* Added release notes for secrets.yml and mentioned it in the highlights
* Added release notes for Mailer previews and mentioned it in the highlights
* Added release notes for Module#concerning
* Removed mention for AV extraction from the highlights
* Rearranged the major features to put highlighted features first
* Various improvements and typo fixes
[ci skip]
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
When a route is mounted inside a resources block, it's automatically
prefixed, so a following code:
resources :users do
mount Blog::Engine => '/blog'
end
will generate a user_blog path helper.
In order to access engine helpers, we also use "mounted_helpers", a list
of helpers associated with each mounted engine, so a path to blog's post
can be generated using user_blog.post_path(user, post).
The problem I'm fixing here is that mount used a raw :as option, without
taking nestings into account. As a result, blog was added to a route set
as a `user_blog`, but helper was generated for just `blog`.
This commit applies the proper logic for defining a helper for a mounted
engine nested in resources or resource block.
(closes#8533)
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those situations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
In most cases, when setting variant specific code, you're not sharing any code
within format.
Inline syntax can vastly simplify defining variants in those sitiations:
respond_to do |format|
format.js { render "trash" }
format.html do |variant|
variant.phone { redirect_to progress_path }
variant.none { render "trash" }
end
end
`
Becomes:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
@responses hash needs to be initialized with mime types that we get from
Collector#collect_mimes_from_class_level. Mime::Type class as key and nil as
value. This need to happen before content negotiation. Before that, it was
looping though mime types and executing mime-type-generated method inside
collector (see
AbstractController::Collector#generate_method_for_mime). That approach resulted
in 2 unnecessary method calls for each mime type
collected by Collector#collect_mimes_from_class_level.
Now hash is initialized in place, without usage of Collector#custom method.
Before ec16ba75a5493b9da972eea08bae630eba35b62f,
ActionView::Helpers::TranslationHelper#translate has raised errors with
specifying options[:raise] to true.
This should work by this fix:
begin
t(:"translations.missing", raise: true)
rescue I18n::MissingTranslationData
p :hello!
end
By default, variants in the templates will be picked up if a variant is set
and there's a match. The format will be:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
If request.variant = :tablet is set, we'll automatically be rendering the
html+tablet template.
In the controller, we can also tailer to the variants with this syntax:
class ProjectsController < ActionController::Base
def show
respond_to do |format|
format.html do |html|
@stars = @project.stars
html.tablet { @notifications = @project.notifications }
html.phone { @chat_heads = @project.chat_heads }
end
format.js
format.atom
end
end
end
The variant itself is nil by default, but can be set in before filters, like
so:
class ApplicationController < ActionController::Base
before_action do
if request.user_agent =~ /iPad/
request.variant = :tablet
end
end
end
This is modeled loosely on custom mime types, but it's specifically not
intended to be used together. If you're going to make a custom mime type,
you don't need a variant. Variants are for variations on a single mime
types.
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
This PR fixes#13064 regression bug introduced by the #8085
Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type.
In this way the method Response#assign_default_content_type_and_charset can
write the the default mime_type.
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
A path redirect may contain any and all parts of a url which have different
escaping rules for each part. This commit tries to escape each part correctly
by splitting the string into three chunks - path (which may also include a host),
query and fragment; then it applies the correct escape pattern to each part.
Whilst using `URI.parse` would be better, unfortunately the possible presence
of %{name} parameters in the path redirect string prevents us from using it so
we have to use a regular expression instead.
Fixes#13110.
Extract **notable changes**, **deprecations** and **removals** from
each CHANGELOG.
I tried to reference the commits and pull requests for new features
and deprecations.
In the process I also made some minor changes to the CHANGELOGS.
The 4_1_release_notes guide is declared WIP.
Previous behaviour was MRI-dependent, now we're making sure the message
is correctly shown: something that can be relyied upon across every
Ruby implementation.
