aboutsummaryrefslogtreecommitdiffstats
path: root/railties
Commit message (Collapse)AuthorAgeFilesLines
* html_escape should escape single quotesSantiago Pastorino2012-08-021-2/+2
| | | | | | | | | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb
* Use `:data => { :confirm => "Text" }` syntax instead of `:confirm` atRafael Mendonça França2012-08-022-4/+9
| | | | | | | the ERB scaffold generator. We are trying to teach the data attributes as best practices and `:confirm` will be deprecated in 4.0.
* Bump to 3.2.8.rc1Santiago Pastorino2012-08-011-2/+2
|
* Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` ↵Rafael Mendonça França2012-08-011-1/+1
| | | | | | | | | | | option" Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers." This reverts commit fc092a9cba5fceec38358072e50e09250cf58840. This reverts commit e9051e20aeb2c666db06b6217954737665878db7. This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1. This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
* Add missing CHANGELOG entriesSantiago Pastorino2012-08-011-2/+6
| | | | [ci skip]
* Merge pull request #7070 from jmazzi/3-2-stableRafael Mendonça França2012-08-011-3/+6
|\ | | | | Update documentation for Rails::Application#env_config
| * Update documentation for Rails::Application#env_configJustin Mazzi2012-07-161-3/+6
| |
* | Merge pull request #7147 from pferdefleisch/scaffold_controller_docsRafael Mendonça França2012-07-311-4/+3
| | | | | | | | Updated scaffold_controller generator docs #7146
* | Revert "Add update_columns and the suggestion of using update_columnsRafael Mendonça França2012-07-301-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead of update_column" This reverts commit 9fa06c3d9811113259cb6e00a3a8454b3974add7. This reverts commit 17a64de4980683da3ca3c185205013a29a8cf88d. This reverts commit def9c85ffbdcf63e6c412b6bd4abafaa32ccdb5c, reversing changes made to 6b7d26cf3c061907aedc44f7f36776c9b36950fd. Reason: This was supposed to be released with 3.2.7 before the suggestion to use update_column. Since it was not release now is not good to suggest to use another method because it will confusing the people.
* | Backport #6995 to 3-2 stableFrancesco Rodriguez2012-07-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Update `test_help` to config properly turn natural language option. Last versions of Turn don't monkey patch MiniTest to setup the natural language option. Here is an [example](https://github.com/TwP/turn/blob/master/try/test_autorun_minitest.rb#L3). This patches the following behaviour: $ rake test:units `<top (required)>': undefined method `use_natural_language_case_names=' for MiniTest::Unit:Class (NoMethodError)
* | Merge branch '3-2-rel' into 3-2-stableAaron Patterson2012-07-262-1/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-rel: updating release date bumping to 3.2.7 updating the changelog * Do not convert digest auth strings to symbols. CVE-2012-3424 updating the version updating changelogs
| * | updating release dateAaron Patterson2012-07-261-1/+1
| | |
| * | bumping to 3.2.7Aaron Patterson2012-07-261-1/+1
| | |
| * | updating the versionAaron Patterson2012-07-231-2/+2
| | |
| * | updating changelogsAaron Patterson2012-07-231-0/+5
| |/
* / New #update_columns method.Sebastian Martinez2012-07-261-0/+2
|/
* Update coding convention from masterPrem Sichanugrist2012-07-091-8/+8
|
* Since Rails 3.2, use layout false to render no layoutJosé Valim2012-07-061-1/+1
|
* Use strict_args_position! if available from ThorJosé Valim2012-06-181-0/+1
|
* updating changelogsAaron Patterson2012-06-121-1/+1
|
* bumping version numbersAaron Patterson2012-06-111-1/+1
|
* updating changelogsAaron Patterson2012-06-111-0/+4
|
* Merge pull request #6690 from suginoy/fix-templates-copyRafael Mendonça França2012-06-112-1/+13
| | | | | | Fix: 'rake rails:templates:copy' doesn't work Conflicts: railties/test/application/rake_test.rb
* Don't add sqlite3 to gemspec with -O on rails plugin newPiotr Sarnacki2012-06-082-0/+10
| | | | (closes #6672)
* Merge pull request #6678 from arunagw/fix_issue_6673Rafael Mendonça França2012-06-082-1/+9
|\ | | | | Fix issue 6673
| * We should not include engine.rake file into rakeArun Agrawal2012-06-082-1/+9
| | | | | | | | | | | | | | | | | | | | if we are passing -T which is skip_test_unit See issue #6673 for more details. I saw that we are not creating dummy app even if we do skip_test_unit. Fixes #6673
* | Removed protected as we already doing it above. Arun Agrawal2012-06-081-2/+0
|/
* Revert "fix the Flash middleware loading the session on every request (very ↵Rafael Mendonça França2012-06-051-20/+0
| | | | | | | | | dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa. Reason: This add a non-backward compatible change in the way that flash works now (swept in every request).
