github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-31 01:08:19 -05:00
Code Issues Packages Projects Releases Wiki Activity
5,492 Commits 34 Branches 105 Tags
eca3b790b5aaa92cc563dfed095feffda150c09e
Commit Graph

1907 Commits

Author SHA1 Message Date
Jeremy Kemper
dfcb5af2dc Move rescue_action_with_handler from rescue_action to perform_action so it isn't clobbered by test overrides. References #9449, closes #9645. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7618 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 19:56:11 +00:00
Jeremy Kemper
40f9fd39f6 Include asset host in public path cache key. Clear cache between asset tag tests. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7617 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 19:47:45 +00:00
Rick Olson
2c73115b2f port over some of the csrf_killer README docs 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7614 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 17:59:17 +00:00
David Heinemeier Hansson
911ea2f26f Beefed up docs a bit 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7612 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 17:02:02 +00:00
Jeremy Kemper
7f9a6c0d92 Cache computed public asset paths. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7611 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 09:18:30 +00:00
Jeremy Kemper
8db51ee3c0 Cache more file existence checks. Flip-flop escaping. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7610 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 08:26:04 +00:00
Jeremy Kemper
871b87a323 Cache file existence checks and the list of all stylesheet sources. Manually escape tag attributes. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7609 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 08:15:56 +00:00
Jeremy Kemper
4b33306c70 The tag helper may bypass escaping. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7608 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 08:13:55 +00:00
Jeremy Kemper
38454983b4 Cache asset ids. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7607 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 06:25:13 +00:00
Jeremy Kemper
e711d8fade escape_once uses negative lookahead to avoid double-escaping instead of a second gsub 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-24 05:43:59 +00:00
Jeremy Kemper
cb5b8a7f05 Optimized named routes respect AbstractRequest.relative_url_root. Closes #9612. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7605 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 22:52:57 +00:00
David Heinemeier Hansson
2cfe118305 Dont need all of test/unit (closes #6673) [zenspider/josh] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7602 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 22:12:45 +00:00
Jeremy Kemper
6580b3ab00 Remove , and ; (comma and semicolon) from routing separators again. References #8558. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7599 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 21:58:02 +00:00
David Heinemeier Hansson
7d9fe04b1d Fixed cache_page to use the request url instead of the routing options when picking a save path (closes #8614) [josh] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7598 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 21:56:52 +00:00
Jeremy Kemper
a6f49d9b78 Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public. Closes #9449. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7597 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 21:56:22 +00:00
Rick Olson
c619003854 Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. [Rick] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7596 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 18:14:44 +00:00
Rick Olson
da0725aae3 move TextHelper#sanitize config options to the TextHelper module so it can be included and used with any class, not just ActionView::Base 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7595 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 18:09:46 +00:00
Rick Olson
4e3ed5bc44 Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. [Rick] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7592 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 02:32:55 +00:00
Rick Olson
2d02199e15 Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. [Rick, lifofifo, Jacques Distler] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7589 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-23 00:11:08 +00:00
David Heinemeier Hansson
ee45d76df8 Roll back #7578, tests failed 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7580 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 23:10:41 +00:00
David Heinemeier Hansson
9ab8d4d9ed Improve the error message for assert_redirected_to (closes #7337) [sandofsky] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7578 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 22:22:20 +00:00
Michael Koziarski
7573791284 Disable the routing optimisation code when dealing with foo_url helpers. Add test to actionmailer to expose the problem they introduced. References #9450 [Koz] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7572 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 19:20:06 +00:00
Nicholas Seckar
defb4d08dc Remove use of & logic operator. Closes #8114. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7571 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 19:02:51 +00:00
David Heinemeier Hansson
da5d8fa6ad Fixed JavaScriptHelper#escape_javascript to also escape closing tags (closes #8023) [rubyruy] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 18:31:44 +00:00
David Heinemeier Hansson
9686dcdb5b Fixed TextHelper#word_wrap for multiline strings with extra carrier returns (closes #8663) [seth] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7562 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 18:21:54 +00:00
