TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
36,192 Commits 2 Branches 0 Tags 294 MiB
14a9a4ae00
Commit Graph

10194 Commits

Author SHA1 Message Date
Ryunosuke SATO
8a13721b8c Fix JavaScript syntax in code comment [ci skip] 2013-01-29 08:38:26 +09:00
Carlos Antonio da Silva
68f69ec31e Move AS changelog entry to the top, improve AP changelog a bit 
[ci skip]
 2013-01-28 19:40:18 -02:00
Michiel Sikkes
489138802c Added a Changelog entry for fixing HEAD requests. 2013-01-28 21:29:21 +01:00
Michiel Sikkes
f7277d99bf Make current_url? work with a HEAD method 
ActionDispatch::Head was removed in favor of Rack::Head. But Rack::Head
does not convert GET requests to HEAD requests so we need to do
checking for HEAD requests ourselves.
 2013-01-28 21:18:57 +01:00
Michiel Sikkes
c4bc360e4e Remove caching_allowed? from ActionController::Caching 
Where is this used? No other code references to this method and it
isn't being tested anywhere. No tests fail when commented out.
 2013-01-28 21:17:48 +01:00
Santiago Pastorino
5f5a43e2f7 Merge pull request #9032 from firmhouse/head-breaks-csrf 
Make HEAD work / convert to GET once more
 2013-01-28 07:25:20 -08:00
Akira Matsuda
5f30b547c8 Use Encoding::UTF_8 constant 🚯 2013-01-28 17:06:02 +09:00
Akira Matsuda
59deaecc76 Use already defined Encoding constants rather than creating one-trip Strings 2013-01-28 15:23:31 +09:00
Aaron Patterson
789df3be3e add fetch to CookieJar 2013-01-27 14:17:56 -08:00
Xavier Noria
0b5d3f3273 Merge remote-tracking branch 'docrails/master' 
Conflicts:
	actionpack/lib/action_view/helpers/form_options_helper.rb
	guides/code/getting_started/app/controllers/comments_controller.rb
 2013-01-26 17:41:56 +01:00
Xavier Noria
4313461587 generic pass before merging docrails 2013-01-26 17:36:38 +01:00
Akira Matsuda
fb2ecaad6c ✂️ "raise" duplication 2013-01-26 12:25:42 +09:00
Carlos Antonio da Silva
9df25844ba Add keys/values methods to TestSession 
Bring back the same API we have with Request::Session.
 2013-01-25 19:15:32 -02:00
Carlos Antonio da Silva
7d624e0e8c Integrate Action Pack with Rack 1.5 
All ActionPack and Railties tests are passing. Closes #8891.

[Carlos Antonio da Silva + Santiago Pastorino]
 2013-01-25 17:28:41 -02:00
Aaron Patterson
ccaeb6b667 use the helpers list rather than getting the methods from the module 2013-01-24 15:43:08 -08:00
Aaron Patterson
06573a3a76 module_eval is not necessary here 2013-01-24 15:33:08 -08:00
Aaron Patterson
345fc3badb don't need to eval everything 2013-01-24 15:24:07 -08:00
Akira Matsuda + Koichi Sasada
b7b27fc2a3 Set Thread.abort_on_exception for the whole AS, AP, and AR tests 
this would give us some more clues in case a test silently dies inside Thread
 2013-01-24 20:00:45 +09:00
Xavier Noria
8ac94d7c89 ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051] 2013-01-23 23:15:26 +01:00
Michiel Sikkes
2ef138f0d4 Added request.head? to forgery protection code 2013-01-22 22:01:57 +01:00
Michiel Sikkes
64245e02e3 Added a test that shows that a HEAD request does not normally pass CSRF protection 2013-01-22 21:05:22 +01:00
Rafael Mendonça França
cb56c39b51 Lets kepp using Ruby 1.9 syntax 2013-01-22 10:40:33 -02:00
Rafael Mendonça França
16e0c8816c Only check for unpermmited parameters if 
action_on_unpermitted_parameters is present
 2013-01-22 10:38:03 -02:00
Xavier Noria
2d9c4017dd avoid creating an object in every call 
This was a suggestion of @carlosantoniodasilva, thanks!
 2013-01-22 11:18:41 +01:00
Carlos Antonio da Silva
bf112e551b Remove tabs, use spaces ✂️ 
[ci skip]
 2013-01-22 00:35:33 -02:00
Akira Matsuda
1e8d5e62c6 Merge branch 'isolating_tests' 
Now we're almost ready to remove this: https://github.com/rails/rails/blob/5294ad8/activesupport/lib/active_support/test_case.rb#L29
 2013-01-22 10:27:12 +09:00
Akira Matsuda
9b520d31e5 Restore I18n.locale after running tests 2013-01-22 10:26:44 +09:00
Rafael Mendonça França
5e4fb4da83 Stylistic pass at form_helper_test 2013-01-21 23:01:09 -02:00
José Mota
ee82ce7829 Capture block so content won't leak. 
The [following pull request](https://github.com/rails/rails/pull/8916) fixed
the block being passed to the appropriate helper method. However, the content
being passed into the block is generating repeated markup on the page due to
some weird ERb evaluation.

