* 3-1-stable-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.
Specifically the following issues have been addressed:
* Options specified in routes.rb are used (fixes#546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.
To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.
Fixes#2510.
(cherry picked from commit 56030506563352944fed12a6bb4793bb2462094b)
Make sure to return the same hash object instead of returning a new one.
Returning a new one causes failures on cookie store tests, where it
tests for the 'Set-Cookie' header with the session signature.
This is due to the hash ordering changes on Ruby 1.8.7-p358.
* 3-1-4:
bumping to 3.1.4
Ensure [] respects the status of the buffer.
updating RAILS_VERSION
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
* 3-1-stable-security:
Ensure [] respects the status of the buffer.
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
RFC 3986[1] allows sub-delim characters in path segments unencoded,
however Rack::File requires them to be encoded so we use URI's
unescape method to leave them alone and then escape them again.
Also since the path gets passed to Dir[] we need to escape any glob
characters in the path.
[1]: http://www.ietf.org/rfc/rfc3986.txt
When default_asset_host_protocol is left as nil, it will use absolute protocols when a request is present, and relative protocols otherwise (eg in asset generation)
Signed-off-by: José Valim <jose.valim@gmail.com>
