | | | | notifying events that are actually being consumed. Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Ruby 1.9: fix MessageVerifier#secure_compareJeremy Kemper2009-09-081-9/+27
|
* Fix a messed up merge commitMichael Koziarski2009-09-041-4/+0
|
* Add verify and clean methods to ActiveSupport::Multibyte.Michael Koziarski2009-09-043-18/+98
| | | | | | | | | | | | When accepting character input from outside of your application you can't blindly trust that all strings are properly encoded. With these methods you can check incoming strings and clean them up if necessary. Signed-off-by: Michael Koziarski <michael@koziarski.com> Conflicts: activesupport/lib/active_support/multibyte.rb
* Fix timing attack vulnerability in ActiveSupport::MessageVerifier.Coda Hale2009-09-041-3/+16
| | | | | | Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC. Signed-off-by: Michael Koziarski <michael@koziarski.com>
* Duplicating the options hash in Date#advance to prevent modification of the ↵Jay Pignata2009-08-311-0/+1
| | | | | | original [#1133 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
* Correct Regexp#un/optionalize assertions and fix uncovered failuresJeffrey Hardy2009-08-261-0/+2
| | | | | | [#3102 state:incomplete] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Ruby 1.9: fix Time#beginning_of_day inaccuracy due to subtracting a FloatJeremy Kemper2009-08-221-1/+2
|
* Allow superclass_delegating_accessor to take a block for initial set.Yehuda Katz2009-08-111-3/+4
|
* More perf work:Yehuda Katz2009-08-111-7/+15
| | | | | | | | | | | | | | * Move #set_cookie and #delete_cookie inline to optimize. These optimizations should almost certainly be sent back upstream to Rack. The optimization involves using an ivar for cookies instead of indexing into the headers each time. * Was able to use a bare Hash for headers now that cookies have their own joining semantics (some code assumed that the raw cookies were an Array). * Cache blankness of body on body= * Improve expand_cache_key for Arrays of a single element (common in our case) * Use a simple layout condition check unless conditions are used * Cache visible actions * Lazily load the UrlRewriter * Make etag an ivar that is set on prepare!
* Got overhead down from 127 to 85. All tests pass:Yehuda Katz2009-08-111-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * Tentatively replaced HeaderHash with SimpleHeaderHash, which does not preserve case but does handle converting Arrays to Strings in to_hash. This requires further discussion. * Moved default_charset to ActionDispatch::Response to avoid having to hop over to ActionController. Ideally, this would be a constant on AD::Response, but some tests expect to be able to change it dynamically and I didn't want to change them yet. * Completely override #initialize from Rack::Response. Previously, it was creating a HeaderHash, and then we were creating an entirely new one. There is no way to call super without incurring the overhead of creating a HeaderHash. * Override #write from Rack::Response. Its implementation tracks Content-Length, and doing so adds additional overhead that could be mooted if other middleware changes the body. It is more efficiently done at the top-level server. * Change sending_file to an instance_variable instead of header inspection. In general, if a state is important, it should be set as a property of the response not reconstructed later. * Set the Etag to @body instead of .body. AS::Cache.expand_cache_key handles Arrays fine, and it's more efficient to let it handle the body parts, since it is not forced to create a joined String. * If we detect the default cache control case, just set it, rather than setting the constituent parts and then running the normal (expensive) code to generate the string.
* Allow delegating to nil, because the method might actually exist on itBryan Helmkamp2009-08-101-4/+9
|