rails

mirror of https://github.com/github/rails.git synced 2026-01-14 09:07:58 -05:00

Author	SHA1	Message	Date
Aaron Patterson	eb69ad2155	* Do not convert digest auth strings to symbols. CVE-2012-3424	2012-07-26 13:31:12 -07:00
Will Bryant	d625a7ac17	fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called	2012-04-30 00:20:17 -07:00
Andrew White	8af2fd8891	Don't convert params if the request isn't HTML - fixes #5341 (cherry picked from commit `d6bbd337ef`)	2012-04-29 10:52:59 +01:00
Aaron Patterson	47147a0555	Merge pull request #5456 from brianmario/redirect-sanitization Strip null bytes from Location header	2012-03-15 14:58:49 -07:00
Aaron Patterson	da7d0a26a1	search private / protected methods in trunk ruby	2012-02-20 11:04:27 -08:00
Piotr Sarnacki	238d80c24c	Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228 )	2012-01-10 04:55:00 +01:00
Aaron Patterson	8e6f86e298	this should never return nil, so no use for "try"	2011-10-31 15:17:50 -04:00
Christopher Meiklejohn	b23cd21c2d	Ensure that the format isn't applied twice to the cache key, else it becomes impossible to target with expire_action.	2011-10-31 15:17:46 -04:00
Alexey Vakhov	d103161018	HTMl -> HTML: html scanner comment fix	2011-10-20 23:28:45 +05:30
Akira Matsuda	a27f6ec150	status is a number in Rails 3	2011-10-14 22:29:44 +05:30
Alexey Vakhov	b33625478e	Add ActionController#head example	2011-10-14 22:29:44 +05:30
Alexey Vakhov	4805a657c1	Fix params hash example in AC::Base comment	2011-10-09 20:13:10 +05:30
Santiago Pastorino	d6c333cec7	Merge pull request #3150 from avakhov/patch-html-sanitizer-cqi-require add missing require to html sanitizer	2011-09-27 23:32:38 -03:00
Aaron Patterson	9959233e24	Eliminate newlines in basic auth. fixes #2882	2011-09-06 17:25:30 -07:00
Vijay Dev	d3d2ceaf0f	doc fixes	2011-09-01 03:47:13 +05:30
Xavier Noria	8653ac3948	deletes spurious arrow	2011-08-27 15:35:15 -07:00
David Majda	94a780356c	Make ActionController::TestCase#recycle! set @protocol to nil This ensures that the protocol does not get carried over when there are two or more requests in functional tests. This was a problem when e.g. the first request was HTTP and the second request was HTTPS. Closes #2654. Signed-off-by: Andrew White <andyw@pixeltrix.co.uk> (cherry picked from commit `68a13eded3`)	2011-08-23 15:36:10 +01:00
Andrew White	2af37b0fdd	Don't modify params in place - fixes #2624 (cherry picked from commit `14cf4b2e35`)	2011-08-23 11:11:37 +01:00
Santiago Pastorino	9b7f49374b	Merge pull request #2596 from dharmatech/patch-1 ActionController::Redirecting : fix docs typo	2011-08-20 18:27:56 -03:00
Santiago Pastorino	52e1e45c54	Merge pull request #2597 from dharmatech/patch-2 actionpack/lib/action_controller/base.rb: docs typo	2011-08-20 18:27:41 -03:00
Santiago Pastorino	f8f1e18808	Merge pull request #2604 from vijaydev/params_wrapper_docs Minor edit in the params wrapper api docs	2011-08-20 16:21:21 -03:00
Aaron Patterson	66c3e31dcf	Tags with invalid names should also be stripped in order to prevent XSS attacks. Thanks Sascha Depold for the report.	2011-08-16 15:17:49 -07:00
Jon Leighton	29d0ce0103	Use lazy load hooks to set parameter wrapping configuration. This means that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint.	2011-08-16 19:14:35 +01:00
Jon Leighton	6cf15ae56a	Don't refer to ActionController::Base in the wrap_parameters initializer - use config object instead. Cuts about 15% off the load time. (#734 )	2011-08-16 01:00:16 +01:00
Santiago Pastorino	eff7fddeb2	x_sendfile_header now defaults to nil and production.rb env file doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type, read https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb for more info. Anyways you can force this value in your production.rb	2011-08-07 13:13:19 -03:00
thoefer	7b39ddafab	modified fix #1872 according to jose valim´s suggestions	2011-08-01 11:28:31 +02:00
