github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-13 16:47:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
24,493 Commits 34 Branches 105 Tags
3-1-github
Commit Graph

1843 Commits

Author SHA1 Message Date
Santiago Pastorino
d0c9759d3a html_escape should escape single quotes 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
 2012-08-06 21:39:35 -03:00
Aaron Patterson
28e744d682 adding a test for #6459 2012-06-14 10:55:30 -07:00
Andrew White
7336b33008 Refactor the handling of default_url_options in integration tests 
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.

Specifically the following issues have been addressed:

* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
 2012-05-10 21:33:31 +01:00
Andrew White
8af2fd8891 Don't convert params if the request isn't HTML - fixes #5341 
(cherry picked from commit d6bbd337ef)
 2012-04-29 10:52:59 +01:00
Arun Agrawal
54d3645e93 :subdomain can now be specified with a value of false in url_for, 
allowing for subdomain(s) removal from the host during link generation. 

Closes #4083

cherry-picked from 

de942e5534
96aa3bd0ea
 2012-04-01 00:16:38 +05:30
Aaron Patterson
66b8ef164d Merge pull request #5457 from brianmario/typo-fix 
Fix typo in redirect test
 2012-03-15 15:22:56 -07:00
Aaron Patterson
47147a0555 Merge pull request #5456 from brianmario/redirect-sanitization 
Strip null bytes from Location header
 2012-03-15 14:58:49 -07:00
Arun Agrawal
d024ce1d6c Test fix failing in 1.8.7-p358 2012-03-07 18:27:58 +05:30
Andrew White
5c18b995c1 Detect optional glob params when adding non-greedy regexp - closes #4817. 2012-02-26 00:29:43 +00:00
Arun Agrawal
6e49b3d006 assert => assert_equal 2012-02-25 21:13:53 +05:30
Arun Agrawal
406ece4729 fixed build for ruby187-p358 2012-02-25 17:50:47 +05:30
Piotr Sarnacki
238d80c24c Fix http digest authentication with trailing '/' or '?' (fixes #4038 and #3228) 2012-01-10 04:55:00 +01:00
Aaron Patterson
d5389523f4 rack bodies should be a list 2011-12-22 13:10:36 -07:00
Aaron Patterson
3e00e1f6e3 refactoring routing tests 
Conflicts:

	actionpack/test/controller/routing_test.rb
 2011-12-22 13:05:40 -07:00
Aaron Patterson
040b7946d2 adding tests for #4029 2011-12-20 19:52:33 -07:00
Bradford Folkens
92955d0053 Fix trouble using :subdomain in development environment when using numeric addresses. 
Otherwise the following occurs:

TypeError: can't convert nil into String
    /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:75:in host_or_subdomain_and_domain'
    /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/http/url.rb:37:in url_for'
    /Users/bfolkens/dev/bfolkens-rails-core/actionpack/lib/action_dispatch/routing/url_for.rb:147:in test_subdomain_may_be_accepted_with_numeric_host'
    /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/testing/setup_and_teardown.rb:67:in run'
    /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:426:in send'
    /Users/bfolkens/dev/bfolkens-rails-core/activesupport/lib/active_support/callbacks.rb:81:in run'
 2011-11-07 23:23:36 -06:00
Christopher Meiklejohn
b23cd21c2d Ensure that the format isn't applied twice to the cache key, else it becomes impossible to target with expire_action. 2011-10-31 15:17:46 -04:00
José Valim
f63b1dee65 TestCase should respect the view_assigns API instead of pulling variables on its own. 2011-10-02 11:33:12 +02:00
Santiago Pastorino
3200cd072e Revert "Make process reuse the env var passed as argument" 
This reverts commit 0e4748cd41.
 2011-09-24 17:22:29 -03:00
Andrew Kaspick
05d4d8b9a2 fix assert_select_email to work on non-multipart emails as well as converting the Mail::Body to a string to prevent errors. 2011-09-07 17:15:58 -05:00
Aaron Patterson
9959233e24 Eliminate newlines in basic auth. fixes #2882 2011-09-06 17:25:30 -07:00
Santiago Pastorino
ba130042bd * is not allowed in windows file names. Closes #2574 #2847 2011-09-04 17:45:34 -03:00
Andrew White
586b284fb9 Add failing test case for #2654 
(cherry picked from commit ebea387e4b)
 2011-08-23 15:35:58 +01:00
Andrew White
2af37b0fdd Don't modify params in place - fixes #2624 
(cherry picked from commit 14cf4b2e35)
 2011-08-23 11:11:37 +01:00
Aaron Patterson
09ad48f22e Properly escape glob characters. 2011-08-16 15:16:45 -07:00
Jon Leighton
29d0ce0103 Use lazy load hooks to set parameter wrapping configuration. This means that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint. 2011-08-16 19:14:35 +01:00
Jon Leighton
6cf15ae56a Don't refer to ActionController::Base in the wrap_parameters initializer - use config object instead. Cuts about 15% off the load time. (#734) 2011-08-16 01:00:16 +01:00
thoefer
7b39ddafab modified fix #1872 according to jose valim´s suggestions 2011-08-01 11:28:31 +02:00
thedarkone
0753d0bd05 There is no need to be destructive with the passed-in options. 
This fixes a bug that is caused by Resource/SingletonResource mangling resource options when using inline "multi"-resource declarations.
 2011-07-28 20:18:45 +02:00
David Chelimsky
7fd726d62e Paramify param values in controller tests. 2011-07-25 07:21:42 -05:00
Gaston Ramos
8d0e3c9dc2 - added ActionView::PartialRenderer#merge_path_into_partial(path, partial) 
fix issues/1951
 2011-07-24 00:24:38 -03:00
Gaston Ramos
1f3f9f1b07 - added test case for issue: 
https://github.com/rails/rails/issues/1951
  Namespaced model partial_path is wrong in namespaced controllers
 2011-07-23 20:46:06 -03:00
Dieter Komendera
15c8bf1012 Fix fragment cache helper regression on cache miss introduced with 03d01ec7. 
Contains following patches cherry-picked from @lhahne's 3-0-stable branch:

