This reverts commit 3fa00070047b5d019d39e691598ee2890283d052.
Reason: This message is usually not accurate and annoying:
Redirected by ~/.rbenv/versions/1.9.3-p327-perf/lib/ruby/1.9.1/logger.rb:371:in `add'`
block. Breaks benchmark calls that return non-String values otherwise.
Revert "add benchmark helper that works in erb"
This reverts commit 904e544cc8f5846de7c31827bb5556c6a238c0de.
Conflicts:
actionpack/lib/action_view/helpers.rb
actionpack/lib/action_view/helpers/benchmark_helper.rb
actionpack/test/template/benchmark_helper_test.rb
the provided block.
In the case of having a form_for method being called, the block for each
collection would not be passed and thus the result expected was always the same.
This patch passes the block to the original method like it would be assumed.
* master-sec:
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
A declarative API for specifying dependencies that affect template
cache digest computation. In your controller, specify any of said
dependencies:
view_cache_dependency { "phone" if using_phone? }
When the block is evaluated, the resulting value is included in the
cache digest calculation, allowing you to generate different digests
for effectively the same template. (Mostly useful if you're mucking
with template load paths.)
It includes security bug fixes and changes the initialization of
Rack::File to accept a hash, otherwise generating warnings.
See 295806e for the warnings fix.
Previously rendering a partial without giving :object or :collection
would generate a local variable with the partial name by default.
This was noticed due to warnings in Ruby 2.0 of not used variables,
which turned out to be the generation of not used variables inside
partials that do not contain objects related to them.
It is used by the table formatter only, and it's already inside a routes
directory that namespaces it properly, so calling it just "table" seems
simpler.
It feels more consistent to have this class called "HtmlTableFormatter",
and to have it here with the routes inspector and console formatter,
since it's used for both routing error exceptions and the rails info
page.
When dealing with nested forms, Rails automatically generates a hidden
field with the id value of the current object being generated by
fields_for. This logic was inside the method that's available from the
template object, but we just need it when really dealing with nested
attributes, so moving the code to here makes more sense.
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/Fixes#7979
* <pre> is not allowed to be nested inside of <p> elements in HTML
* Indentation of </p> doesn't match corresponding <p>
* <p> element not explicitly closed
* One more </div> than <div>
In each case, the template was fixed to match how a HTML5 parser would "see"
the resulting page.
collection_check_boxes to a private method.
It will make easier to extend.
Example:
class CollectionRadioButtons < ActionView::Helpers::Tags::CollectionRadioButtons
include CollectionExtensions
def render
wrap_rendered_collection(super, @options)
end
private
def render_component(builder)
builder.radio_button + builder.label(:class => "collection_radio_buttons")
end
end
If a request has an unknown format, the methods html?, xml?, json? ...etc
not raise an Exception.
This patch add a class Mime::NullType, that is returned when request.format is unknown
and it responds false to the methods that ends with '?' and true to 'nil?'.
It refers to #7837, this issue is considered a improvement not a bug.
Move the Journey code underneath the ActionDispatch namespace so
that we don't pollute the global namespace with names that may
be used for models.
Fixesrails/journey#49.
Removes support for :encode, :replace_at, and :replace_dot
options from the mail_to helper. Support for these options
has been extracted to the 'actionview-encoded_mail_to' gem.
When someone gets a routing exception, the routes are rendered (starting in Rails 4.0). This PR brings parity between the html routes in the `rails/info/routes` path and when rendered from an exception. This is the continuation of #8521 which brought html formatted routes.
In addition to bringing parity to the two views, we're keeping our views DRY by rendering off of the same partials. In this case Railties depends on partials provided by ActionDispatch. I'm open to alternative implementations. Ideally both views will use the same code so any improvements or updates to it will be reproduced on both.
<hr />
The conditional_layout? method is not for public use and doesn't
actually do what the documentation suggested it does. It's actually
used to determine whether or not to use the explicit layout definition
defined in a controller or use the implicit layout definition.
Also documentation was added for the action_has_layout? method which
acts as a master switch for disabling the layout for the current
action. This method was added so that action caching didn't depend
on accessing layout internals but is also used by third-parties,
most notably the [Hobo][1] application.
[1]: https://github.com/hobo/hobo
Adding a test for the equal trun bug
Adding a test for the after equal trunc bug
Adding a test for the slash bug
Adding a test for the slash quote bug
Adding a helper method for creating a sample request object with token
Writing a method to create params array from raw params
Writing a method to rewrite param values in the params
Writing a method to get the token params from an authorization value
Refactoring the token_and_options method to fix bugs
Removing unnessecary test
A constant for this shared regex seemed appropriate
Wanting to split up this logic
Adding small documentation pieces
cache_if(condition, option, &block) and cache_unless(condition, option, &block).