This commit tries to capture the block's generated output so the page isn't
flooded with markup.

[Rafael França + José Mota]

Closes #8936
 2013-01-21 22:02:02 -02:00
Piotr Sarnacki
351b0d9092 Update actionpack's CHANGELOG for 445f14e 2013-01-21 21:53:06 +01:00
Akira Matsuda
d1c02a7fc2 Make sure to reset default_url_options 2013-01-22 05:24:23 +09:00
Piotr Sarnacki
445f14e975 Fix asset_path in mounted engine 
Historically serving assets from a mountable engine could be achieved by
running ActionDispatch::Static as a part of engine middleware stack or
to copy assets prefixed with an engine name. After introduction of
assets pipeline this is not needed as all of the assets are served or
compiled into main application's assets.

This commit removes the obsolete line making asset_path always generate
paths relative to the root or config.relative_url_root if it's set.

(closes #8119)
 2013-01-21 21:21:39 +01:00
Andrew White
c4106d0c08 Duplicate possible frozen string from route 
Ruby 1.9 freezes Hash string keys by default so where a route is
defined like this:

  get 'search' => 'search'

then the Mapper will derive the action from the key. This blows up
later when the action is added to the parameters hash and the
encoding is forced.

Closes #3429
 2013-01-21 17:14:10 +00:00
Rafael Mendonça França
c6a39c01f7 Merge pull request #9014 from virusman/form_helpers_ar_tests 
AR integration tests for form helpers
 2013-01-21 05:52:42 -08:00
virusman
9047ca019a Added AR integration tests for form helpers 2013-01-21 17:09:12 +04:00
Rafael Mendonça França
68a6fb6953 Merge pull request #9001 from schneems/schneems/routes-path-js 
In Browser Path Matching with Javascript
 2013-01-21 04:06:31 -08:00
Carlos Antonio da Silva
57b65ef416 Fix setting expected value in translation tests 
It was being set to nil instead due to the wrong assignment.
 2013-01-21 09:29:03 -02:00
schneems
8b72d689e3 In Browser Path Matching with Javascript 
When debugging routes ,it can sometimes be difficult to understand exactly how the paths are matched. This PR adds a JS based path matching widget to the `/rails/info/routes` output. You can enter in a path, and it will tell you which of the routes that path matches, while preserving order (top match wins).

The matching widget in action:

![](http://f.cl.ly/items/3A2F0v2m3m1Z1p3P3O3k/path-match.gif)

Prior to this PR the only way to check matching paths is via mental math, or typing in a path in the url bar and seeing where it goes. This feature will be an invaluable debugging tool by dramatically decreasing the time needed to check a path match. 

ATP actionpack
 2013-01-20 23:10:24 -06:00
Rafael Mendonça França
e4dbfce1c3 Merge pull request #9007 from dpree/master 
Enhanced tests for AbstractController::Translation module
 2013-01-20 20:26:17 -08:00
Carlos Antonio da Silva
2061c98b42 Review #translate docs [ci skip] 2013-01-20 22:49:42 -02:00
Carlos Antonio da Silva
9a7411a92b Refactor grep call to remove .each 
Grep already yields the matching keys to the given block.
 2013-01-20 22:09:32 -02:00
Carlos Antonio da Silva
e0cc7ab3ff Add missing assert calls 2013-01-20 22:03:31 -02:00
Carlos Antonio da Silva
5a69fe724e Use 1.9 hash style in docs/comments [ci skip] 2013-01-20 22:03:25 -02:00
Carlos Antonio da Silva
f12f08d61f Fix markdown formatting to highlight block in changelog [ci skip] 2013-01-20 21:45:05 -02:00
Jens Bissinger
37d15d4e1b Add documentation for abstract controller #translate and #localize method. 2013-01-20 19:15:15 +01:00
Matthew Stopa
56498b4b9e Add documentation to ActionDispatch::Response 2013-01-20 10:41:02 -07:00
Arun Agrawal
53ea940c5b Removing warning: shadowing outer local variable 2013-01-20 23:02:02 +05:30
Xavier Noria
cbec22ce57 strong parameters filters permitted scalars 2013-01-20 17:59:53 +01:00
Jens Bissinger
4685d75736 Removed ActionController::Base dependency from abstract controller translation tests. 2013-01-20 15:53:43 +01:00
Jens Bissinger
1de60c54d3 Test abstract controller's localize method. 2013-01-20 15:44:03 +01:00
Aaron Patterson
b718998f3e Merge pull request #8978 from chrismcg/remove_i18n_symbol_dependency 
Remove i18n symbol dependency
 2013-01-19 11:20:50 -08:00
Rafael Mendonça França
57126ee5e3 Restore and adapt the implementation reverted at 
cc1c3c5be0

