github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-13 08:37:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,278 Commits 34 Branches 105 Tags
github31
Commit Graph

1991 Commits

Author SHA1 Message Date
Charlie Somerville
15678eac1c delete rjs templates 2013-10-24 12:58:08 -04:00
Charlie Somerville
2e21cced12 more test fixing 2013-10-24 12:54:06 -04:00
Charlie Somerville
aa4dfa6937 delete link_to_function and button_to_function 2013-10-24 12:46:41 -04:00
Charlie Somerville
ca7a53cbe9 fix tests 2013-10-24 12:46:30 -04:00
Charlie Somerville
6db8e71ad8 delete tests that hit PrototypeHelper 2013-10-24 12:25:38 -04:00
Charlie Somerville
a4274b33f7 rip out scriptaculous 2013-10-24 12:23:20 -04:00
Charlie Somerville
9645f8be89 delete prototype.js helpers 2013-10-24 12:21:25 -04:00
Charlie Somerville
050be61caf delete test for formatted_ 2013-10-02 14:29:50 +10:00
Charlie Somerville
685cb901fc Merge pull request #13 from github/backport-message_verifier 
Backport ActiveSupport::MessageVerifier from Rails 3
 2013-08-27 03:55:52 -07:00
Charlie Somerville
e9f9d05a94 pass digest as a key in an options hash 2013-08-27 20:51:18 +10:00
Greg Ose
ecd6fb250a Test for form_for authenticity_token backport 2013-08-12 13:21:03 -05:00
Charlie Somerville
33e9676968 more respond_to? fixes 2013-08-08 20:37:30 -07:00
Charlie Somerville
28a87a2d54 update vendored html-scanner 2013-08-08 20:37:30 -07:00
Charlie Somerville
3aaacc67e8 fix actionpack test 2013-08-08 20:37:30 -07:00
Charlie Somerville
2ff2fecb37 respond_to crap 2013-08-08 20:37:30 -07:00
Charlie Somerville
e423b0095f fix broken tests and warnings 2013-08-07 00:46:51 -07:00
Charlie Somerville
06d4ca0254 establish a baseline by skipping all tests failing before 2.0.0 2013-08-06 17:41:45 -07:00
Aaron Patterson
37ea897a44 fix protocol checking in sanitization [CVE-2013-1857] 
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
	actionpack/test/controller/html-scanner/sanitizer_test.rb
 2013-03-18 15:01:49 -03:00
Xavier Noria
2eede7e5ac s/escape_once/html_escape/, since html safety is the contract that now says whether something has to be escaped 
Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_view/helpers/form_tag_helper.rb
	actionpack/lib/action_view/helpers/url_helper.rb
	actionpack/test/template/url_helper_test.rb
 2013-02-16 20:44:20 -08:00
rizwanreza
3df96518be Allow content_tag options to take an array [#1741 state:resolved] [rizwanreza, Nick Quaranto] 
Example:
  content_tag('p', "limelight", :class => ["song", "play"])
  # => <p class="song play">limelight</p>

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2013-02-16 20:22:41 -08:00
Aman Gupta
b18f5c9af1 bump mocha dependency 2012-12-08 20:35:13 -08:00
Aaron Patterson
60f783d9ce fixing strip tags vulnerability 2011-08-16 14:58:13 -07:00
Aaron Patterson
11dafeaa75 fixing response splitting problem 2011-08-16 14:25:45 -07:00
José Valim
d793a56121 Merged pull request #198 from robdimarco/2-3-stable. 
Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
 2011-04-28 00:37:53 -07:00
gmarik
b0be721dd9 respect :expire_after option 
- it was broken after
[commit](e0eb8e9c65)
- there's also
[issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option)

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114)

Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-04-14 13:48:35 +02:00
Rob Di Marco
589ce09564 Unit test that shows calling reset session twice results in an exception 2011-02-28 22:53:36 -05:00
Michael Koziarski
7e86f9b4d2 Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
 2011-02-09 09:20:17 +13:00
Michael Koziarski
abe97736b8 Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. 
This fixes CVE-2011-0446
 2011-02-09 09:20:16 +13:00
Michael Koziarski
6d916329b8 Require thread explicitly rather than relying on rubygems to do it. 2010-12-20 11:16:55 +13:00
Pascal Friederich
e0eb8e9c65 Let Rack::Utils.set_cookie_header! create the Set-Cookie header instead of manually fiddling with the response headers [#4941 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-12-01 11:58:45 +01:00
José Valim
2826324e56 Revert "Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings" 
This reverts commit 36b91e34f4.

