Andrew White
25139ac92c
Don't write out secure cookies unless the request is secure
2010-10-27 15:04:29 +01:00
Andrew White
0e52a609fd
Don't create a deprecation proxy object if the variable was passed in local_assigns [ #1671 state:resolved]
2010-10-26 12:57:21 +01:00
Aaron Patterson
df78de2bc8
removing space errors
2010-10-21 10:30:18 -07:00
Omar Qureshi
36b91e34f4
Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings
2010-10-21 10:28:54 -07:00
Michael Koziarski
f5ed5c317e
Prepare for the 2.3.10 release
2010-10-15 08:41:59 +13:00
Geoff Buesing
f2e32e4fd7
require 'uri' in action_controller/url_rewriter [ #5555 state:resolved]
...
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-10-12 00:58:29 +02:00
Michael Koziarski
dbbf2fd19c
Revert "Makes form_helper use overriden model accessors backport"
...
This change introduced breakages and test failures.
This reverts commit 8141f0894e
2010-09-27 12:20:54 +13:00
W. Andrew Loe III
17f2fb44c0
Only send secure cookies over SSL.
2010-09-14 11:52:40 -07:00
Andrew Kaspick
a159fd0b8c
Fix fixtures in integration test sessions
...
Signed-off-by: Michael Koziarski <michael@koziarski.com >
2010-09-10 10:45:23 +12:00
Mikel Lindsaar
597fb1da94
Adding documentation to redirect_to and status code option references
2010-09-09 14:00:09 +10:00
Mislav Marohnić
c6e33d30c1
fix setting session cookie with activerecord and memcache store
...
Commit f8f3653#5581 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com >
2010-09-08 12:59:48 -03:00
Jeremy Kemper
a61a39ecd4
Rails 2.3.9
2010-09-04 14:36:40 -07:00
Jeremy Kemper
b2c91983dc
Prepare for Rails 2.3.9. Release 2.3.9.pre gems.
2010-08-29 20:19:05 -07:00
Santiago Pastorino
43e2bbe28e
Making time_zone_options_for_select return a html_safe string master backport
2010-08-15 10:07:38 -03:00
Santiago Pastorino
8141f0894e
Makes form_helper use overriden model accessors backport
...
[#3374 ]
2010-08-01 19:49:45 -03:00
Santiago Pastorino
a5d8c95a7c
Changes the usage of Object#returning with Object#tap
...
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-07-25 22:49:06 +02:00
Jon Yurek
fb615cd7fd
Fix for integration tests not serializing arrays in multipart forms correctly.
...
Signed-off-by: wycats <wycats@gmail.com >
2010-07-17 13:01:50 -05:00
Michael Lovitt
257a29d3cc
Sessions should not be created until written to and session data should be destroyed on reset. [ #4938 state:resolved]
...
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-07-14 08:04:37 +02:00
Aaron Patterson
67e18c523c
fisting Session::AbstractStore#clear to actually clear the session. [ #5030 state:resolved]
...
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net >
2010-07-01 14:47:28 -07:00
Jan Berkel
f8f4872fcc
Backported patch from [ #4762 ]
...
URL fragments should not have safe characters escaped. Ref: Appendix A,
http://tools.ietf.org/rfc/rfc3986.txt
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-30 13:27:28 +02:00
Prem Sichanugrist
f8f365346e
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [ #2485 state:resolved]
...
This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-25 09:47:56 +02:00
Neeraj Singh
cc53229378
Fragment cache not generating the proper cache key in log
...
[#4827 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-23 09:11:48 +02:00
Michael Koziarski
cbf36cf57c
Revert "make text_field and hidden_field omit the value attribute if the developer explicitly passes in :value => nil [ #4839 state:reopened]"
...
This reverts commit 52c922fad1
2010-06-23 16:54:05 +12:00
Michael Koziarski
52c922fad1
make text_field and hidden_field omit the value attribute if the developer explicitly passes in :value => nil [ #4839 state:resolved]
...
Signed-off-by: Michael Koziarski <michael@koziarski.com >
Conflicts:
actionpack/lib/action_view/helpers/form_helper.rb
2010-06-23 16:25:19 +12:00
Jesse Storimer
85b6d79d8a
CookieStore should preserve the Set-Cookie header Array [ #4743 state:resolved]
...
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net >
2010-06-22 11:25:32 -07:00
Prem Sichanugrist
5ed6a8447b
Change all i18n interpolations from {{...}} to %{...}
...