David Heinemeier Hansson
18a24274ec Allow frameworks to be required by their gem name (closes #8845) [drnic] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7560 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 18:15:05 +00:00
David Heinemeier Hansson
712b71371d Doc fix (closes #9123) [tzaharia] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7559 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 18:03:31 +00:00
David Heinemeier Hansson
2f8146bc5e Use rel="stylesheet" in lowercase as prescribed by XHTML standards (closes #8910) [RSL] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7558 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 18:01:54 +00:00
David Heinemeier Hansson
ecceb87358 Doc fix (closes #9414) [Henrik N] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7548 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 17:38:48 +00:00
David Heinemeier Hansson
39de84d967 Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) (closes #9586) [Bounga] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7542 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 17:19:26 +00:00
David Heinemeier Hansson
a7764d8fd4 Added FormHelper#label (closes #8641) [jcoglan] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7541 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 17:17:22 +00:00
David Heinemeier Hansson
d1808916ae Fix buffer 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7534 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-22 05:14:56 +00:00
David Heinemeier Hansson
8b2439e5e4 Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) [DHH] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7529 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 22:17:35 +00:00
Michael Koziarski
9b468f4cd7 [html-scanner] Fix parsing of empty tags. Closes #7641. [anthony.bailey] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7528 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 20:45:49 +00:00
Michael Koziarski
045aee8912 Prevent clashing named routes when using uncountable resources. Closes #9598 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7526 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 18:06:01 +00:00
David Heinemeier Hansson
eede82ccb9 Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks (closes #8895) [lifo/Spakman] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7525 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 15:05:49 +00:00
Nicholas Seckar
16529a92dd Don't warn when a path segment precedes a required segment. Closes #9615. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7523 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 04:52:18 +00:00
David Heinemeier Hansson
4156497602 Fixed CaptureHelper#content_for to work with the optional content parameter instead of just the block #9434 [sandofsky/wildchild] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7522 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-21 03:40:25 +00:00
David Heinemeier Hansson
1373991dd8 Added that render :json will automatically call .to_json unless its being passed a string [DHH] Added Mime::Type.register_alias for dealing with different formats using the same mime type [DHH] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7520 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-20 23:34:07 +00:00
Jeremy Kemper
09e76e6aca Autolink behaves well with emails embedded in URLs. Closes #7313. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7516 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-20 20:40:22 +00:00
Jeremy Kemper
835cb43745 Revert [7397]. Reopens #7313. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7515 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-20 08:27:45 +00:00
David Heinemeier Hansson
0d99423727 Fixed that default layouts did not take the format into account #9564 [lifofifo] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7514 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-18 23:10:34 +00:00
Jeremy Kemper
2f60bb3327 ERB::Util#html_escape creates fewer objects 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7513 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-18 11:56:04 +00:00
Jeremy Kemper
8fd263cd4e tag_options creates fewer objects 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7512 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-18 10:55:15 +00:00
David Heinemeier Hansson
4e7dce7e40 Added security notice to Request#remote_ip underlining the fact that its value can be spoofed (and that you should use Request#remote_addr if thats a concern for your application) [Adrian Holovaty] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7502 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-17 11:12:10 +00:00
Michael Koziarski
7cb26b5d2d Disable optimisation code for UrlWriter as request.host doesn't make sense there. 
Don't try to use the .to_query method when the route has no dynamic segments.


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7501 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-17 09:30:18 +00:00
Jeremy Kemper
bfb906a905 Speed up and simplify query caching. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7498 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-17 06:15:58 +00:00
David Heinemeier Hansson
e71465bdaf Avoid RDoc warning 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7495 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-15 23:56:06 +00:00
Jeremy Kemper
148202d401 Fixed optimized route segment escaping. Closes #9562. 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7487 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-15 22:10:20 +00:00
David Heinemeier Hansson
0b0931e150 Added block-acceptance to JavaScriptHelper#javascript_tag (closes #7527) [BobSilva/tarmo/rmm5t] 
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7485 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
 2007-09-15 21:34:25 +00:00