David Chelimsky	7fd726d62e	Paramify param values in controller tests.	2011-07-25 07:21:42 -05:00
Oemuer Oezkir	8b30f1d7ea	Changed a few instances of of words in the API docs written in British English to American English(according to Weber) Conflicts: actionpack/lib/action_controller/metal/request_forgery_protection.rb railties/lib/rails/engine.rb	2011-07-24 21:10:51 +02:00
Jesse Storimer	c24966f4c3	Ensure that status codes are logged properly Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue so that status codes rendered from rescue_from blocks are logged properly.	2011-07-18 15:32:57 -04:00
José Valim	a05d59fe06	Deprecate stream at the class level. This is because only template rendering works with streaming. Setting it at the class level was also changing the behavior of JSON and XML responses, closes #1337.	2011-07-06 20:33:01 -03:00
José Valim	e495ad8ddd	Make sure respond_with with :js tries to render a template in all cases	2011-06-30 11:48:01 -03:00
José Valim	fe6e890f63	[IMPORTANT] Make "sprockets/railtie" require explicit. This makes "sprockets/railtie" explicit. This means that sprockets will be loaded when you require "rails/all". If you are not using requiring "rails/all", you need to manually load it with all other framework railties. In order to be complete, this commit also adds --skip-sprockets to the rails generator.	2011-06-29 09:42:36 -03:00
Santiago Pastorino	e65f11494c	Merge pull request #1844 from jeroenj/cachesweeper-fix-3-1 Fixes an issue where cache sweepers	2011-06-24 08:44:42 -07:00
Matt Jankowski	56cf974dbc	more detail on how the flow between redirect and show works, and minor grammar	2011-06-23 18:17:34 +02:00
Jeroen Jacobs	a46d231c79	Fixes an issue where cache sweepers with only after filters would have no controller object It would raise undefined method controller_name for nil	2011-06-23 17:56:24 +02:00
Christine Yen	bb139ed0cf	Tweak linebreak in ActionController::Redirecting doc	2011-06-18 11:40:58 +02:00
Christine Yen	7e37db4218	Improve documentation around status code argument of redirect_to	2011-06-18 11:40:27 +02:00
Guillermo Iguaran	527499ca12	Remove trailing white-spaces	2011-06-06 22:45:45 +02:00
Vijay Dev	dff7c62ef0	some grammatical corrections	2011-06-06 22:45:10 +02:00
Guillermo Iguaran	48b90967b0	Removing trailing white-spaces	2011-06-06 22:42:17 +02:00
dmathieu	9cb8a18200	don't raise an exception if the format isn't recognized Fixed while traveling to heuruko	2011-05-27 07:50:44 +02:00
Jon Leighton	5a6927ec1e	Replace references to ActiveSupport::SecureRandom with just SecureRandom, and require 'securerandom' from the stdlib when active support is required.	2011-05-23 20:24:44 +01:00
Josh Kalderimis	968596fa7f	renamed the wrap_parameters :only and :except options to :include and :exclude to make it consistent with controller filters	2011-05-19 10:33:25 -04:00
José Valim	760dec17be	Use anonymous? that works on both Ruby 1.8 and 1.9.	2011-05-17 14:51:44 -04:00
David Chelimsky	13950a8cc9	add more robust test for wrapping params with anonymous class	2011-05-17 06:57:14 -04:00
Andy Lindeman	ee82e1c301	Add fix for error when an anonymous controller subclasses ApplicationController	2011-05-17 06:57:04 -04:00
Prem Sichanugrist	d77b306b63	Make ParamsWrapper calling newly introduced `Model.attribute_names` instead of `.column_names`	2011-05-15 19:07:44 -04:00
Prem Sichanugrist	3bed43c6a5	Do not try to call `column_names` on the abstract class. Normally the table for abstract class won't be existed, so we should not trying to call `#column_names` on it.	2011-05-15 00:41:20 -04:00
Xavier Noria	d491130236	Merge branch 'master' of git://github.com/lifo/docrails Conflicts: actionpack/lib/action_view/helpers/date_helper.rb railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt	2011-05-14 11:21:27 +02:00
Xavier Noria	e5524d538c	minor edits after going through what's new in docrails	2011-05-14 11:15:43 +02:00

1 2 3 4 5 ...

2853 Commits