github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
22,664 Commits 34 Branches 105 Tags
9d8e2fb5e21da725755366ae2b7affe83ce1b6b0
Commit Graph

187 Commits

Author SHA1 Message Date
José Valim
324f1451b0 Dump and load rack-cache stuff. 2011-05-17 17:33:17 -04:00
Xavier Noria
d491130236 Merge branch 'master' of git://github.com/lifo/docrails 
Conflicts:
	actionpack/lib/action_view/helpers/date_helper.rb
	railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt
 2011-05-14 11:21:27 +02:00
José Valim
3aa8f348ef Fix previous commit by allowing a proc to be given as response_body. This is deprecated and is going to be removed in future releases. 2011-05-10 16:53:57 +02:00
David Heinemeier Hansson
5b8801442e Only show dump of regular env methods on exception screen (not all the rack crap) [DHH] 2011-05-04 19:56:56 -05:00
Josh Kalderimis
8e69f1eb20 minor correction to the ActionDispatch::Http::URL subdomain docs 2011-05-04 21:53:10 +02:00
José Valim
6b79463ed8 Fix .subdomain regression. 2011-05-04 20:05:35 +02:00
José Valim
35d0d82ae3 More performance optimizations. 2011-05-03 01:37:01 +02:00
José Valim
a55f2de0c5 Improve performance for filtered parameters and add tests. 2011-05-03 01:04:57 +02:00
José Valim
73c94ed97a Add ignore_accept_header config to AD::Request. 2011-05-02 23:38:57 +02:00
José Valim
d31af44012 Fix tests on 1.8 by explicitly checking for strings (which also improves performance). 2011-04-20 21:54:19 +02:00
José Valim
a66c917235 Do not inherit from Rack::Response, remove a shit-ton of unused code. 2011-04-19 11:54:12 +02:00
Prem Sichanugrist & Xavier Noria
68802d0fbe Filter sensitive query string parameters in the log [#6244 state:committed] 
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.

Signed-off-by: Xavier Noria <fxn@hashref.com>
 2011-03-11 00:16:18 +01:00
Andrew White
03cbd9672c Filter params that return nil for to_param and allow through false values 2011-03-09 14:44:25 +00:00
Carlos Antonio da Silva
f23bf7dbdb Add missing deprecation require 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-11 13:29:23 -02:00
Michael Koziarski
ae19e4141f Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
 2011-02-08 14:57:08 -08:00
José Valim
6b1018526f Use Mime::Type references. 2011-02-08 14:14:26 -08:00
Stephen Celis
a0757e00f3 Protocol-relative URL support. 
[#5774 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-02 19:09:44 -02:00
Aaron Patterson
9702159373 removing more unused variables 2011-01-17 14:33:34 -08:00
Xavier Noria
48386d245b Merge branch 'master' of git://github.com/lifo/docrails 2010-12-05 10:33:50 +01:00
Carlos Antonio da Silva
e1d0d5ae81 Fix mime type doc typos 2010-12-04 22:40:05 -02:00
José Valim
226ea0e9e8 Wrap everything in class << self. 2010-12-03 13:27:43 +01:00
José Valim
78afe68afb Merge remote branch 'joshk/redirect_routing' 
Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_controller/metal/mime_responds.rb

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-12-03 12:27:50 +01:00
Josh Kalderimis
0bda6f1ec6 The redirect routing method now allows for a hash of options which only changes the relevant parts of the url, or an object which responds to call can be supplied so common redirect rules can be easily reused. This commit includes a change where url generation from parts has been moved to AD::Http::URL as a class method. 2010-11-30 16:36:01 +01:00
José Valim
31906eecdf Fix tests on 1.9.2. 2010-11-28 12:48:50 +01:00
José Valim
a4c360e8c7 trailing star mimes should respect the order in which mime types are defined. 2010-11-28 11:54:00 +01:00
Neeraj Singh
18adbe9347 process text/* if it appears in the middle of 
HTTP_ACCEPT parameter
 2010-11-25 04:38:51 +08:00
Neeraj Singh
5c9abb6cca processing image/* is an odditity because there is 
a test case which expects image/* to not to be
expanded. So I am leaving image/* as it is and
process only text/* and application/*
 2010-11-25 04:38:50 +08:00
Neeraj Singh
e870883625 unregister method implementation and test 2010-11-25 04:38:47 +08:00
Josh Kalderimis
e39138478b port_string bought back to life as it is part of the public api 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-24 10:34:18 +01:00
Josh Kalderimis
2fe43b694f :subdomain, :domain and :tld_length options can now be used in url_for, allowing for easy manipulation of the host during link generation. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-23 09:54:42 +01:00
Neeraj Singh
794b34306e remove select, collect and then inject with 
something better