Now instead of raise, we log by default in development and test
 2013-01-19 15:32:27 -02:00
Thomas Drake-Brockman
130370b1c8 Added ability to raise or log on unpermitted params. 2013-01-20 00:39:24 +08:00
Aaron Patterson
f209b176c3 Merge pull request #8977 from Soylent/master 
Resovled issue rails#7774
 2013-01-18 17:27:19 -08:00
Guillermo Iguaran
e636f55531 Fix syntax error 😁 2013-01-18 17:16:30 -05:00
schneems
f654c3cfc0 Remove "Application" section title from routes 
This PR standardizes the output of the HTML and console based routes to not include the title for "Application Routes" those that are defined by the application. Instead only routes defined in engines get any special treatment. 

Based on this conversation:

af5c0fd85f (commitcomment-2458823)

ATP actionpack /cc @carlosantoniodasilva
 2013-01-18 15:41:19 -06:00
Francesco Rodriguez
b8ef4f05fb fix broken examples format in image_tag helper [ci skip] 2013-01-18 12:26:03 -05:00
Guillermo Iguaran
8aebe30ef4 Revert "Merge pull request #8989 from robertomiranda/use-rails-4-find-by" 
This reverts commit 637a7d9d357a0f3f725b0548282ca8c5e7d4af4a, reversing
changes made to 5937bd02dee112646469848d7fe8a8bfcef5b4c1.
 2013-01-18 09:15:19 -05:00
robertomiranda
7baecc4802 User Rails 4 find_by 2013-01-18 07:56:05 -05:00
Thiago Pinto
8c603918ab repeating documentation for option form helpers 2013-01-17 13:45:16 -05:00
Thiago Pinto
d1238afc21 repeating documentation for date and time form helpers 2013-01-17 13:40:01 -05:00
Chris McGrath
60289ab659 Don't change the original i18n data 2013-01-17 16:01:19 +00:00
Chris McGrath
6bb784eab0 Remove i18n symbol dependency 
date.order is the only key in rails i18n that is required to be a
symbol. This patch allows for symbols or strings which means:

* No requirement for symbol type in .yml files. A future
  YAML.safe_load wouldn't need to load symbols
* Rails could actually use json rather than yml as the backend
 2013-01-17 15:21:26 +00:00
Konstantin Papkovskiy
bebb02fd1c Fix ActionDispatch::Request#formats when HTTP_ACCEPT header is empty string 2013-01-17 17:42:49 +04:00
Carlos Antonio da Silva
ee314a5e5a Remove useless || operation 2013-01-17 09:28:07 -02:00
Arun Agrawal
c9362182c8 Removing : warning: ambiguous first argument; 2013-01-17 14:43:11 +05:30
Carlos Antonio da Silva
038574a538 Deprecate direct calls to AC::RecordIdentifier.dom_id and dom_class 
Also add some generic tests to ensure they're properly deprecated.
 2013-01-16 23:09:36 -02:00
Colin Burn-Murdoch
3daff0508b Fix date_select :selected option so you can pass it nil 2013-01-16 21:52:09 +00:00
Yves Senn
19e9e67f95 replace regexp global in #url_for 2013-01-16 18:51:12 +01:00
Carlos Antonio da Silva
e5f5863e86 Remove warnings: "(...) interpreted as grouped expression" 2013-01-16 09:41:08 -02:00
Aditya Sanghi
3c19064610 adding regression test in master for #8631 2013-01-16 16:59:45 +05:30
Carlos Antonio da Silva
e7ffb5e4e3 Fix typo introduced in 0004ca3a 
[ci skip]
 2013-01-16 09:26:45 -02:00
Matthew Stopa
0004ca3a97 More documentation for ActionDispatch::Response 
[ci skip]
 2013-01-16 00:48:25 -07:00
Matthew Stopa
7b1a58bbae Document ActionDispatch::Response#body method 2013-01-16 00:33:08 -07:00
Rafael Mendonça França
e42b5f99eb Merge pull request #8958 from balexand/strong_parameters_exception_handling 
Strong parameters exception handling
 2013-01-15 17:28:29 -08:00
Brian Alexander
8e221127ab strong parameters exception handling 2013-01-15 17:45:34 -07:00
Edward Anderson
7925884b5e Remove header bloat introduced by BestStandardsSupport middleware 
The same headers were being duplicated on every request.
 2013-01-15 19:16:08 -05:00
Andrew White
f1d8f2af72 Change the behavior of route defaults 
This commit changes route defaults so that explicit defaults are no
longer required where the key is not part of the path. For example:

  resources :posts, bucket_type: 'posts'

will be required whenever constructing the url from a hash such as a
functional test or using url_for directly. However using the explicit
form alters the behavior so it's not required:

  resources :projects, defaults: { bucket_type: 'projects' }

This changes existing behavior slightly in that any routes which
only differ in their defaults will match the first route rather
than the closest match.

