Previous behaviour was MRI-dependent, now we're making sure the message
is correctly shown: something that can be relyied upon across every
Ruby implementation.
JSON.{dump,generate} offered by the JSON gem is not compatiable with
Rails at the moment and can cause a lot of subtle bugs when passed
certain data structures. This changed all direct usage of the JSON gem
in internal Rails code to always go through AS::JSON.{decode,encode}.
We also shouldn't be implementing `to_json` most of the time, and
these occurances are replaced with an equivilent `as_json`
implementation to avoid problems down the road.
See [1] for all the juicy details.
[1]: intridea/multi_json#138 (comment)
Mention it in the changelog and add a test checking for regressions.
Hash#fetch isn't adding the defaultly returned value.
However, in the session, saving it is the behavior we should expect.
See discussion in #12692
After this fix application config become available when calling helper outisde of view
config/application.rb
#...
config.asset_host = 'http://mycdn.com'
#...
Somewhere else
ActionController::Base.helpers.asset_path('fallback.png')
# => http://mycdn.com/assets/fallback.png
Example:
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/admin' => redirect('admin/dashboard')
This now redirects to the path `/blog/admin/dashboard`, whereas before it
would've generated an invalid url because there would be no slash between
the host name and the path. It also allows redirects to work where the
application is deployed to a subdirectory of a website.
Fixes#7977
This fixes an issue where the respond_with worked directly with the given
options hash, so that if a user relied on it after calling respond_with,
the hash wouldn't be the same.
Fixes#12029
In some instances, `assert_redirected_to` assertion was returning an
incorrect and misleading failure message when the assertion failed.
This was due to a disconnect in how the assertion computes the redirect
string for the failure message and how `redirect_to` computes the
string that is actually used for redirection.
I made the `_compute_redirect_to_loaction` method used by `redirect_to`
public and call that from the method `assert_redirect_to` uses to
calculate the URL.
The reveals a new test failure due to the regex used by
`_compute_redirect_to_location` allow `_` in the URL scheme.
HelperyTestHelper was introduced in 66ef922 by @josevalim
to pair with HelperyTestController. This test controller was
later removed in e10a253 by @strzalek, leaving HelperyTestHelper unused
Currently if a user calls #respond_with(csvable), but has not csv
renderer available, Responder will just run through the default render
behavior twice, raising ActionView::MissingTemplate both times.
This changes ActionController::Metal::Responder#api_behavior to check
in advance whether there is a renderer available, and raise
ActionController::MissingRenderer if not.
This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing
changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9.
Seems to be a code merge done by mistake.
:only and :except options for controller filters are now added before
:if and :unless. This prevents running :if and :unless procs when not
on the specified. Closes#11786.
Without timeout:
this test executed infinitely on JRuby
Passes on MRI
With Timeout:
this test gracefully fails on JRuby
Passes on MRI, tested on v2.0 & v1.9.3
any_instance.stubs + unstub with Mocha doesn't restore the original status in the following case,
so we need to undef Customer#to_json before every test
require 'test/unit'
require 'mocha/setup'
module M
def foo() :foo; end
end
class C
include M
undef_method :foo
end
C.any_instance.stubs(:foo).returns(:mocha)
C.any_instance.unstub(:foo)
When optimized path helpers were re-introduced in d7014bc the test added
in a328f2f broke but no-one noticed because it wasn't being run by the
test suite.
Fix the test by checking for nil values or empty strings after the args
have been parameterized.
When generating an unnamed url (i.e. using `url_for` with an options
hash) we should skip anything other than standard Rails routes otherwise
it will match the first mounted application or redirect and generate a
url with query parameters rather than raising an error if the options
hash doesn't match any defined routes.
Fixes#8018
When helper try to require missing file rails will throw exception about
missing helper.
# app/helpers/my_helper.rb
require 'missing'
module MyHelper
end
And when we try do load helper
class ApplicationController
helper :my
end
Rails will throw exception. This is wrong because there is a helper
file.
Missing helper file helpers/my_helper.rb
Now when helper try to require non-existed file rails will throw proper
exception.
No such file to load -- missing
In order to get raw_post to be not empty after
ParamsParser#parse_formatted_parameters,
added rewinding of body stream input on parsing json params.
Closes#11345
Previously when app was mounted as following:
class Foo
def call(env)
[200, {}, [env['PATH_INFO']]]
end
end
RackMountRailsBug::Application.routes.draw do
mount RackTest.new => "/foo"
end
trailing slash was removed from PATH_INFO. For example requesting
GET /foo/bar/
on routes defined above would result in a response containing "/foo/bar"
instead of "/foo/bar/".
This commit fixes the issue.
(closes#3215)
The ERBTracker template digest helper class was using a regex to match
render calls and it was incorrectly not matching against variables with
underscores in the name. This caused it to use the wrong regex match data
to populate the template dependency. Because underscore is a valid
character for a variable, this fixes the ERBTracker to match it properly.