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:15 +01:00
Neeraj Singh
c5bfc6abe4 string include method is 10x faster than creating 
a new regex object every single time

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:14 +01:00
Neeraj Singh
8154f4b816 Compile regex only once 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:14 +01:00
Neeraj Singh
6f6e754bac implement code that handles text/*, appplication/*, 
and image/*

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:13 +01:00
Neeraj Singh
d04a21b362 declare regex as a constant 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:13 +01:00
Neeraj Singh
eb6ccc9953 do not assume that there is no space between 
leading */* and comma

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:12 +01:00
Neeraj Singh
61950a4b05 current code ignores http header "Accept" if it 
has ....,*/* .

It is possible to a device to send
request such that */* appear at the beginning of the
"Accept" header. This patch ensures that "Accept" header
is ignored for such cases too.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-11-22 23:06:12 +01:00
Neeraj Singh
7d5b097357 use_accept_header is no longer supported 2010-11-21 03:29:44 +01:00
Aaron Patterson
c52e2cf4b3 delegating path and open to internal tempfile 2010-11-18 10:10:25 -08:00
Josh Kalderimis
e1e780a31d Brought the domain method in AD http url inline with subdomain where @@tld_length is used by default. Also set the default value of @@tld_length to 1. 2010-11-16 18:57:51 +08:00
Andrew White
d446392f76 Add additional HTTP request methods from the following RFCs: 
* Hypertext Transfer Protocol -- HTTP/1.1
  http://www.ietf.org/rfc/rfc2616.txt)

* HTTP Extensions for Distributed Authoring -- WEBDAV
  http://www.ietf.org/rfc/rfc2518.txt

* Versioning Extensions to WebDAV
  http://www.ietf.org/rfc/rfc3253.txt

* Ordered Collections Protocol (WebDAV)
  http://www.ietf.org/rfc/rfc3648.txt

* Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol
  http://www.ietf.org/rfc/rfc3744.txt

* Web Distributed Authoring and Versioning (WebDAV) SEARCH
  http://www.ietf.org/rfc/rfc5323.txt

* PATCH Method for HTTP
  http://www.ietf.org/rfc/rfc5789.txt

[#2809 state:resolved] [#5895 state:resolved]
 2010-11-02 10:56:14 +00:00
Jeremy Kemper
0dfdbdd4f4 Fix loop introduced by rack:dda892d 2010-10-26 11:31:05 -07:00
José Valim
69a1a0adb5 Remove rack-cache-purge. 2010-10-26 14:05:06 -02:00
Krekoten' Marjan
a75d21df06 Fix status initialization when custom status provided 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2010-10-18 17:34:22 -02:00
Krekoten' Marjan
7b2ec381ca Change def to attr_reader + alias 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-10-18 00:54:58 +02:00
Miles Egan
3eff729079 make sure request parameters are accessible after rack throws an exception parsing the query string [#3030 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-10-12 00:56:07 +02:00
Aaron Patterson
1217339616 only forwarding enough methods to work. People should grab the delegate tempfile if they really need to do hard work 2010-10-04 19:28:40 -07:00
Aaron Patterson
3370ad0b1e making sure respond_to? works properly 2010-10-04 17:11:50 -07:00
Aaron Patterson
8a97470210 raising an argument error if tempfile is not provided 2010-10-04 17:08:25 -07:00
Aaron Patterson
2a3022db7f delegate to the @tempfile instance variable 2010-10-04 16:56:45 -07:00