In the PR #8371 was introduced conditional options :if and :unless in
the cache method.
Example:
<%= cache @model, if: some_condition(@model) do %>
...
<%end%>
This is a good feature but *cache_if* and and *cache_unless*
are more concise and close to the standard of rails view helpers
(ex: link_to_if and link_to_unless).
Example:
<%= cache_if condition, @model do %>
...
<%end%>
This doesn't actually remove old url helper methods as they are
defined in a different module.
This reverts commit 96bcef947bf713b7d9fc88f26dff69f568111262.
Conflicts:
actionpack/CHANGELOG.md
Summary of the changes:
* Add thread_safe gem.
* Use thread safe cache for digestor caching.
* Replace manual synchronization with ThreadSafe::Cache in Relation::Delegation.
* Replace @attribute_method_matchers_cache Hash with ThreadSafe::Cache.
* Use TS::Cache to avoid the synchronisation overhead on listener retrieval.
* Replace synchronisation with TS::Cache usage.
* Use a preallocated array for performance/memory reasons.
* Update the controllers cache to the new AS::Dependencies::ClassCache API.
The original @controllers cache no longer makes much sense after @tenderlove's
changes in 7b6bfe84f3 and f345e2380c.
* Use TS::Cache in the connection pool to avoid locking overhead.
* Use TS::Cache in ConnectionHandler.
* Avoid calling class_eval when not needed
* Remove helpers_path attr accessor, it's defined as a class attribute a
few lines later
* Avoid creating extra arrays when finding helpers, use flat_map and sort!
* Remove not required refer variable when redirecting :back
By formatting routes for different media (txt/html) we can apply optimizations based on the format. We can include meta-data in the HTML to allow a rich experience while rendering and viewing the routes. This PR shows route helpers as they are used with the `_path` extension, it also has a javascript toggle on the top to switch to `_url`. This way the developer can see the exact named route helper they can use instead of having to modify a base.
This is one example of an optimization that could be applied. Eventually we can link out to guides for the different columns to better explain what helper, HTTP Verb, Path, and Controller#action indicate. We could even add a route search box that could allow developers to input a given route and see all of the routes that match it. These are stand alone features and should be delivered separately.
If env['RAW_POST_DATA'] is nil, #raw_post will attempt to set it to
the result of #body (which will return env['rack.input'] if
env['RAW_POST_DATA'] is nil). #raw_post will then attempt to rewind
the result of another call to #body. Since env['RAW_POST_DATA'] has
already been set, the result of #body is not env['rack.input'] anymore.
This causes env['rack.input'] to never be rewound.
This is an alternative implementation to #7771 thanks to the advice of @spastorino
Rails is a dynamic framework that serves a static index.html by default. One of my first questions ever on IRC was solved by simply deleting my public/index.html file. This file is a source of confusion when starting as it over-rides any set "root" in the routes yet it itself is not listed in the routes. By making the page dynamic by default we can eliminate this confusion.
This PR moves the static index page to an internal controller/route/view similar to `rails/info`. When someone starts a rails server, if no root is defined, this route will take over and the "dynamic" index page from rails/welcome_controller will be rendered. These routes are only added in development. If a developer defines a root in their routes, it automatically takes precedence over this route and will be rendered, with no deleting of files required.
In addition to removing this source of confusion for new devs, we can now use Rails view helpers to build and render this page. While not the primary intent, the added value of "dogfooding" should not be under-estimated.
The prior PR #7771 had push-back since it introduced developer facing files. This PR solves all of the same problems, but does not have any new developer facing files (it actually removes one).
cc/ @wsouto, @dickeyxxx, @tyre, @ryanb, @josevalim, @maxim, @subdigital, @steveklabnik
ATP Railties and Actionpack.
Such request can happen on Internet Explorer. When we redirect
after multipart form submission, the request type is changed
to GET, but Content-Type is preserved as multipart. GET request
cannot have multipart body and that caused Rails to fail.
It's similar fix to Rack's one:
8025a4ae94/lib/rack/request.rb (L224)
This commit inverts the precedence in ActionDispatch::Static so that
dynamic content will be served before static content. This is so that
precompiled assets do not inadvertently get included when running in
development mode - it should have no effect in production where static
files are usually handled by the web server.
Closes#6421