Closes #8814
 2013-01-15 17:22:25 +00:00
Andrew White
90d2802b71 Add support for other types of routing constraints 
This now allows the use of arrays like this:

  get '/foo/:action', to: 'foo', constraints: { subdomain: %w[www admin] }

or constraints where the request method returns an Fixnum like this:

  get '/foo', to: 'foo#index', constraints: { port: 8080 }

Note that this only applies to constraints on the request - path
constraints still need to be specified as Regexps as the various
constraints are compiled into a single Regexp.
 2013-01-15 17:21:33 +00:00
Andrew White
b28fc685a9 Ensure port is set when passed via the process method 2013-01-15 17:21:33 +00:00
Andrew White
db06d12826 Raise correct exception now Journey is integrated. 
Now that Journey has been integrated into ActionDispatch we can raise
the exception ActionController::UrlGenerationError directly rather than
raising the internal Journey::Router::RoutingError and then have
ActionDispatch::Routing::RouteSet#generate re-raise the exception.
 2013-01-15 17:21:33 +00:00
Carlos Antonio da Silva
9dfe2d6f9f Revert "log at debug level what line caused the redirect_to" 
This reverts commit 3fa00070047b5d019d39e691598ee2890283d052.

Reason: This message is usually not accurate and annoying:

    Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`
 2013-01-15 12:47:25 -02:00
Steve Klabnik
1dd89250d1 Merge pull request #8938 from colinbm/date_select_value 
Rename :value to :selected for date_select, and add missing tests/docs
 2013-01-14 12:18:36 -08:00
Colin Burn-Murdoch
1fecaf15d7 Rename :value option to :selected, in line with other select helpers 
Add tests for time & datetime.
Add documentation.
 2013-01-14 19:49:07 +00:00
Jeremy Kemper
bf095770e5 Revert benchmark helper regression. Use a #capture within a #benchmark 
block. Breaks benchmark calls that return non-String values otherwise.

Revert "add benchmark helper that works in erb"

This reverts commit 904e544cc8f5846de7c31827bb5556c6a238c0de.

Conflicts:
	actionpack/lib/action_view/helpers.rb
	actionpack/lib/action_view/helpers/benchmark_helper.rb
	actionpack/test/template/benchmark_helper_test.rb
 2013-01-14 10:24:43 -07:00
Rafael Mendonça França
242f12506d Merge pull request #8916 from josemota/collection-with-block 
Collection radio buttons and collection check boxes through FormBuilder render the provided block.

Closes #8897
 2013-01-13 18:27:41 -08:00
Colin Burn-Murdoch
aea3820261 Allow value to be set on date_select 2013-01-13 21:03:21 +00:00
Steve Klabnik
a0265b98f1 Associaton -> Association 2013-01-13 10:43:24 -05:00
José Mota
8cc60d8136 Collection radio buttons and collection check boxes through FormBuilder render 
the provided block.

In the case of having a form_for method being called, the block for each
collection would not be passed and thus the result expected was always the same.
This patch passes the block to the original method like it would be assumed.
 2013-01-12 17:42:18 +00:00
Sam Ruby
c692774bba Fix regression introduced in pull request 8812 
See https://github.com/rails/rails/pull/8812#commitcomment-2416514
 2013-01-11 16:48:58 -05:00
Carlos Antonio da Silva
d61b49e178 Merge pull request #8882 from goshakkk/clearer-conditional 
Clearer conditional in constraint match check
 2013-01-11 03:21:51 -08:00
Jon Leighton
94797ed146 Merge pull request #8623 from virusman/form_helpers_collectionproxy_fix 
Fixed nested fields bug when called with AssociationProxy
 2013-01-11 03:08:41 -08:00
Dylan Smith
bae92681be Fix json params parsing regression for non-object JSON content. 
Fixes #8845.
 2013-01-11 00:28:32 -05:00
Gosha Arinich
caa54db8a0 clearer conditional in constraint match check 2013-01-10 23:40:57 +03:00
Guillermo Iguaran
416a179ddf Merge pull request #8876 from senny/extract_performance_tests 
Extract ActionDispatch::PerformanceTest
 2013-01-10 08:10:22 -08:00
Yves Senn
3e1ed7818b extract PerformanceTest into rails-performance_tests gem 2013-01-10 17:09:06 +01:00
Rafael Mendonça França
2b5019e234 Merge pull request #8821 from jamis/master 
Evaluate view_cache_dependencies at the instance level