When named route that is nested is used in 3.2.13
Example `routes.rb`:
```
resources :nested do
resources :builder, :controller => 'nested/builder'
end
```
In 3.2.12 and 3.2.12 this named route would work:
```
nested_builder_path(:last_step, :nested_id => "foo")
```
Generating a url that looks like `/nested/foo/builder/last_step`. This PR fixes the regression when building urls via the optimized helper. Any explicit keys set in the options are removed from the list of implicitly mapped keys.
Not sure if this is exactly how the original version worked, but this fixes this use case regression.
This reverts commit ad46884af567d6f8d6d8d777f372c39e81a560ba.
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/testing/integration.rb
actionpack/test/controller/integration_test.rb
Reason: It will conflict with a lot of test cases. Better to call
`process` directly since this is a very uncommon HTTP method.
Fixes#10638.
This reverts commit 0303c2325fab253adf5e4a0b738cb469c048f008.
Conflicts:
actionpack/lib/action_controller/test_case.rb
REASON: It will conflict with a lot of test cases. Better to call
`process` directly since this is a very uncommon HTTP method.
Fixes#10638.
This reverts commit b4239622afc4f3f73808fd0c97512f3a534e07dd, reversing
changes made to f99ce3c188f5dde57e2ff63e6a22363c62f0a4cd.
Reason: This broke the build
https://travis-ci.org/rails/rails/jobs/6629894
This commit adds support for passing additional url options along
with a :status option and any of the flash-related options to
`redirect_to` (i.e. :flash, :alert & :notice).
Closes#7570.
ActionView::Digestor now passes arguments correctly to
LookupContext::find method. This makes cache digests
respect the format option correctly.
FixtureFinder in tests also changed to reflect this.
The `force_ssl` command now builds the redirect url from `request.fullpath`.
This ensures that the format is maintained and it doesn't redirect to a route
that has the same parameters but is defined earlier in `routes.rb`. Also any
optional segments are maintained.
Fixes#7528.
Fixes#9061.
Fixes#10305.
If a file field tag is passed the multiple option, it is turned into an
array field (appending "[]"), but if the file field is passed an
explicit name as an option, leave the name alone (do not append "[]").
Fixes#9830
We don't actually need a rails.png in the AP fixtures, the tests
that use it don't actually try to load the file.
We also don't need to get rid of it with the dummy reset either.
Finally, it's not needed in the sample application that's included
with the Rails Guides.
A previous commit swapped out a call to select for a call to grep in
time_zone_options_for_select. This behavior actually causes the
regexp priority option to stop working.
ActiveSupport::TimeZone overrides the =~ operator which is what the
select block was using previously. Enumerable#grep
checks pattern === element and in this case that would be /US/ ===
ActiveSupport::TimeZone which does not work because
ActiveSupport::TimeZone does not supply an implicit converting to_str
method, only an explicit to_s method.
It would be impossible to provide a to_str method that behaves
identically to the =~ method provided on ActiveSupport::TimeZone
so the only option is to revert back to using select with =~.
When setting the layout either by referencing a method or supplying a
Proc there is no way to fall back to the default lookup behavior if
desired. This patch allows fallback to the layout lookup behavior when
returning nil from the proc or method.
If the host in `default_url_options` is accidentally set with a protocol such as
```
host: "http://example.com"
```
then the generated url will have the protocol twice `http://http://example.com` which is not what the user intended. Likely they wanted to define a host `host: "example.com"` and a `protocol: "http://"` but did not know the convention.
This may not the most common problem, but when it happens it can go undetected for a while. I accidentally added `http://` out of habit recently only to find all the links in my emails were broken after deploying a demo site to production. Rather than allow this accident go undetected, we can fix the problem in line by properly setting the protocol and host.
I was able to find this related question on stack overflow: http://stackoverflow.com/questions/5878329/rails-3-devise-how-do-i-make-the-email-confirmation-links-use-secure-https-n where the answer was highly upvoted.
This is based off of work in #7415 cc/ @pixeltrix
ATP Action Mailer and Action Pack
* master-sec:
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Any exceptions that occured at the view or controller level for a
controller using ActionController::Live would cause the server to either
hang with an open socket indefinitely, or immediately crash (depending
on whether the server was launched with rails s or directly). Changed
the behavior of exceptions to act the same as streaming templates for
html requests, and allow for an on_error callback if needed.
The env hash passed to `Http::Headers#new` must be in env format.
Also be aware that the passed hash is modified directly.
docs and test-cases for setting headers/env in functional tests.
Follow up to #9700.
When the value for the required key is empty an ActionController::ParameterMissing is raised which gets caught by ActionController::Base and turned into a 400 Bad Request reply with a message in the body saying the key is missing, which is misleading.
With these changes, ActionController::EmptyParameter will be raised which ActionController::Base will catch and turn into a 400 Bad Request reply with a message in the body saying the key value is empty.
If an explicit name has been given and it already ends with "[]"
Before:
select(:category, [], {}, multiple: true, name: "post[category][]")
# => <select name="post[category][][]" ...>
After:
select(:category, [], {}, multiple: true, name: "post[category][]")
# => <select name="post[category][]" ...>