This will silent all warning if there's a i18n version 0.4.x gem install on user's machine.
[#4913 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-21 01:14:36 +02:00
Prem Sichanugrist
0f44d37d04
Make sure that rails recognized the full notation of IPv6 loopback address, and recognize 127.0.0.0/8 in IPv4
...
[#3257 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-06-08 19:47:18 +02:00
Michael Koziarski
5796a92433
Merge commit 'mislav/auto_link_2-3-stable' into 2-3-stable
2010-05-29 14:05:21 +12:00
Jeremy Kemper
9da7ff8842
Bump 2-3-stable to 2.3.9
2010-05-25 09:50:34 -07:00
Jeremy Kemper
f7e27bd078
i18n: t() handles single keys returning an Array, also
2010-05-24 20:41:28 -07:00
Jeremy Kemper
6a9e188c0c
HTML safety: fix textarea with nil content
2010-05-24 20:13:07 -07:00
Santiago Pastorino
a9032c885f
Error messages for asserts
...
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net >
2010-05-24 16:05:39 -07:00
Jeremy Kemper
e8ba5265e0
Work around strange Ruby 1.9 autoload issue by using absolute load paths for tests (ditto for other components' tests)
2010-05-24 16:05:34 -07:00
José Valim
50f3754525
Ensure translations work with symbols.
2010-05-24 23:38:49 +02:00
Santiago Pastorino
4986d5ed04
translate helper method using an array is deprecated
...
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-05-24 23:38:48 +02:00
Jeremy Kemper
4fef5af9c3
2.3.7.pre1: fixes HTML escaping when *not* using rails_xss
2010-05-24 14:02:38 -07:00
Jeremy Kemper
9d3bd87045
Work around strange Ruby 1.9 autoload issue by using absolute load paths for tests
2010-05-24 12:16:33 -07:00
Santiago Pastorino
6b0616d1b8
translation method of TranslationHelper module returns a SafeBuffer Array backport
...
[#4675 state:committed]
Signed-off-by: José Valim <jose.valim@gmail.com >
2010-05-24 20:56:44 +02:00
Santiago Pastorino
d3da1a2c66
Revert "translation method of TranslationHelper module returns always SafeBuffer [ #4194 status:resolved]"
...
This reverts commit 2310aef29bjose.valim@gmail.com >
2010-05-24 20:56:44 +02:00
wycats
8e6a044b2b
Needs to work on 1.8 too
2010-05-24 11:29:12 -07:00
wycats
50b7c0c104
Give the ERB String the encoding of the original template
2010-05-24 11:18:20 -07:00
Jeremy Kemper
c66013e2c5
Fix that captured content (e.g. with form_for or div_for) would be HTML-escaped even without the rails_xss plugin installed. Rails 2.3.7, we barely knew ya...
2010-05-24 09:12:00 -07:00
Lance Ivy
9e08e196fa
Ensure auto_link does not ignore multiple trailing punctuations
...
[#2504 state:resolved]
2010-05-24 11:47:36 +02:00
Mislav Marohnić
17b4fd25e4
avoid auto_linking already linked emails; more robust detection of linked URLs
...
References #1523 [#1862 state:resolved] [#3591 state:resolved]
Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination with `raw`.
Let link text be automatically HTML-escaped
[#2017 state:resolved]
2010-05-24 11:18:20 +02:00
Mislav Marohnić
bd9ca9aed0
auto_link: support arbitrary URI schemes like "ftp:" and "file:"
...
recognizes all URI scheme allowed characters, such as colon and period.
[#3494 state:resolved]
2010-05-24 11:18:20 +02:00
Jeremy Kemper
f97da34b4f
Bump 2-3-stable to 2.3.8
2010-05-24 01:39:19 -07:00
Jeremy Kemper
326188c25e
2.3.7 release: fix rails_xss compatibility
2010-05-24 00:04:41 -07:00
Jeremy Kemper
86f0287993
Revert "Don't always mark the argument to #concat as HTML-safe."
...
This reverts commit e53791f8c0
2010-05-23 16:51:47 -07:00
Jeremy Kemper
ab2d7c8b5d
Use a non-XSS-protected output buffer for view tests
2010-05-23 16:21:44 -07:00
Jeremy Kemper
ca5f5d97b9
Fix test rendering unmarked but safe HTML
2010-05-23 15:28:40 -07:00
