github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-14 09:07:58 -05:00
Code Issues Packages Projects Releases Wiki Activity
24,493 Commits 34 Branches 105 Tags
3-1-github
Commit Graph

179 Commits

Author SHA1 Message Date
Santiago Pastorino
d0c9759d3a html_escape should escape single quotes 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
 2012-08-06 21:39:35 -03:00
Santiago Pastorino
ba130042bd * is not allowed in windows file names. Closes #2574 #2847 2011-09-04 17:45:34 -03:00
Aaron Patterson
09ad48f22e Properly escape glob characters. 2011-08-16 15:16:45 -07:00
Gaston Ramos
8d0e3c9dc2 - added ActionView::PartialRenderer#merge_path_into_partial(path, partial) 
fix issues/1951
 2011-07-24 00:24:38 -03:00
Gaston Ramos
1f3f9f1b07 - added test case for issue: 
https://github.com/rails/rails/issues/1951
  Namespaced model partial_path is wrong in namespaced controllers
 2011-07-23 20:46:06 -03:00
Xavier Noria
eea66892c8 removes support for render :update 2011-04-13 13:23:17 +02:00
José Valim
b93c590297 Ensure render is case sensitive even on systems with case-insensitive filesystems. 
This fixes CVE-2011-0449
 2011-02-08 14:04:19 -08:00
José Valim
74dd8a3681 Move ETag and ConditionalGet logic from AD::Response to the middleware stack. 2010-10-03 21:25:22 +02:00
Emilio Tagua
34fc109549 Redefine duplicated test name. 2010-09-28 18:36:45 -03:00
Emilio Tagua
9917356d66 Remove more warnings by initializing variables in test. 2010-09-28 17:16:18 -03:00
Emilio Tagua
3f94b45262 Remove more warnings: no need to define attr_accessor if already exists. Initialize ivar. 2010-09-28 17:08:43 -03:00
Maxim Chernyak
20685d07ab Fix header capitalization by explicitly upcasing first letter of every word, and avoiding capitalize. [#5636 state:resolved] 2010-09-18 20:49:51 +02:00
Piotr Sarnacki
b3eb26a161 Removed deprecated RouteSet API, still many tests fail 2010-09-05 13:44:36 +02:00
Xavier Noria
fb6b805620 code gardening: we have assert_(nil|blank|present), more concise, with better default failure messages - let's use them 2010-08-17 03:32:11 +02:00
Santiago Pastorino
b451de0d6d Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;) 2010-08-14 04:12:33 -03:00
Jan De Poorter
96f5e59a26 Make sure a namespaced <%= render form %> still renders the _form partial [#4784 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-20 00:58:10 +02:00
Xavier Noria
f17159b029 edit pass: the names of Rails components have a space, ie, "Active Record", not "ActiveRecord" 2010-06-14 23:22:04 +02:00
wycats
80b60671f7 Revert "Moved encoding work in progress to a feature branch." 
This reverts commit ade756fe42.
 2010-05-17 19:41:54 +04:00
Jeremy Kemper
ade756fe42 Moved encoding work in progress to a feature branch. 
This reverts commits af0d1a8815 and 64d109e353.
 2010-05-16 13:55:29 -07:00
wycats
64d109e353 Significantly improved internal encoding heuristics and support. 
* Default Encoding.default_internal to UTF-8
* Eliminated the use of file-wide magic comments to coerce code evaluated inside the file
* Read templates as BINARY, use default_external or template-wide magic comments
  inside the Template to set the initial encoding
  * This means that template handlers in Ruby 1.9 will receive Strings encoded
    in default_internal (UTF-8 by default)
* Create a better Exception for encoding issues, and use it when the template
  source has bytes that are not compatible with the specified encoding
* Allow template handlers to opt-into handling BINARY. If they do so, they
  need to do some of their own manual encoding work
* Added a "Configuration Gotchas" section to the intro Rails Guide instructing
  users to use UTF-8 for everything
* Use config.encoding= in Ruby 1.8, and raise if a value that is an invalid
  $KCODE value is used

