Aaron Patterson
55bf087da1
SJIS is an alias to Windows-31J in ruby trunk. Use SHIFT_JIS for this test
2011-03-21 10:00:30 -07:00
Chris Kowalik
de1fe5e8a7
[action_view] added custom patterns to template resolver
2011-03-20 07:01:46 +08:00
Josh Kalderimis
0eae625256
fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 [ #6576 state:resolved]
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-03-16 15:11:00 -03:00
Aaron Patterson
89c5b9aee7
do not automatically add format to routes that end in a slash
2011-03-11 18:06:22 -08:00
Prem Sichanugrist & Xavier Noria
68802d0fbe
Filter sensitive query string parameters in the log [ #6244 state:committed]
...
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
Signed-off-by: Xavier Noria <fxn@hashref.com>
2011-03-11 00:16:18 +01:00
Andrew White
03cbd9672c
Filter params that return nil for to_param and allow through false values
2011-03-09 14:44:25 +00:00
Andrew White
31f09f9dbc
Improve testing of cookies in functional tests:
...
- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear
[#6272 state:resolved]
2011-03-06 12:49:44 +00:00
Andrew White
e00867bc43
Raise ArgumentError if route name is invalid [ #6517 state:resolved]
2011-03-06 07:08:50 +00:00
Diego Carrion
dff73dec22
added failing test for fields_for with a record object that inherits from Hash
...
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
2011-03-06 05:18:56 +00:00
R.T. Lechow
87e9e3f9af
Action Pack typos.
2011-03-05 11:56:35 +01:00
Alexander Uvarov
0db915efd1
Add an option to FormBuilder to omit hidden field with id
...
[#4551 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-03-04 16:38:08 -02:00
Aaron Patterson
1f2e7214aa
make sure string keys are always looked up from the class cache
2011-03-02 10:11:28 -08:00
Aaron Patterson
9198372421
Ruby 1.8: Y U NO FUN?
2011-03-02 09:43:27 -08:00
Cheah Chu Yeow
2ee5555744
Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body.
...
Note that only GET and HTTP 200 responses can be cached.
[#6480 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-03-02 13:11:07 -02:00
Aaron Patterson
7b6bfe84f3
refactor Reference to a ClassCache object, fix lazy lookup in Middleware so that anonymous classes are supported
2011-03-01 17:20:35 -08:00
Aaron Patterson
54fdd33f33
use a subclass of AS::TZ for testing html output
2011-02-28 16:30:14 -08:00
Josh Kalderimis
0f8d2794f2
updated Time, Date and DateTime current methods in AS to use Time.zone and not Time.zone_default.
...
[#6410 state:committed]
2011-02-28 14:05:49 -08:00
Santiago Pastorino
53b17e9ad0
javascript_include_tag shouldn't raise if you register an expansion key with nil value
2011-02-28 11:52:00 -02:00
Santiago Pastorino
801e314006
Add tests for register expansion methods with key = []
2011-02-28 11:30:12 -02:00
Andrew White
ccc678b49e
Add test to prevent regression on namespace root nested in a resource
...
[#6389 state:resolved]
2011-02-14 06:12:22 +00:00
Andrew White
460a341682
Fix named route helper for routes nested inside deeply nested resources
...
[#6416 state:resolved]
2011-02-14 02:56:09 +00:00
Andrew White
385be358cf
Fix assert_recognizes with block constraints [ #5805 state:resolved]
2011-02-13 23:24:46 +00:00
Josh Kalderimis
33cc36678b
Allow for the format of time_tag in AP to be changed via an option argument.
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-12 22:22:30 -02:00
Sjoerd Andringa
95a5bd87cb
Added time_tag helper to AP for HTML5 time tag [ #5919 state:resolved]
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-12 22:22:18 -02:00
Josh Kalderimis
e2b99eb1a7
Applied changes to stylesheet_link_tag from javascript_include_tag which corrects issues with ordering and duplicates.
2011-02-13 05:50:25 +08:00
Josh Kalderimis
1363bb8f72
This corrects two issues with javascript_include_tag, the order at which they are expanded, and removing duplicates.
...
When individual js assets are specified, they will override the order of the same asset specified in an expansion.
[#5938 state:resolved]
2011-02-13 05:50:24 +08:00
Carlos Antonio da Silva
ad5b4d980a
Remove duplicated action pack tests added to fix issue with fields_for, nested attributes and erb
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-12 16:40:41 -02:00
Tom Stuart
829de9d98e
Add block support to button_tag helper
...
