According to pr #22443 in the guides there's always a dollar sign before every command, so why is in the main README a `$` and in every submodule a `%`?
Just eye candy..
Erroneously removed in 58910dc7.
The stubbing was a regression test to ensure `time_zone_select` wasn't implemented with
`grep`. Rename the test and add a comment to make the intent clearer.
When calling `test_time_zone_select_with_priority_zones_as_regexp` it would
define `=~` on the fake zones, but it would never be cleaned up because of
the zone cache.
Nuke it so `test_time_zone_select_with_priority_zones_as_regexp_using_grep_finds_no_zones`
accidentally find any zones because of `=~` being implemented.
`link_to :back` creates a link to whatever was
passed in via the referer header. If an attacker
can alter the referer header, that would create
a cross-site scripting vulnerability on every
page that uses `link_to :back`
This commit restricts the back URL to valid
non-javascript URLs.
https://github.com/rails/rails/issues/14444
It used to behave like this:
url_for(controller: 'x', action: 'y', q: {})
# -> "/x/y?"
We previously avoided empty query strings in most cases by removing
nil values, then checking whether params was empty. But as you can
see above, even non-empty params can yield an empty query string. So
I changed the code to just directly check whether the query string
ended up empty.
(To make everything more consistent, the "removing nil values"
functionality should probably move to ActionPack's Hash#to_query, the
place where empty hashes and arrays get removed. However, this would
change a lot more behavior.)
Stumbled upon this one while trying to deprecate the String/Symbol
passing to `form_for`.
This test passed on an accident, because the signature of `form_for`
currently accepts 2 positional arguments and a block. Calling it with
the wrong number of arguments caused:
```ruby
(byebug) form_for(:post, @post, html: { id: 'create-post' })
*** ArgumentError Exception: wrong number of arguments (3 for 1..2)
```
This made the test pass, because it was still an `ArgumentError`. :-)
Rails 4.x and earlier didn't support `Mime::Type[:FOO]`, so libraries
that support multiple Rails versions would've had to feature-detect
whether to use `Mime::Type[:FOO]` or `Mime::FOO`.
`Mime[:foo]` has been around for ages to look up registered MIME types
by symbol / extension, though, so libraries and plugins can safely
switch to that without breaking backward- or forward-compatibility.
Note: `Mime::ALL` isn't a real MIME type and isn't registered for lookup
by type or extension, so it's not available as `Mime[:all]`. We use it
internally as a wildcard for `respond_to` negotiation. If you use this
internal constant, continue to reference it with `Mime::ALL`.
Ref. efc6dd550ee49e7e443f9d72785caa0f240def53
When this method was implemented
(https://github.com/rails/rails/pull/5016/files), `to_date` is called.
But this behavior was chagned refactoring
(https://github.com/rails/rails/pull/6452/files).
In the first commit, there were not test which asserts `to_date` is called.
I think trying `to_date` is more useful than trying `strftime`, because
we can write `"2015-01-01".to_date`. But first fix comments to match
actual behavior.