Conflicts:
	actionpack/lib/action_controller/caching.rb
 2013-01-10 13:34:40 -02:00
zires
ff8f92b2bf Remove redundant double quotation marks 2013-01-10 10:23:26 +08:00
Aaron Patterson
8ae9b4623e adding missing requires 2013-01-09 15:34:58 -08:00
Nathaniel Jones
d2f1ca29fc Fix typo in deprecation warning 2013-01-09 04:04:57 -06:00
Santiago Pastorino
5d0d82957a Merge pull request #8824 from mjtko/fix/cookie-store-inheritance 
Modify CookieStore middleware inheritance to avoid subclassing Rack::Session::Cookie [Fix for #7372]
 2013-01-08 17:27:13 -08:00
Carlos Antonio da Silva
b28d6e2c76 Remove :yaml related tests and fix other related to parsing empty arrays 
All Action Pack tests are green.
 2013-01-08 20:27:48 -02:00
Carlos Antonio da Silva
21879c560f Fix warning: & interpreted as argument prefix 2013-01-08 20:16:20 -02:00
Aaron Patterson
e80546cdec remove yaml as a param parser :burn: 
If you revert this commit, I will hunt you down, I will make you regret
ever terrible thing you've ever done, I will make you suffer.
 2013-01-08 13:50:38 -08:00
Jeremy Kemper
46e0d2397e CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 2013-01-08 12:42:29 -08:00
Aaron Patterson
8e577fe560 * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu 
Conflicts:
	actionpack/CHANGELOG.md
	actionpack/lib/action_dispatch/http/request.rb
	actionpack/lib/action_dispatch/middleware/params_parser.rb
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/predicate_builder.rb
	activerecord/test/cases/relation/where_test.rb
 2013-01-08 12:41:24 -08:00
Jeremy Kemper
c31cc963da Revert "Merge branch 'master-sec'" 
This reverts commit 88cc1688d0cb828c17706b41a8bd27870f2a2beb, reversing
changes made to f049016cd348627bf8db0d72382d7580bf802a79.
 2013-01-08 12:41:04 -08:00
Aaron Patterson
88cc1688d0 Merge branch 'master-sec' 
* master-sec:
  CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
  * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
 2013-01-08 12:11:18 -08:00
Jeremy Kemper
2ced6f2f8a CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 2013-01-08 12:03:34 -08:00
Vijay Dev
f049016cd3 Merge branch 'master' of github.com:lifo/docrails 
Conflicts:
	guides/source/getting_started.md
 2013-01-09 01:04:15 +05:30
Jamis Buck
0121377cfb evaluate the dependency blocks at the instance level, not class level 2013-01-08 12:02:11 -07:00
Jamis Buck
70e684a681 view_cache_dependency API 
A declarative API for specifying dependencies that affect template
cache digest computation. In your controller, specify any of said
dependencies:

  view_cache_dependency { "phone" if using_phone? }

When the block is evaluated, the resulting value is included in the
cache digest calculation, allowing you to generate different digests
for effectively the same template. (Mostly useful if you're mucking
with template load paths.)
 2013-01-08 11:20:47 -07:00
Steve Klabnik
ac86cbec82 Merge pull request #8810 from NARKOZ/image-submit-tag 
set 'alt' attribute for image_submit_tag
 2013-01-08 07:39:06 -08:00
David Heinemeier Hansson
cc1c3c5be0 Revert "unpermitted params" exception -- it's just not going to work. See the discussion on https://github.com/rails/strong_parameters/pull/75. 2013-01-08 16:17:30 +01:00
David Heinemeier Hansson
ae3286b743 Never treat action or controller as unpermitted params 2013-01-08 15:52:18 +01:00
Carlos Antonio da Silva
4f002a1df3 Bump rack dependency to 1.4.3 
It includes security bug fixes and changes the initialization of
Rack::File to accept a hash, otherwise generating warnings.

See 295806e for the warnings fix.
 2013-01-08 10:49:02 -02:00
Sam Ruby
9cc82b7719 Eliminate Rack::File headers deprecation warning 
See http://intertwingly.net/projects/AWDwR4/checkdepot/section-6.1.html
rake test produces:
   "Rack::File headers parameter replaces cache_control after Rack 1.5."

