github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-09 22:58:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
28,542 Commits 34 Branches 105 Tags
3-2-github
Commit Graph

2989 Commits

Author SHA1 Message Date
Greg Ose
e1c7a232ca update FlashHash for 3.2 2014-09-24 12:39:03 -05:00
Greg Ose
f0895f838f 📗? Update tests and FlashHash cleanup 
* Make FlashHash more like 4.1 (654a2de7a9)
* Move tests to stringified keys (b97e087321)
* Fix tests to properly load / store to session
 2014-09-23 16:19:09 +10:00
Josef Šimánek
c13eb1c727 Fix force_ssl.rb documentation. Close tt tag. 
[ci skip]
 2014-01-06 15:28:35 +01:00
Michael Koziarski
5aee516b5e Remove the use of String#% when formatting durations in log messages 
This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.
 2013-09-30 14:42:11 -07:00
Rafael Mendonça França
0b35a3aacc Merge pull request #10478 from cainlevy/patch-1 
use canonical #controller_path logic in controller test cases
Conflicts:
	actionpack/lib/action_controller/test_case.rb
 2013-05-06 22:19:46 -03:00
Fred Wu
dee5915aac Fixed test failures on 1.8.7 caused by 74e59ea 2013-03-27 11:29:37 +11:00
Mack Earnhardt
74e59ea8b6 Backport #5808 
df36c5f - Fix assert_template assertion with :layout option
4bd05a7 - Fix assert_template :layout => nil assertion
0d19a08 - Improve assert_template layout checking
 2013-03-24 08:16:26 -04:00
Rafael Mendonça França
2c8f349953 Merge pull request #9802 from newsline/fix-broken-action-missing 
Fix missing action_missing

Conflicts:
	actionpack/CHANGELOG.md

Conflicts:
	actionpack/test/controller/base_test.rb

Fixes #9799
 2013-03-20 18:22:31 -03:00
Aaron Patterson
99123ad12f fix protocol checking in sanitization [CVE-2013-1857] 
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
 2013-03-15 17:48:42 -07:00
Charlie Somerville
ff3b9ca130 fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] 2013-03-15 17:48:12 -07:00
Prem Sichanugrist
979e198c14 Check for method_missing in public and protected 
Ruby 2.0 changed the behavior of `respond_to?` without argument to
return only search for public method. We actually want to perform the
action only if `method_missing` is either in public or protected.
 2013-02-24 16:32:25 -05:00
thedarkone
abf0c71021 There is already a Set of non-hidden action_names lying around. 2013-02-24 16:32:25 -05:00
Carlos Antonio da Silva
a3aca81b21 Remove warning of not used variable 2013-01-17 10:28:16 -02:00
José Valim
a5013bb5af Merge pull request #5288 from lest/patch-2 
force response body to be read in assert_template
Conflicts:
	actionpack/lib/action_controller/test_case.rb
 2013-01-17 09:25:12 -02:00
Elia Schito
9c33cb26f4 Accept symbols as #send_data :disposition value 2012-11-27 00:25:55 +01:00
Rafael Mendonça França
d5b275db5c Revert "Merge pull request #7659 from HugoLnx/template_error_no_matches_rebased" 
This reverts commit 7d17cd2cbf.

Conflicts:
	actionpack/CHANGELOG.md

Reason: This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but we will be backward compatible in
stable release.

Fixes #8068.
 2012-10-31 00:31:47 -02:00
Rafael Mendonça França
6b7cd20ab3 Revert "Merge pull request #7797 from senny/7459_prefix_tempalte_assertion_variables" 
This reverts commit 2bad605873.

Conflicts:
	actionpack/CHANGELOG.md

Reason: This added a regression related with shoulda-matchers, since it
is expecting the instance variable @layouts

See 9e1188eea6/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb (L74)

This will introduce back #7459 but this stable release will be backward compatible.
Related with #8068.
 2012-10-30 23:52:51 -02:00
Rafael Mendonça França
92d761237e Merge pull request #7848 from senny/3415_assert_template_has_nil_variable 
can't pass :locals to #assert_template without a view test case (#3415)
Conflicts:
	actionpack/CHANGELOG.md
 2012-10-06 16:48:29 -03:00
Rafael Mendonça França
2bad605873 Merge pull request #7797 from senny/7459_prefix_tempalte_assertion_variables 
prefix TemplateAssertions ivars.

Closes #7459
Conflicts:
	actionpack/lib/action_controller/test_case.rb
	actionpack/lib/action_view/test_case.rb
 2012-10-01 23:58:05 -03:00
Rafael Mendonça França
7d17cd2cbf Merge pull request #7659 from HugoLnx/template_error_no_matches_rebased 
REBASED: fixing assert_template bug when template matches expected, but not ends with
Conflicts:
	actionpack/CHANGELOG.md
	actionpack/lib/action_controller/test_case.rb
 2012-09-30 00:18:57 -03:00
Tim Vandecasteele
c53e5def08 Don't paramify ActionDispatch::Http::UploadedFile in tests 
To test uploading a file without using fixture_file_upload, a posted
ActionDispatch::Http::UploadedFile should not be paramified (just like
Rack::Test::UploadedFile).
(Rack::Test::UploadedFile and ActionDispatch::Http::UploadedFile don't
share the same API, tempfile is not accessible on
Rack::Test::UploadedFile as discussed in
https://github.com/brynary/rack-test/issues/30)
 2012-09-29 16:31:10 +02:00
Yves Senn
dd76b3bbc8 log 404 status when ActiveRecord::RecordNotFound was raised (#7646) 
Conflicts:
	actionpack/CHANGELOG.md
	actionpack/lib/action_controller/log_subscriber.rb
 2012-09-17 13:39:01 -03:00
Jeremy Kemper
bccc35b13e Backport 5c51cd0: #send_file leans on Rack::Sendfile to X-Accel-Redirect the file's path, so opening the file to set the response body is wasteful. Set a FileBody wrapper instead that responds to to_path and streams the file if needed. 2012-08-15 08:43:49 -05:00
Aaron Patterson
27311fef5e * Do not convert digest auth strings to symbols. CVE-2012-3424 2012-07-26 13:30:15 -07:00
Dmitry Vorotilin
ffdca21e44 Show in log correct wrapped keys 2012-07-05 15:47:04 +04:00
Santiago Pastorino
7f93791457 ActionController::Caching depends on RackDelegation and AbstractController::Callbacks 2012-06-13 16:18:55 -03:00
Rafael Mendonça França
3cba6eee66 Revert "fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called" 
This reverts commits e3069c64b2 and 2b2983d76f.

