TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
21,302 Commits 2 Branches 0 Tags 294 MiB
3b4e1a9159
Commit Graph

3324 Commits

Author SHA1 Message Date
Aaron Patterson
55bf087da1 SJIS is an alias to Windows-31J in ruby trunk. Use SHIFT_JIS for this test 2011-03-21 10:00:30 -07:00
Chris Kowalik
de1fe5e8a7 [action_view] added custom patterns to template resolver 2011-03-20 07:01:46 +08:00
Josh Kalderimis
0eae625256 fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 [#6576 state:resolved] 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-03-16 15:11:00 -03:00
Aaron Patterson
89c5b9aee7 do not automatically add format to routes that end in a slash 2011-03-11 18:06:22 -08:00
Prem Sichanugrist & Xavier Noria
68802d0fbe Filter sensitive query string parameters in the log [#6244 state:committed] 
This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.

Signed-off-by: Xavier Noria <fxn@hashref.com>
 2011-03-11 00:16:18 +01:00
Andrew White
03cbd9672c Filter params that return nil for to_param and allow through false values 2011-03-09 14:44:25 +00:00
Andrew White
31f09f9dbc Improve testing of cookies in functional tests: 
- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear

[#6272 state:resolved]
 2011-03-06 12:49:44 +00:00
Andrew White
e00867bc43 Raise ArgumentError if route name is invalid [#6517 state:resolved] 2011-03-06 07:08:50 +00:00
Diego Carrion
dff73dec22 added failing test for fields_for with a record object that inherits from Hash 
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
 2011-03-06 05:18:56 +00:00
R.T. Lechow
87e9e3f9af Action Pack typos. 2011-03-05 11:56:35 +01:00
Alexander Uvarov
0db915efd1 Add an option to FormBuilder to omit hidden field with id 
[#4551 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-03-04 16:38:08 -02:00
Aaron Patterson
1f2e7214aa make sure string keys are always looked up from the class cache 2011-03-02 10:11:28 -08:00
Aaron Patterson
9198372421 Ruby 1.8: Y U NO FUN? 2011-03-02 09:43:27 -08:00
Cheah Chu Yeow
2ee5555744 Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body. 
Note that only GET and HTTP 200 responses can be cached.

[#6480 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-03-02 13:11:07 -02:00
Aaron Patterson
7b6bfe84f3 refactor Reference to a ClassCache object, fix lazy lookup in Middleware so that anonymous classes are supported 2011-03-01 17:20:35 -08:00
Aaron Patterson
54fdd33f33 use a subclass of AS::TZ for testing html output 2011-02-28 16:30:14 -08:00
Josh Kalderimis
0f8d2794f2 updated Time, Date and DateTime current methods in AS to use Time.zone and not Time.zone_default. 
[#6410 state:committed]
 2011-02-28 14:05:49 -08:00
Santiago Pastorino
53b17e9ad0 javascript_include_tag shouldn't raise if you register an expansion key with nil value 2011-02-28 11:52:00 -02:00
Santiago Pastorino
801e314006 Add tests for register expansion methods with key = [] 2011-02-28 11:30:12 -02:00
Andrew White
ccc678b49e Add test to prevent regression on namespace root nested in a resource 
[#6389 state:resolved]
 2011-02-14 06:12:22 +00:00
Andrew White
460a341682 Fix named route helper for routes nested inside deeply nested resources 
[#6416 state:resolved]
 2011-02-14 02:56:09 +00:00
Andrew White
385be358cf Fix assert_recognizes with block constraints [#5805 state:resolved] 2011-02-13 23:24:46 +00:00
Josh Kalderimis
33cc36678b Allow for the format of time_tag in AP to be changed via an option argument. 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-12 22:22:30 -02:00
Sjoerd Andringa
95a5bd87cb Added time_tag helper to AP for HTML5 time tag [#5919 state:resolved] 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-12 22:22:18 -02:00
Josh Kalderimis
e2b99eb1a7 Applied changes to stylesheet_link_tag from javascript_include_tag which corrects issues with ordering and duplicates. 2011-02-13 05:50:25 +08:00
Josh Kalderimis
1363bb8f72 This corrects two issues with javascript_include_tag, the order at which they are expanded, and removing duplicates. 
When individual js assets are specified, they will override the order of the same asset specified in an expansion.