Despite what the message says, it appears that the hearders parameter change
will be effective as of Rack 1.5:

https://github.com/rack/rack/blob/rack-1.4/lib/rack/file.rb#L24
https://github.com/rack/rack/blob/master/lib/rack/file.rb#L24
 2013-01-08 07:22:48 -05:00
Nihad Abbasov
0f8f75c81a set 'alt' attribute for image_submit_tag 2013-01-08 15:56:47 +04:00
Carlos Antonio da Silva
c67005f221 Do not generate local vars for partials without object or collection 
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.

This was noticed due to warnings in Ruby 2.0 of not used variables,
which turned out to be the generation of not used variables inside
partials that do not contain objects related to them.
 2013-01-08 09:15:20 -02:00
Mark J. Titorenko
109a1b3358 Revert cb3181e - no longer required. 2013-01-08 10:10:39 +00:00
Mark J. Titorenko
fc66b6b004 Fix CookieStore middleware inheritance hierarchy s.t. it inherits from Rack::Session::Abstract::ID rather than Rack::Session::Cookie. 2013-01-08 10:10:36 +00:00
Santiago Pastorino
cb3181e81e Avoid Rack security warning no secret provided 
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
 2013-01-08 00:33:16 -02:00
Aaron Patterson
d99e8c9e16 * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu 
Conflicts:
	actionpack/CHANGELOG.md
	actionpack/lib/action_dispatch/http/request.rb
	actionpack/lib/action_dispatch/middleware/params_parser.rb
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/predicate_builder.rb
	activerecord/test/cases/relation/where_test.rb
 2013-01-07 17:20:12 -08:00
Francesco Rodriguez
2aa08e313d improve StrongParameters documentation [ci skip] 2013-01-07 16:18:06 -05:00
Gosha Arinich
ae1f86fab5 access @path and @routes via reader methods in journey 2013-01-07 17:37:02 +03:00
Gosha Arinich
a7f9c596b3 refactor ShowExceptions' #call to use def-rescue instead of begin-rescue 2013-01-07 15:58:55 +03:00
Gosha Arinich
0acf92184d prefer american spelling of 'behavior' 2013-01-07 11:47:27 +03:00
Gosha Arinich
d73cc03010 remove begin-rescue in favor of def-rescue 2013-01-07 04:02:20 +03:00
Rafael Mendonça França
cc24eba544 Fix operators precedence issue 2013-01-06 21:54:46 -03:00
Rafael Mendonça França
dc4b4c46ef Merge pull request #8787 from tank-bohr/master 
masgn and response variable
 2013-01-06 16:00:14 -08:00
Rafael Mendonça França
fb7c093d93 Merge pull request #8785 from goshakkk/refactor-debug-exceptions 
Refactor DebugExceptions
 2013-01-06 15:49:33 -08:00
Gosha Arinich
c445b07612 refactor DebugExceptions by combining two conditionals into one 2013-01-07 02:46:03 +03:00
tank-bohr
f3101fd0fc return multiple assingment and response variable 2013-01-07 03:37:06 +04:00
Akira Matsuda
3c21237c37 Reduce number of Strings a bit 2013-01-07 07:37:23 +09:00
Akira Matsuda
c8e632bd9f Namespace HashWithIndifferentAccess 2013-01-07 07:37:23 +09:00
Rafael Mendonça França
4bfcae0b67 Merge pull request #8783 from goshakkk/refactor-journey-routes 
Refactor Journey::Routes
 2013-01-06 14:30:35 -08:00
Gosha Arinich
2467ec8b5c refactor Journey::Routes 
* prefer do-end for multiline blocks
* prefer or-equals over returns with checks
 2013-01-07 01:24:29 +03:00
tank-bohr
8f18550b0a fix for rbx 
Rubinius returns a boolean after such assingment
response = (_, headers, body = @app.call(env))