As per the HTML 4.01 spec:
Buttons created with the BUTTON element function just like buttons
created with the INPUT element, but they offer richer rendering
possibilities: the BUTTON element may have content. For example, a
BUTTON element that contains an image functions like and may resemble
an INPUT element whose type is set to "image", but the BUTTON element
type allows content.
Since rich content is the main purpose of the <button> element, it makes
sense for the button_tag helper to accept a block.
http://www.w3.org/TR/html401/interact/forms.html#edef-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#the-button-element
Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
2011-02-12 13:52:00 -02:00
Tom Stuart
03749d6c88
Make type="submit" the default for button_tag helper
...
"submit" is the default value of the <button> element's type attribute
according to the HTML 4.01 and the HTML5 draft specs, so if button_tag
is going to have a default, type="submit" is a more sensible choice than
type="button".
http://www.w3.org/TR/html401/interact/forms.html#adef-type-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#attr-button-type
Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
2011-02-12 13:51:02 -02:00
Josh Kalderimis
1814298d75
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned.
...
Signed-off-by: José Valim <jose.valim@gmail.com>
2011-02-10 16:51:30 +01:00
José Valim
89a5f1463d
Revert "Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same."
...
Applied the wrong version.
This reverts commit 98c0c5db50a7679b3d58769ac22cb0a27a62c930.
2011-02-10 16:50:35 +01:00
Josh Kalderimis
98c0c5db50
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same.
2011-02-10 23:47:54 +08:00
Michael Koziarski
ae19e4141f
Change the CSRF whitelisting to only apply to get requests
...
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
X-CSRF-Token: ...
This fixes CVE-2011-0447
2011-02-08 14:57:08 -08:00
José Valim
6b1018526f
Use Mime::Type references.
2011-02-08 14:14:26 -08:00
José Valim
b93c590297
Ensure render is case sensitive even on systems with case-insensitive filesystems.
...
This fixes CVE-2011-0449
2011-02-08 14:04:19 -08:00
Michael Koziarski
3ddd7f7ec9
Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors.
...
This fixes CVE-2011-0446
2011-02-08 13:56:08 -08:00
Carlos Antonio da Silva
631e23ec6c
Add tests showing the LH issue #6381 : fields_for with inline blocks and nested attributes already persisted
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-08 18:04:12 -02:00
Aaron Patterson
ea25224046
cleaning up some warnings on 1.9.3
2011-02-07 16:44:27 -08:00
Dan Pickett
3026843dc1
put authenticity_token option in parity w/ remote
...
[#6228 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-06 19:04:52 -02:00
Andre Arko
10cab35d3b
Allow page_cache_directory to be set as a Pathname
...
For example, page_cache_directory = Rails.root.join("public/cache")
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-06 17:55:38 -02:00
Timothy N. Tsvetkov
b9309b47cd
Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers.
...
[#6228 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-05 18:58:32 -02:00
german
adbae9aab8
fixed bug with nested resources within shallow scope
...
[#6372 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-04 17:07:51 -02:00
Franco Brusatti
d3cfee1182
removing generation of id in submit helper
...
[#6369 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-03 20:24:14 -02:00
Anton Astashov
c1c6f29214
Add a test for 'render :layout'
...
To make sure it will show block contents if it is placed after 'render
:partial'
[#5557 state:resolved]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-03 12:55:32 -02:00
Stephen Celis
a0757e00f3
Protocol-relative URL support.
...
[#5774 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-02 19:09:44 -02:00
Santiago Pastorino
86dc5987b2
add test to check class is being escaped in form_class
2011-02-01 19:17:31 -02:00
Andrei Bocan
15ad707852
Allow customization of form class for button_to
...
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-01 19:09:00 -02:00
Akira Matsuda
cb9fa52832
auto_link: avoid recognizing full width chars as a part of URI scheme
...
fixes regression by 133ada6ab0
[#5503 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-01 14:04:42 -02:00
Akira Matsuda
5dd803e9b1
Accept String value for render_partial :as option
...
[#6222 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
2011-02-01 13:01:54 -02:00
Neeraj Singh
806e6f80dc
render_to_string must ensure that response_body
...
is nil
[ #5875 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
2011-01-25 20:14:03 +01:00