github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
20,747 Commits 34 Branches 105 Tags
d729e5f97e116a52ccd60232b728308cd08a367f
Commit Graph

5498 Commits

Author SHA1 Message Date
Aaron Patterson
c9182597ca reduce string append funcalls 2011-02-08 16:18:37 -08:00
Michael Koziarski
ae19e4141f Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
 2011-02-08 14:57:08 -08:00
José Valim
6b1018526f Use Mime::Type references. 2011-02-08 14:14:26 -08:00
José Valim
b93c590297 Ensure render is case sensitive even on systems with case-insensitive filesystems. 
This fixes CVE-2011-0449
 2011-02-08 14:04:19 -08:00
Michael Koziarski
3ddd7f7ec9 Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. 
This fixes CVE-2011-0446
 2011-02-08 13:56:08 -08:00
Santiago Pastorino
ee0b92ec7a fields_for with inline blocks and nested attributes already persisted does not render properly 
[#6381 state:committed]
 2011-02-08 18:04:12 -02:00
Dan Pickett
3026843dc1 put authenticity_token option in parity w/ remote 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 19:04:52 -02:00
Andre Arko
10cab35d3b Allow page_cache_directory to be set as a Pathname 
For example, page_cache_directory = Rails.root.join("public/cache")

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 17:55:38 -02:00
Timothy N. Tsvetkov
b9309b47cd Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-05 18:58:32 -02:00
Xavier Noria
8b5dc9caa5 Merge branch 'master' of git://github.com/lifo/docrails 2011-02-05 19:47:08 +01:00
Gabriel Horner
277327bb7f improve routing docs, mostly for #match 2011-02-05 13:12:49 -05:00
german
adbae9aab8 fixed bug with nested resources within shallow scope 
[#6372 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-04 17:07:51 -02:00
Gabriel Horner
ac15647bf0 keep options titles consistent to "Options" 2011-02-03 23:51:06 -05:00
Franco Brusatti
d3cfee1182 removing generation of id in submit helper 
[#6369 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-03 20:24:14 -02:00
Xavier Noria
e99e859a04 revises a metal example 2011-02-02 23:27:27 +01:00
Xavier Noria
33643bcf53 copy-edits 2446b13 2011-02-02 23:04:12 +01:00
Stephen Celis
a0757e00f3 Protocol-relative URL support. 
[#5774 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-02 19:09:44 -02:00
Xavier Noria
a96a9a4948 Merge branch 'master' of git://github.com/lifo/docrails 2011-02-02 22:04:11 +01:00
Bernerd Schaefer
2446b1307e Provide documentation for ActionController::Metal 2011-02-02 16:02:28 +01:00
Andrei Bocan
15ad707852 Allow customization of form class for button_to 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 19:09:00 -02:00
Akira Matsuda
cb9fa52832 auto_link: avoid recognizing full width chars as a part of URI scheme 
fixes regression by 133ada6ab0

[#5503 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 14:04:42 -02:00
Akira Matsuda
5dd803e9b1 Accept String value for render_partial :as option 
[#6222 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 13:01:54 -02:00
John Firebaugh
57bc25c5f8 Use run_callbacks; the generated _run_<name>_callbacks method is not a public interface. 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-01-31 19:45:53 -02:00
Jonathan Dance + Gabriel Horner
d1ef543794 explain different ways to use match() 2011-01-29 17:29:06 -05:00
Jonathan Dance + Gabriel Horner
fab16fded9 organize and expand on options for routing methods 2011-01-29 17:29:06 -05:00
misfo
ef48408a7b corrected the location of status code symbols 2011-01-29 16:03:40 -06:00
Jonathan Dance + Gabriel Horner
38d728fb94 add cross-references and documentation for scope 2011-01-28 19:25:12 -05:00
Jonathan Dance + Gabriel Horner
49744bdaee fix cross-references in HttpHelper methods 2011-01-28 19:25:12 -05:00
Matt Jankowski
cc9301f459 clarify what the "they" that are is and what the "are" in question is 2011-01-27 12:25:22 -05:00
Neeraj Singh
806e6f80dc render_to_string must ensure that response_body 
is nil

[ #5875 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-25 20:14:03 +01:00
Neeraj Singh
c1145d9281 If I want to set respond_body to nil then it 
should be nil and not [nil]. If anything other
than nil then wrap it in array

Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-25 20:13:56 +01:00
Doug Fales
7927fc2ff7 A patch so that http status codes are still included in logs even during an exception [#6333 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-25 20:12:22 +01:00
brainopia
8491f16e12 Add tld_length option when using domain :all in cookies 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-21 13:13:51 +01:00
brainopia
91a4193ee0 Support list of possible domains for cookies 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-21 13:13:43 +01:00
José Valim
262b2ea8cd Solve SystemStackError when changing locale inside ActionMailer [#5329 state:resolved] 2011-01-19 23:42:10 +01:00
Aaron Patterson
54de7048a5 Merge branch 'template_error' into merge 
* template_error:
  Ensure original exception message is present in both Template::Error#message and Template::Error#inspect.
  ActiveSupport::Deprecation.silence no longer needed.
 2011-01-18 10:52:37 -08:00
Christos Trochalakis
7dab186fde Issue one Cache#read command instead of two in the case of a fragment cache hit 2011-01-18 09:52:11 -08:00
Aaron Patterson
6a8f7f0e04 minitest added @__io__, so we should ignore it too 2011-01-17 14:53:44 -08:00
Aaron Patterson
9702159373 removing more unused variables 2011-01-17 14:33:34 -08:00
Santiago Pastorino
1de47a0d56 button_tag should escape it content 2011-01-12 22:05:52 -02:00
Aaron Patterson
16ae08fff0 use raise to create exceptions and to set the backtrace 2011-01-12 11:15:11 -08:00
Aaron Patterson
1d9c555297 reraising should be in the rescue block 2011-01-12 11:15:10 -08:00
Santiago Pastorino
daada51d10 Reuse the view_context from the controller, this make the test environment more similar to the code applications uses 2011-01-12 16:47:56 -02:00
Santiago Pastorino
6062d434f1 Allow view in AV::TestCase to access it's controller helpers methods 2011-01-12 12:14:00 -02:00
Santiago Pastorino
a61e3acef2 html_safe.to_str makes no sense 2011-01-11 18:57:35 -02:00
Krekoten' Marjan
366e7854ac Refactor to handle the X-Cascade without having to raise an exception 2011-01-09 16:08:54 -08:00
Jakub Kuźma
5106ce88e4 authenticity_token option for form_tag [#2988 state:resolved] 2011-01-09 15:55:26 -08:00
John Allison
5d1d9bfb05 Improve select helpers by allowing a selected value of false. This is useful when using a select helper with a boolean attribute, and the attribute is false. (e.g. f.select :allow_comments) 2011-01-09 15:45:55 -08:00
Rizwan Reza
18605adec3 HTML5 button_tag helper 
This tag is similar in nature to submit_tag, but allows more control.
It also doesn't submit if submit type isn't used, allowing JavaScript to
control the flow where required.

For more information: http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-button-element
 2011-01-09 15:22:23 -08:00
Santiago Pastorino
14198d84a9 Remove InstanceTagMethods module and define the methods inside the InstanceTag class 2011-01-09 13:35:38 -02:00