Reason: This add a non-backward compatible change in the way that flash
works now (swept in every request).
 2012-06-05 16:05:55 -03:00
Kunal Shah
4d52738738 If content_type is explicitly passed to the :head method use the value or fallback 2012-05-07 18:56:36 -04:00
Nick Ragaz
bfb25f9cae Add a role option to wrap_parameters. 
The role option identifies which parameters are accessible and should be wrapped. The default role is :default.
 2012-05-04 10:14:14 -04:00
Will Bryant
e3069c64b2 fix the Flash middleware loading the session on every request (very dangerous especially with Rack::Cache), it should only be loaded when the flash method is called 2012-04-30 00:17:27 -07:00
Andrew White
a72fe84d00 Add note about using 303 See Other for XHR requests other than GET/POST 
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.

Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:

Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/

Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493

WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183

Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d

Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373

HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428

Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html

Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/

Fixes #4144
(cherry picked from commit 24f143789a8989f3bccde14ff28067de25cafd87)
 2012-04-30 06:59:15 +01:00
Andrew White
d6bbd337ef Don't convert params if the request isn't HTML - fixes #5341 
(cherry picked from commit 7a80b69e00f68e673c6ceb5cc684aa9196ed3d9f)

Conflicts:

	actionpack/test/controller/test_test.rb
 2012-04-29 10:27:17 +01:00
David Heinemeier Hansson
275ee0dc7b We dont need to merge in the parameters as thats all being reset by the rack headers (and its causing problems for Strong Parameters attempt of wrapping request.parameters because it will change in testing) 2012-03-20 22:16:44 +01:00
Aaron Patterson
f52ad6cf33 Merge pull request #5456 from brianmario/redirect-sanitization 
Strip null bytes from Location header
 2012-03-15 14:58:27 -07:00
Piotr Sarnacki
ccf4ff0360 Remove ActionController::TestCase#rescue_action_in_public! 
This method has no effect since exception handling was
moved to middlewares and ActionController tests do not
use any middlewares.
 2012-03-15 04:15:41 +01:00
José Valim
3775058f1f Remove usage of deprecated module. 2012-03-07 15:26:56 +01:00
José Valim
e7560bc787 Set the rendered_format on respond_to. 2012-03-07 15:03:08 +01:00
Santiago Pastorino
74fe7e1018 Deprecate ActionController::SessionManagement 2012-03-06 18:13:30 -02:00
Prem Sichanugrist
82a8698e56 Always passing a respond block from to responder 
We should let the responder to decide what to do with the given
overridden response block, and not short circuit it.

Fixes #5280
 2012-03-05 21:09:47 -05:00
Santiago Pastorino
19433ce870 format lookup for partials is derived from the format in which the template is being rendered 
Closes #5025 part 2
 2012-02-22 11:13:02 -02:00
Aaron Patterson
3b824d66cd search private / protected methods in trunk ruby 2012-02-20 11:02:56 -08:00
Santiago Pastorino
7c79996c67 Rack body respond to each and not to join 
This fixes undef `to_str' for Rack::Chunked::Body when using
caches_action + streaming on an action

Closes #5027
 2012-02-14 21:53:38 -02:00
Ryan McGeary
391e6a47db Fixed force_ssl redirects to include original query params 
`ActionController.force_ssl` redirects http URLs to their https equivalent;
however, when a URL contains a query string, the resulting redirect lacked the
original query string.
 2012-02-06 17:47:17 -05:00
José Valim
2bf2055f7a Clean up a bit default_response handling and cache format negotiation. 2012-02-04 16:01:01 +01:00
Prem Sichanugrist
567ac65b42 Fix override API response bug in respond_with 
Default responder was only using the given respond block when user
requested for HTML format, or JSON/XML format with valid resource. This
fix the responder so that it will use the given block regardless of the
validity of the resource. Note that in this case you'll have to check
for object's validity by yourself in the controller.

Fixes #4796
 2012-02-03 14:26:34 -05:00
Damian Le Nouaille
fd9d394cc3 example bracket error 2012-01-26 00:01:39 +05:30
José Valim
08d6eb6824 Do not deprecate performed? 2012-01-19 19:45:22 +01:00
Carlos Antonio da Silva
786a0b7475 Remove duplicated constant definition 
ActionController::ActionControllerError is already defined in
action_controller/metal/exceptions.
 2012-01-17 18:07:08 -02:00
Carlos Antonio da Silva
e5e87041ce Deprecate AC::UnknownError and AC::DoubleRenderError 
Use the constants AbstractController::ActionNotFound and
AbstractController::DoubleRenderError respectively instead.
 2012-01-17 18:07:08 -02:00
Carlos Antonio da Silva
57be2cfa1e Deprecate default_charset= at controller level 2012-01-17 18:07:08 -02:00