see https://github.com/rubinius/rubinius/issues/2117

get rid of a local variable
 2013-01-07 02:00:40 +04:00
Akira Matsuda
2f8e5f627d Needless requires 2013-01-06 23:59:11 +09:00
Akira Matsuda
5fd143ec56 Missing requires 2013-01-06 23:58:48 +09:00
Akira Matsuda
15bd0f60db These are already required through AS/rails 
* core_ext/object/blank
* concern
* core_ext/class/attribute
* deprecation
 2013-01-06 23:57:25 +09:00
Carlos Antonio da Silva
b8d9319e8e Rename route_wrapper partial layout to table 
It is used by the table formatter only, and it's already inside a routes
directory that namespaces it properly, so calling it just "table" seems
simpler.
 2013-01-06 11:22:26 -02:00
Carlos Antonio da Silva
3abb76824b Move table routes formatter class to the inspector and rename it 
It feels more consistent to have this class called "HtmlTableFormatter",
and to have it here with the routes inspector and console formatter,
since it's used for both routing error exceptions and the rails info
page.
 2013-01-06 11:19:30 -02:00
Andrew White
f18078475e Merge pull request #8777 from goshakkk/delegate-class 
Delegate to :class rather than 'self.class'
 2013-01-06 05:00:54 -08:00
Carlos Antonio da Silva
7843e009d2 Refactor the logic that checks whether or not to emit the hidden id field 
By checking for object.persisted? first, we avoid the hash lookups for
new objects.
 2013-01-06 10:54:22 -02:00
Carlos Antonio da Silva
e56e3db6e6 Move the hidden :id field logic to where it belongs to 
When dealing with nested forms, Rails automatically generates a hidden
field with the id value of the current object being generated by
fields_for. This logic was inside the method that's available from the
template object, but we just need it when really dealing with nested
attributes, so moving the code to here makes more sense.
 2013-01-06 10:54:22 -02:00
Carlos Antonio da Silva
04338b9e3b Eliminate the usage of parent_builder option from form_for 
Just use it internally from fields_for until we come up with a better solution.
 2013-01-06 10:54:22 -02:00
Carlos Antonio da Silva
115a37d9c1 Do not call fields_for from form_for, to avoid instantiating two builders 2013-01-06 10:54:21 -02:00
Carlos Antonio da Silva
94ecbb7e7b Refactor to not call path.ast twice 2013-01-06 10:52:36 -02:00
Gosha Arinich
c730bef3d8 refactor Route#ast to use or-equals and block, instead of return with a cond 2013-01-06 15:38:00 +03:00
Gosha Arinich
7a439d23de delegate to :class rather than 'self.class' 2013-01-06 12:43:30 +03:00
Akira Matsuda
70ae89c321 Remove unnecessary begin..rescue..end, use only rescue 2013-01-06 15:41:14 +09:00
Chase DuBois
0836b7441e HTTP 302 means Found, not Moved 2013-01-05 13:03:26 -08:00
Rafael Mendonça França
688dde2d62 Fix documentation to content_tag_for [ci skip] 2013-01-05 16:50:15 -03:00
Andrew White
fa6e995a03 Merge pull request #8766 from jcoglan/session_token_docs 
Remove suggestion that Procs can be used as session secrets.

[ci skip]
 2013-01-05 10:30:30 -08:00
Yves Senn
947e1d5e85 deprecate assert_blank and assert_present. 
They don't add any benefits over `assert object.blank?`
and `assert object.present?`
 2013-01-05 18:04:52 +01:00
Carlos Antonio da Silva
0aadca2d83 Remove warning, remove not used variable, and make methods private 
Warning: "shadowing outer local variable - routes".
 2013-01-05 13:45:44 -02:00
James Coglan
6500d7994e Remove suggestion that Procs can be used as session secrets. 2013-01-05 15:16:18 +00:00
Carlos Antonio da Silva
c1eaff00b7 Close container div tag in routing error page 2013-01-05 12:02:18 -02:00
Carlos Antonio da Silva
60e809cffd Move style to head to make routes page valid html5 2013-01-05 12:01:16 -02:00
Carlos Antonio da Silva
6cc42464fe Action Pack changelog improvements [ci skip] 2013-01-05 11:42:23 -02:00
Yves Senn
80795e02ca display mountable engine routes on RoutingError. 2013-01-05 14:31:03 +01:00
Yves Senn
af5c0fd85f split formatting concerns from RoutesInspector 2013-01-05 13:59:14 +01:00
Rafael Mendonça França
0102c817bf Rename the last occurrence of UnexpectedParameters 2013-01-05 07:04:42 -03:00
Rafael Mendonça França
18ac587cd8 Wrong copy and paste 💣 
[ci skip]
 2013-01-05 07:01:51 -03:00
Rafael Mendonça França
beda9c5bdf Add documentation to raise_on_unpermitted_parameters option 
[ci skip]
 2013-01-05 06:56:24 -03:00
Rafael Mendonça França
1401f96492 Rename the configuration to raise_on_unpermitted_parameters 
Also changed the exception to UnpermittedParameters
 2013-01-05 06:39:51 -03:00
Rafael Mendonça França
58f52677e8 Ensure that raise_on_unexpected_params configuration will work 2013-01-05 06:23:28 -03:00
Rafael Mendonça França
df1f290712 Merge pull request #8752 from thomasfedb/master 
Exception on unexpected params when enabled.
 2013-01-05 00:22:06 -08:00
Thomas Drake-Brockman
08578bb40a Allow developers to enable raising of exception when unexpected params are provided. 2013-01-05 15:46:38 +08:00
Andrew White
add4375a60 Allow use of durations for ActionDispatch::SSL configuration 2013-01-04 16:20:23 +00:00
Ryunosuke SATO
fbb3e8ec13 Remove unnecessary ERB::Util::h 
It is automatically applied when strings is unsafe for html.
 2013-01-05 00:50:06 +09:00
Ryunosuke SATO
0f103679eb Suppress warning about IO#lines in Ruby 2.0 
actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:99: IO#lines is deprecated; use #each_line instead
 2013-01-04 23:30:09 +09:00
Guillermo Iguaran
7019858fcc Merge pull request #8723 from goshakkk/refactor-error-page 
Move error page js into script tag
 2013-01-03 22:50:07 -08:00
Francesco Rodriguez
654f0d6a15 extract alert= and notice= examples to FlashHash#now [ci skip] 2013-01-03 20:28:33 -05:00
Akira Matsuda
034982ef22 Revert "TODO typo fix" 
This reverts commit 1a59a6dfdca217e31a52779d92aa56b67c6689cb.