* Deprecate `:confirm` in favor of `:data => { :confirm => 'Text' }` optionCarlos Galdino2012-06-051-1/+1
| | | | | | | | | | | | This deprecation applies to: `button_to` `button_tag` `image_submit_tag` `link_to` `submit_tag` As :confirm is an UI specific option is better to use the data attributes, teaching users about unobtrusive JavaScript and how Rails works with it.
* remove unneeded blank line from !namespeced? controller generatorsAkira Matsuda2012-06-012-2/+2
|
* bumping to 3.2.5Aaron Patterson2012-05-311-1/+1
|
* Merge branch '3-2-rel' into 3-2-stableAaron Patterson2012-05-312-2/+2
|\ | | | | | | | | | | | | | | * 3-2-rel: bumping to 3.2.4 adding security notifications to CHANGELOGs updating changelogs Merge pull request #6558 from parndt/fix_regression
| * bumping to 3.2.4Aaron Patterson2012-05-311-1/+1
| |
| * updating changelogsAaron Patterson2012-05-311-1/+1
| |
* | Merge branch '3-2-stable-sec' into 3-2-stableAaron Patterson2012-05-311-2/+2
|\| | | | | | | | | | | | | * 3-2-stable-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this bumping to 3.2.4.rc1
| * bumping to 3.2.4.rc1Aaron Patterson2012-05-281-2/+2
| |
* | Changed symbol platform to platforms for the commented out call to gem ↵Martin O'Connor2012-05-302-2/+2
| | | | | | | | | | | | | | 'therubyracer'. Dependency.rb expects the symbol to be named :platforms as opposed to platform. RubyMine's inspections indicate that the symbol should be named :platforms. Updating tests.
* | Remove irrelevant assertionOscar Del Ben2012-05-291-7/+0
| |
* | Display annotations from .coffee files in `rake notes`Bartlomiej Kozal2012-05-282-7/+18
|/
* Fix railties_order when application object is passedPiotr Sarnacki2012-05-272-1/+5
| | | | | | | | | | | | | | | railites_order method, introduced in 40b19e0, had a bug that was causing loading application instance twice in initializers if railties_order already included application instance. So for example railties_order = [Foo::Engine, :main_app, Bar::Engine] would result in such railties array: [MyApp::Application, Foo::Engine, MyAppApplication, Bar::Engine] In order to fix it, we need to check for existence of application in both railties_order and railties arrays.
* Use require_dependency in generated controllersPiotr Sarnacki2012-05-223-4/+4
| | | | | | | Using require in development mode will prevent required files from reloading, even if they're changed. In order to keep namespaced application_controller reloadable, we need to use require_dependency instead of require.
* More info on commit messages in contributing guidePiotr Sarnacki2012-05-211-1/+33
| | | | | | | | | Add more info on how to write a good commit messages along with example showing nicely formatted commit message. Rails git history does not look too well when you try to figure out why particular changes were introduced. We can do much better than that and it's never too late to start.
* Fix generators to help with ambiguous `ApplicationController` issuePiotr Sarnacki2012-05-204-5/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In development mode, dependencies are loaded dynamically at runtime, using `const_missing`. Because of that, when one of the constants is already loaded and `const_missing` is not triggered, user can end up with unexpected results. Given such file in an Engine: ```ruby module Blog class PostsController < ApplicationController end end ``` If you load it first, before loading any application files, it will correctly load `Blog::ApplicationController`, because second line will hit `const_missing`. However if you load `ApplicationController` first, the constant will be loaded already, `const_missing` hook will not be fired and in result `PostsController` will inherit from `ApplicationController` instead of `Blog::ApplicationController`. Since it can't be fixed in `AS::Dependencies`, the easiest fix is to just explicitly load application controller. closes #6413
* Changing the indentation level of the block comment close for SASS Brian Cardarella2012-05-151-1/+1
| | | If one wants to use use SASS for application.css.sass the comment block indentation is invalid.
* Default escape_html_entities_in_json to true in new appsJosé Valim2012-05-141-2/+2
|
* Update railties/lib/rails/generators/rails/app/templates/config/application.rbEgor Homakov2012-05-141-0/+3
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* :foreign_key option should be on has_many side of associationMikhail Dieterle2012-05-131-2/+2
|
* Update 'getting started' guides for new whitelist security implementation. ↵Erich Menge2012-05-121-1/+16
| | | | Closes #6286.
* Give more detailed instructions in script/rails in enginePiotr Sarnacki2012-05-041-0/+4
| | | | closes #4894
* improvements in "caching_with_rails" guide - backported from docrailskucaahbe2012-05-041-8/+10
| | | | | | Conflicts: railties/guides/source/caching_with_rails.textile