Also:
* Fixed a few tests that were assert() rather than assert_equal() and
  were caught by Minitest requiring a String for the message
* Fixed a test where an assert_select was misformed, also caught by
  Minitest being more restrictive
* Fixed a test where a Rack response was returning a String rather
  than an Enumerable
 2010-05-16 22:44:43 +04:00
rohit
fc2480a277 Fixed 1 failure and 2 errors in ActionPack testsuite [#4613 state:commited] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-05-16 14:32:53 +02:00
Jeff Kreeftmeijer
fa99de0bd0 partial counters with :as [#2804 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2010-05-15 10:32:23 -07:00
Carlhuda
edb5991a14 Make render :partial, :layout consistent between AC and AV 2010-03-18 16:55:32 -07:00
Carlhuda
71c9337f45 All tests pass without memoizing view_context 2010-03-18 15:52:43 -07:00
Carlhuda
d9375f3f30 Modify assert_template to use notifications. Also, remove ActionController::Base#template since it is no longer needed. 2010-03-17 16:29:35 -07:00
José Valim
4ba334c0f4 Ensure controller filters are executed before stuff starts to happen. 2010-03-13 21:28:34 +01:00
José Valim
8f082ff421 Clean LookupContext API. 2010-03-08 23:25:16 +01:00
Yehuda Katz
ae933a093d Fix render :file => "#{Rails.root}/public/404.html", :status => :not_found. Closes #8994 2010-02-23 22:45:42 -08:00
José Valim
e8ef12e39d Make Railties tests green again. 2010-02-17 00:14:49 +01:00
José Valim
b1edd09662 Ensure render :text => resource first tries to invoke :to_text on it 2010-02-16 23:26:29 +01:00
José Valim
75ba102a80 Remove ActionView inline logging to ActiveSupport::Notifications and create ActionController::Base#log_event, so everything can be logged within one listener. Also expose log_process_action as a hook for different modules to include their own information during the action processing. This allow ActiveRecord to hook and any other ORM. Finally, this commit changes 'Processing' and 'Rendering' in logs to 'Processed' and 'Rendered' because at the point it's logged, everying already happened. 2009-12-26 20:28:53 +01:00
Joshua Peek
a1bf2f96ce AD::StatusCodes support is now part of rack 2009-12-22 16:08:03 -06:00
Joshua Peek
2be5e088d2 Use new routing dsl in tests 2009-12-08 16:52:26 -06:00
Jeremy Kemper
de40bc033a Ensure Cache-Control max-age is an integer 2009-12-02 03:23:00 -08:00
Jeremy Kemper
425a02cece Ruby 1.9: resolve constant lookup issues 2009-11-04 15:41:50 -08:00
Yehuda Katz
e1786ee6eb Fixes expires_now and cleans things up a bit 2009-10-26 17:32:42 -07:00
Michael Koziarski
9415935902 Switch to on-by-default XSS escaping for rails. 
This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.
 2009-10-08 09:31:20 +13:00
Joshua Peek
24ad9ae3d2 Cleanup route reloading in tests. Prefer with_routing over using ActionController::Routing::Routes directly 2009-08-16 21:14:26 -05:00
Yehuda Katz
9f5cd0156a More cleanup of ActionView and reduction in need for blocks in some cases: 
* only one of partial_name or :as will be available as a local
  * `object` is removed
  * Simplify _layout_for in most cases.
    * Remove <% render :partial do |args| %>
    * <% render :partial do %> still works fine
 2009-08-15 12:32:01 -07:00
Yehuda Katz
d7415f792c Clean up partial object some more; replace passing around a block to a single block ivar 2009-08-09 04:12:08 -03:00
José Valim
7034272354 Add destroyed? to ActiveRecord, include tests for polymorphic urls for destroyed objects and refactor mime responds tests and documentation. 2009-08-07 17:16:16 +02:00
José Valim
f59984cc81 Add nagivational behavior to respond_with. 2009-08-07 17:16:15 +02:00
Yehuda Katz
0612fd0f09 Replace _render_template_with_layout with _render_template since the layout is optional 2009-08-07 03:18:45 -03:00
Yehuda Katz
503ce1d01c Update cache_control to be a Hash of options that is used to build the header. 
* Significantly simplifies setting and modifying cache control in other areas
 2009-08-02 19:39:33 -04:00
Joshua Peek
7aa730440c Remove deprecated implicit ivar assignment 2009-06-25 12:51:21 -05:00
Yehuda Katz + Carl Lerche
6927f1119b Finish making pending tests pass 2009-06-17 12:54:19 -07:00
Yehuda Katz + Carl Lerche
5097bd6241 Modify render_test's determine_layout to match RJS 2009-05-22 17:26:27 -07:00
Yehuda Katz + Carl Lerche
8fac2c88ca Cleaning up more render tests 2009-05-14 15:30:35 -07:00
Yehuda Katz + Carl Lerche
49a84ff69c Ported over render :file tests. 2009-05-13 17:00:59 -07:00
Yehuda Katz + Carl Lerche
216309c165 Implemented redirects and partial rendering in new base. 2009-05-12 16:21:34 -07:00