In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes#5964
params is a method, defined in every controller, which always returns a hash.
If it raises a NoMethodError, it means there's a bug somewhere else, which we want to know about.
Sprocket was trying to look for these two things:
* `Rails::VERSION::STRING`
* `.initializer(str)` in `Rails::Engine`
This commit added require to version.rb into Abstract Unit, and mocking the `Rails::Engine.initializer` in `sprockets_helper_test.rb`
This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.
* Default Encoding.default_internal to UTF-8
* Eliminated the use of file-wide magic comments to coerce code evaluated inside the file
* Read templates as BINARY, use default_external or template-wide magic comments
inside the Template to set the initial encoding
* This means that template handlers in Ruby 1.9 will receive Strings encoded
in default_internal (UTF-8 by default)
* Create a better Exception for encoding issues, and use it when the template
source has bytes that are not compatible with the specified encoding
* Allow template handlers to opt-into handling BINARY. If they do so, they
need to do some of their own manual encoding work
* Added a "Configuration Gotchas" section to the intro Rails Guide instructing
users to use UTF-8 for everything
* Use config.encoding= in Ruby 1.8, and raise if a value that is an invalid
$KCODE value is used
Also:
* Fixed a few tests that were assert() rather than assert_equal() and
were caught by Minitest requiring a String for the message
* Fixed a test where an assert_select was misformed, also caught by
Minitest being more restrictive
* Fixed a test where a Rack response was returning a String rather
than an Enumerable
add lazy_load_hooks.rb, which allows us to declare code that
should be run at some later time. For instance, this allows
us to defer requiring ActiveRecord::Base at boot time purely
to apply configuration. Instead, we register a hook that should
apply configuration once ActiveRecord::Base is loaded.
With these changes, brings down total boot time of a
new app to 300ms in production and 400ms in dev.
TODO: rename base_hook