github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-14 00:57:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,373 Commits 34 Branches 105 Tags
2-3-github
Commit Graph

156 Commits

Author SHA1 Message Date
Ted Nyman
379dd9071c Documentation for #deep_munge 2013-12-03 13:24:11 -08:00
Ted Nyman
a743f17dbd #deep_munge for CVE-2013-6417 2013-12-03 13:23:02 -08:00
Rob Di Marco
8ca8ac379d Fixed bug 6440 by checking that destroy exists on the session 2011-02-28 22:54:03 -05:00
Michael Lovitt
257a29d3cc Sessions should not be created until written to and session data should be destroyed on reset. [#4938 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-07-14 08:04:37 +02:00
Joshua Peek
0f0f977625 Revert "Prefix Internet Explorer's accepted mime types with sensible defaults." 
IE XHR requests are misinterpreted as HTML instead of JS.

This reverts commit c680f2372e.
 2009-11-23 11:19:39 -06:00
Manfred Stienstra
c680f2372e Prefix Internet Explorer's accepted mime types with sensible defaults. 2009-09-25 15:47:33 +02:00
Joshua Peek
16f36b6171 Remove vendored version of Rack 2009-04-25 13:59:26 -05:00
Joshua Peek
2d9b45722c Remove pending rack specifications until they are official 2009-04-25 13:44:34 -05:00
Joshua Peek
224a534400 reset_session should force a new session id to be generated [#2173] 2009-03-09 22:46:03 -05:00
David Heinemeier Hansson
6de83562f9 Force all internal calls to Array#to_sentence to use English [#2010 state:resolved] 2009-02-27 14:22:39 +01:00
Joshua Peek
2277fbedbe Temporarily bundle Rack 1.0 prerelease for testing 2009-02-07 00:08:28 -06:00
Pratik Naik
57b156b338 Dont use Memoizable for ActionController::Request 2009-01-27 17:26:37 +00:00
Pratik Naik
39e1ac658e Merge docrails 2009-01-18 18:10:58 +00:00
Joshua Peek
ff0a2678c4 Build query string and POST params parser on top of Rack::Request. Also switch our multipart parser to use Racks. Moved XML, JSON, and YAML parsers into ActionController::ParamsParser middleware [#1661 state:resolved] 2009-01-17 20:29:50 -06:00
Joshua Peek
ac4bf1180a Ensure we override Rack::Request's POST method too 2009-01-09 13:12:39 -06:00
Joshua Peek
282c1d6159 Refactor request query string parsing tests 2009-01-09 12:52:59 -06:00
Joshua Peek
e1f73aab8c Inherit ActionController::Request from Rack::Request 2009-01-09 11:47:44 -06:00
Joshua Peek
f00e86d7e9 Memoize request accessors on the Rack env so other request objects have access to the same cache [#1668 state:resolved] 2009-01-04 12:15:15 -06:00
Joshua Peek
c20c72e3d9 Use rack namespace for routing args 2008-12-28 15:34:59 -06:00
Joshua Peek
5d89605c11 Make router and controller classes better rack citizens 2008-12-28 15:31:03 -06:00
Pratik Naik
fec0ea9d6d Request#env['SERVER_NAME'] does not contain port number 2008-12-28 17:07:13 +00:00
Pratik Naik
e898f82a74 Move request parsing related code to ActionController::RequestParser 2008-12-25 03:51:04 +00:00
Joshua Peek
9c1e48eaea ActionController::VerbPiggybacking middleware 2008-12-23 13:36:05 -06:00
Pratik Naik
3562d54d18 Remove duplicate attr_reader :env 2008-12-23 00:36:13 +00:00
Pratik Naik
293bb02f91 Unify ActionController::AbstractRequest and ActionController::Request 2008-12-23 00:30:32 +00:00
Pratik Naik
b5ecfe78f9 Use Rack::MockRequest for TestRequest 2008-12-23 00:30:32 +00:00
Pratik Naik
7e1751111e Rename RackRequest to Request 2008-12-23 00:30:32 +00:00
Pratik Naik
408ec6c0dc Remove rack_process.rb 2008-12-23 00:30:32 +00:00
Pratik Naik
900aad677f Remove deprecated relative_url_root 2008-12-23 00:30:32 +00:00
Darren Boyd
0a4a5f3129 Making the IP Spoofing check in AbstractRequest#remote_ip configurable. 
Certain groups of web proxies do not set these values properly.  Notably,
proxies for cell phones, which often do not set the remote IP information
correctly (not surprisingly, since the clients do not have an IP address).