* Added tests for the output_buffer returned by CacheHelper (c476a6b)
The output_buffer returned by CacheHelper should be html_safe if the original buffer is html_safe.

* made sure that the possible new output_buffer created by CacheHelper is of the same type as the original (39a4f67)
 2011-07-23 22:25:24 +02:00
Jesse Storimer
c24966f4c3 Ensure that status codes are logged properly 
Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue
so that status codes rendered from rescue_from blocks are logged
properly.
 2011-07-18 15:32:57 -04:00
José Valim
a05d59fe06 Deprecate stream at the class level. 
This is because only template rendering works with streaming.
Setting it at the class level was also changing the behavior
of JSON and XML responses, closes #1337.
 2011-07-06 20:33:01 -03:00
Damien Mathieu
827e8a5983 provide a more explicit message when using url_for with nil 
This fixes the problem of having a non-explicit message when the :location option is not provided in respond_with.
 2011-07-03 02:13:53 +02:00
José Valim
e495ad8ddd Make sure respond_with with :js tries to render a template in all cases 2011-06-30 11:48:01 -03:00
Jeroen Jacobs
2b72bb9846 Tests only after filters in cache sweepers 2011-06-23 17:56:37 +02:00
dmathieu
9cb8a18200 don't raise an exception if the format isn't recognized 
Fixed while traveling to heuruko
 2011-05-27 07:50:44 +02:00
Jon Leighton
5a6927ec1e Replace references to ActiveSupport::SecureRandom with just SecureRandom, and require 'securerandom' from the stdlib when active support is required. 2011-05-23 20:24:44 +01:00
Josh Kalderimis
968596fa7f renamed the wrap_parameters :only and :except options to :include and :exclude to make it consistent with controller filters 2011-05-19 10:33:25 -04:00
David Chelimsky
13950a8cc9 add more robust test for wrapping params with anonymous class 2011-05-17 06:57:14 -04:00
David Chelimsky
14d5e3e459 better test name 2011-05-17 06:56:53 -04:00
David Chelimsky
29e8ca3698 add failing test for https://github.com/rails/rails/issues/1089 2011-05-17 06:56:46 -04:00
Prem Sichanugrist
d77b306b63 Make ParamsWrapper calling newly introduced Model.attribute_names instead of .column_names 2011-05-15 19:07:44 -04:00
Prem Sichanugrist
3bed43c6a5 Do not try to call column_names on the abstract class. 
Normally the table for abstract class won't be existed, so we should not trying to call `#column_names` on it.
 2011-05-15 00:41:20 -04:00
David Lee
8366cabd65 Test csrf token param name customization 2011-05-10 18:24:14 -07:00
José Valim
a87894ae57 Get around weird missing constant error caused by AS instead of simply raising NameError, closes #477. 2011-05-11 00:08:43 +02:00
José Valim
9c2c25c1a1 Revert to old semantics, use available_action? instead of action_method?. 2011-05-06 18:44:18 +02:00
Nick Sutterer
65ceccb0ba controller's prefixes are now added to LookupContext. 2011-05-03 23:41:38 +02:00