Conflicts:

	actionpack/test/activerecord/active_record_store_test.rb
 2010-12-01 11:48:31 +01:00
Andrew White
25139ac92c Don't write out secure cookies unless the request is secure 2010-10-27 15:04:29 +01:00
Andrew White
0e52a609fd Don't create a deprecation proxy object if the variable was passed in local_assigns [#1671 state:resolved] 2010-10-26 12:57:21 +01:00
Aaron Patterson
df78de2bc8 removing space errors 2010-10-21 10:30:18 -07:00
Omar Qureshi
36b91e34f4 Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings 2010-10-21 10:28:54 -07:00
Michael Koziarski
dbbf2fd19c Revert "Makes form_helper use overriden model accessors backport" 
This change introduced breakages and test failures.

This reverts commit 8141f0894e.
 2010-09-27 12:20:54 +13:00
W. Andrew Loe III
17f2fb44c0 Only send secure cookies over SSL. 2010-09-14 11:52:40 -07:00
Andrew Kaspick
a159fd0b8c Fix fixtures in integration test sessions 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2010-09-10 10:45:23 +12:00
Santiago Pastorino
43e2bbe28e Making time_zone_options_for_select return a html_safe string master backport 2010-08-15 10:07:38 -03:00
Santiago Pastorino
8141f0894e Makes form_helper use overriden model accessors backport 
[#3374]
 2010-08-01 19:49:45 -03:00
Jon Yurek
fb615cd7fd Fix for integration tests not serializing arrays in multipart forms correctly. 
Signed-off-by: wycats <wycats@gmail.com>
 2010-07-17 13:01:50 -05:00
Michael Lovitt
257a29d3cc Sessions should not be created until written to and session data should be destroyed on reset. [#4938 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-07-14 08:04:37 +02:00
Aaron Patterson
67e18c523c fisting Session::AbstractStore#clear to actually clear the session. [#5030 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2010-07-01 14:47:28 -07:00
Jan Berkel
f8f4872fcc Backported patch from [#4762] 
URL fragments should not have safe characters escaped. Ref: Appendix A,
  http://tools.ietf.org/rfc/rfc3986.txt

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-30 13:27:28 +02:00
Prem Sichanugrist
f8f365346e Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] 
This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-25 09:47:56 +02:00
Michael Koziarski
cbf36cf57c Revert "make text_field and hidden_field omit the value attribute if the developer explicitly passes in :value => nil [#4839 state:reopened]" 
This reverts commit 52c922fad1
 2010-06-23 16:54:05 +12:00
Michael Koziarski
52c922fad1 make text_field and hidden_field omit the value attribute if the developer explicitly passes in :value => nil [#4839 state:resolved] 
Signed-off-by: Michael Koziarski <michael@koziarski.com>

Conflicts:

	actionpack/lib/action_view/helpers/form_helper.rb
 2010-06-23 16:25:19 +12:00
Jesse Storimer
85b6d79d8a CookieStore should preserve the Set-Cookie header Array [#4743 state:resolved] 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2010-06-22 11:25:32 -07:00
Prem Sichanugrist
0f44d37d04 Make sure that rails recognized the full notation of IPv6 loopback address, and recognize 127.0.0.0/8 in IPv4 
[#3257 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
 2010-06-08 19:47:18 +02:00
Michael Koziarski
5796a92433 Merge commit 'mislav/auto_link_2-3-stable' into 2-3-stable 2010-05-29 14:05:21 +12:00