Allowing this to be configurable makes it possible for developers to choose
to ignore this simple spoofing check, when a significant amount of their
traffic would result in false positives anyway.

Signed-off-by: Michael Koziarski <michael@koziarski.com>

[#1200 state:committed]
 2008-12-01 20:40:18 +01:00
Jeremy Kemper
eb5e6fe713 Simplify Request#path 2008-11-30 17:24:36 -08:00
Jeremy Kemper
4fabc9b2f3 Simplify REMOTE_ADDR parsing 2008-11-30 17:06:11 -08:00
Michael Koziarski
af5b304a40 Fix stupid typo 2008-11-06 18:52:02 +00:00
Michael Koziarski
8a53e258e5 Backwards compatibility fixes for relative_url_root 
* Make the old deprecated relative_url_root still set the value as it's still used by mongrel
* Set the default from the ENV value when the file is required, not at runtime.
 2008-11-02 13:12:48 +01:00
David Heinemeier Hansson
9acb88e666 Added stale?/fresh? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [DHH] 2008-10-21 02:30:13 +02:00
Michael Koziarski
0b46503254 Remove unneeded interning. 2008-09-30 11:34:05 +02:00
Pratik Naik
6ef35461dc Merge docrails 2008-09-03 17:58:47 +01:00
Michael S. Klishin
e42a235dd1 Request#remote_ip handles the uncommon case that REMOTE_ADDR is a comma-separated list. 
[#523 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2008-08-27 23:03:11 -07:00
Jamis Buck
6e4ea66dc0 Make AbstractRequest.if_modified_sense return nil if the header could not be parsed 2008-08-19 16:07:17 -06:00
Jeremy Kemper
ba2d61dd81 Update tests for request memoization 2008-08-08 02:31:12 -07:00
Jeremy Kemper
b7529ed1cc Simplifying usage of ETags and Last-Modified and conditional GET requests 2008-08-07 23:43:12 -07:00
Tarmo Tänav
656f0e7c6c Fix file permissions 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2008-07-31 16:36:23 -05:00
Joshua Peek
a87462afcb AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root 2008-07-24 13:41:51 -05:00
Pratik Naik
0432d15164 Merge with docrails. 2008-07-16 13:01:23 +01:00
Jeremy Kemper
d37e641336 Move accept header parsing shortcut to Mime::Type.parse 2008-07-09 11:30:18 -07:00
Jeremy Kemper
f82bd31cb0 Request#accepts special-cases a single mime type 2008-07-09 10:42:30 -07:00
Michael Koziarski
2f4aaed7b3 Disable the Accept header by default 
The accept header is poorly implemented by browsers and causes strange errors when used on public sites where crawlers make requests too.  You should use formatted urls (e.g. /people/1.xml) to support API clients. Alternatively to re-enable it you need to set:

config.action_controller.use_accept_header = true

A special case remains for ajax requests which will have a javascript format for the base resource (/people/1) if the X-Requested-With header is present.  This lets ajax pages still use format.js despite there being no params[:format]
 2008-07-07 07:31:49 +02:00
Michael Koziarski
12cf8f348b Move template_format logic out to the request so it's alongside the 'regular' request format. 
Use xhr? instead of the expensive trip through Request#accepts.
 2008-07-03 19:43:06 +03:00
David Heinemeier Hansson
edfa195e2a Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesnt match (not just if theyre both present) [Mark Imbriaco, Bradford Folkens] 2008-06-03 18:11:47 -05:00
Jeremy Kemper
b43309328a Ruby 1.9 compat: ensure binary encoding for post body parsing 2008-05-19 16:24:26 -07:00