I guess it's not a typo: https://github.com/jorlhuda/exceptron
 2013-01-04 09:06:40 +09:00
Gosha Arinich
1a59a6dfdc TODO typo fix 2013-01-04 02:57:56 +03:00
lambda_
ebdb8633bf Add examples alert= and notice=, using memes 2013-01-03 17:40:02 -05:00
lambda_
8370e50d85 Change Example for to Example of 2013-01-03 17:33:00 -05:00
Rafael Mendonça França
3be2edd5f7 Add documentation to ActionDispatch::Http::UploadedFile#headers 
[ci skip]
 2013-01-03 18:49:28 -03:00
Gosha Arinich
1a5b5e19fc move error page js into script tag 2013-01-04 00:14:07 +03:00
Robin Dupret
4075be80a2 Remove a useless TODO comment 2013-01-03 19:50:43 +01:00
Guillermo Iguaran
cb2bd4aa61 Merge pull request #8705 from amparo-luna/change_update_attributes_to_update 
Rename update_attributes method to update
 2013-01-03 09:09:59 -08:00
Amparo Luna + Guillermo Iguaran
1bb020063c Change docs to use update instead of update_attributes 2013-01-03 12:03:34 -05:00
Matt Bridges
f6364e454a Typo and grammar fixes in the ActionPack CHANGELOG 2013-01-03 10:30:11 -06:00
Guillermo Iguaran
f8633f9fdd Merge pull request #8713 from goshakkk/better-error-page 
Fix env toggling, improve error page styling
 2013-01-03 06:24:56 -08:00
Gosha Arinich
d7d45785e5 fix env toggling, improve error page styling 2013-01-03 17:21:35 +03:00
Akira Matsuda
79255fab89 PUT => PATCH 2013-01-03 22:34:11 +09:00
Paulo Luis Franchini Casaretto
eab2b999ed Fix typo on form_tag_helper.rb 
The inline documentantion had a typo that was somewhat confusing.
 2013-01-03 11:07:20 -02:00
Carlos Antonio da Silva
e0be37ccdb Merge pull request #8715 from goshakkk/refactor-mapper 
Refactor Routing::Mapper#matches?
 2013-01-03 04:07:31 -08:00
Gosha Arinich
77f2ba9559 refactor Routing::Mapper 2013-01-03 13:06:42 +03:00
Andre Arko
cc5a4bb4df Explain the possible precautions 2013-01-02 15:34:27 -08:00
Andre Arko
75dcdbc84e Restore original remote_ip algorithm. 
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.

[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/

Fixes #7979
 2013-01-02 15:26:27 -08:00
Carlos Antonio da Silva
9f200fb296 Changelog improvements [ci skip] 2013-01-02 21:11:11 -02:00
Rafael Mendonça França
ef61504c6e Merge pull request #8697 from goshakkk/undup 
Remove another unnecessary dup
 2013-01-02 13:58:32 -08:00
Rafael Mendonça França
8af674714c Merge pull request #8701 from senny/8700_double_slash_with_trailing_slash 
do not append a second slash when using `trailing_slash: true`
 2013-01-02 13:39:56 -08:00
Guillermo Iguaran
c9f0680cdf Fixing closing </p> 2013-01-02 16:18:17 -05:00
Sam Ruby
73f4f4aa8f Fix a number of validation/style errors: 
* <pre> is not allowed to be nested inside of <p> elements in HTML
 * Indentation of </p> doesn't match corresponding <p>
 * <p> element not explicitly closed
 * One more </div> than <div>

In each case, the template was fixed to match how a HTML5 parser would "see"
the resulting page.
 2013-01-02 16:06:54 -05:00
Yves Senn
0b2ce7d955 do not append a second slash when using 2013-01-02 21:11:16 +01:00
Aaron Patterson
8890fb8087 take into account multipart when calculating tag attributes 2013-01-02 11:52:23 -08:00