[#5938 state:resolved]
 2011-02-13 05:50:24 +08:00
Carlos Antonio da Silva
ad5b4d980a Remove duplicated action pack tests added to fix issue with fields_for, nested attributes and erb 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-12 16:40:41 -02:00
Tom Stuart
829de9d98e Add block support to button_tag helper 
As per the HTML 4.01 spec:

  Buttons created with the BUTTON element function just like buttons
  created with the INPUT element, but they offer richer rendering
  possibilities: the BUTTON element may have content. For example, a
  BUTTON element that contains an image functions like and may resemble
  an INPUT element whose type is set to "image", but the BUTTON element
  type allows content.

Since rich content is the main purpose of the <button> element, it makes
sense for the button_tag helper to accept a block.

http://www.w3.org/TR/html401/interact/forms.html#edef-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#the-button-element

Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
 2011-02-12 13:52:00 -02:00
Tom Stuart
03749d6c88 Make type="submit" the default for button_tag helper 
"submit" is the default value of the <button> element's type attribute
according to the HTML 4.01 and the HTML5 draft specs, so if button_tag
is going to have a default, type="submit" is a more sensible choice than
type="button".

http://www.w3.org/TR/html401/interact/forms.html#adef-type-BUTTON
http://dev.w3.org/html5/spec/the-button-element.html#attr-button-type

Signed-off-by: Santiago Pastorino and Emilio Tagua <santiago+emilioe@wyeworks.com>
 2011-02-12 13:51:02 -02:00
Josh Kalderimis
1814298d75 Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned. 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-02-10 16:51:30 +01:00
José Valim
89a5f1463d Revert "Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same." 
Applied the wrong version.

This reverts commit 98c0c5db50a7679b3d58769ac22cb0a27a62c930.
 2011-02-10 16:50:35 +01:00
Josh Kalderimis
98c0c5db50 Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. 2011-02-10 23:47:54 +08:00
Michael Koziarski
ae19e4141f Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
 2011-02-08 14:57:08 -08:00
José Valim
6b1018526f Use Mime::Type references. 2011-02-08 14:14:26 -08:00
José Valim
b93c590297 Ensure render is case sensitive even on systems with case-insensitive filesystems. 
This fixes CVE-2011-0449
 2011-02-08 14:04:19 -08:00
Michael Koziarski
3ddd7f7ec9 Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. 
This fixes CVE-2011-0446
 2011-02-08 13:56:08 -08:00
Carlos Antonio da Silva
631e23ec6c Add tests showing the LH issue #6381: fields_for with inline blocks and nested attributes already persisted 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-08 18:04:12 -02:00
Aaron Patterson
ea25224046 cleaning up some warnings on 1.9.3 2011-02-07 16:44:27 -08:00
Dan Pickett
3026843dc1 put authenticity_token option in parity w/ remote 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 19:04:52 -02:00
Andre Arko
10cab35d3b Allow page_cache_directory to be set as a Pathname 
For example, page_cache_directory = Rails.root.join("public/cache")

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 17:55:38 -02:00
Timothy N. Tsvetkov
b9309b47cd Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-05 18:58:32 -02:00
german
adbae9aab8 fixed bug with nested resources within shallow scope 
[#6372 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-04 17:07:51 -02:00
Franco Brusatti
d3cfee1182 removing generation of id in submit helper 
[#6369 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-03 20:24:14 -02:00
Anton Astashov
c1c6f29214 Add a test for 'render :layout' 
To make sure it will show block contents if it is placed after 'render
:partial'

[#5557 state:resolved]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-03 12:55:32 -02:00
Stephen Celis
a0757e00f3 Protocol-relative URL support. 
[#5774 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-02 19:09:44 -02:00
Santiago Pastorino
86dc5987b2 add test to check class is being escaped in form_class 2011-02-01 19:17:31 -02:00
Andrei Bocan
15ad707852 Allow customization of form class for button_to 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 19:09:00 -02:00
Akira Matsuda
cb9fa52832 auto_link: avoid recognizing full width chars as a part of URI scheme 
fixes regression by 133ada6ab0

[#5503 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 14:04:42 -02:00
Akira Matsuda
5dd803e9b1 Accept String value for render_partial :as option 
[#6222 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-01 13:01:54 -02:00
Neeraj Singh
806e6f80dc render_to_string must ensure that response_body 
is nil

[ #5875 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-01-25 20:14:03 +01:00