- 07 8月, 2016 1 次提交
-
-
由 Xavier Noria 提交于
The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
-
- 06 8月, 2016 1 次提交
-
-
由 eileencodes 提交于
When a `GET` request is sent `as: :json` in an integration test the test should use Rack's method override to change to a post request so the paramters are included in the postdata. Otherwise it will not encode the parameters correctly for the integration test. Because integration test sets up it's own middleware, `Rack::MethodOverride` needs to be included in the integration tests as well. `headers ||= {}` was moved so that headers are never nil. They should default to a hash. Fixes #26033 [Eileen M. Uchitelle & Aaron Patterson]
-
- 02 8月, 2016 4 次提交
-
-
由 Kasper Timm Hansen 提交于
Screwed up both the left and right hand sides!
-
由 Kasper Timm Hansen 提交于
The tests were written with the common false value seen in Rails apps, show that intent in the code. Should also fix the build on 5-0-stable.
-
由 Kasper Timm Hansen 提交于
If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get: ```yaml --- !ruby/hash:ActionController::Parameters key: :value ``` Because 2.0.8 didn't store instance variables, while 2.0.9 did: https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was deserialized just fine: https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926 However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and Rails 5, it would start to blow up because `initialize` will never be called, and thus `@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :) To fix this we register another variant of the previous serialization format and take it into account in `init_with`. I've tested this in our app and previously raising code now deserializes like a champ. I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how to make us use 2.0.9+ for just one test.
-
由 Kasper Timm Hansen 提交于
By changing ActionController::Parameter's superclass, Rails 5 also changed the YAML serialization format. Since YAML doesn't know how to handle parameters it would fallback to its routine for the superclass, which in Rails 4.2 was Hash while just Object in Rails 5. As evident in the tags YAML would spit out: 4.2: !ruby/hash-with-ivars:ActionController::Parameters 5.0: !ruby/object:ActionController::Parameters Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a hash dump as it would an Object class. To fix this we have to provide our own `init_with` to be aware of the past format as well as the new one. Then we add a `load_tags` mapping, such that when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`, it knows to call our `init_with` function and not try to instantiate it as a normal hash subclass.
-
- 29 7月, 2016 1 次提交
-
-
由 Nick Sieger 提交于
-
- 28 7月, 2016 1 次提交
-
-
由 Nick Sieger 提交于
Before this change, posted parameters would leak across requests. The included test case failed like so: 1) Failure: TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input: --- expected +++ actual @@ -1 +1 @@ -{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} +{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} An argument could be made that this situation isn't encountered often and that one should limit the number of requests per test case, but I still think the parameter leaking is an unexpected side-effect.
-
- 27 7月, 2016 3 次提交
-
-
由 Santiago Pastorino 提交于
-
由 Santiago Pastorino 提交于
-
由 Santiago Pastorino 提交于
Fixes #25926
-
- 21 7月, 2016 1 次提交
-
-
由 Ignatius Reza 提交于
-
- 17 7月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
-
- 14 7月, 2016 1 次提交
-
-
由 Javan Makhmali 提交于
-
- 12 7月, 2016 1 次提交
-
-
由 Prathamesh Sonpatki 提交于
- Tests for dup'ing params was separately added in a separate file in https://github.com/rails/rails/pull/25735.
-
- 09 7月, 2016 1 次提交
-
-
由 Tim Rogers 提交于
Trust `Object#dup` in `ActionController::Parameters`, using `#initialize_copy` to manually duplicate the underlying parameters hash It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
-
- 07 7月, 2016 1 次提交
-
-
由 Tim Rogers 提交于
When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following: ``` params = ActionController::Parameters.new(foo: "bar") duplicated_params = params.dup duplicated_params.delete(:foo) params == duplicated_params ``` This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
-
- 29 6月, 2016 1 次提交
-
-
由 Javan Makhmali 提交于
Signed-off-by: NJeremy Daer <jeremydaer@gmail.com>
-
- 25 6月, 2016 1 次提交
-
-
由 yuuji.yaginuma 提交于
Currently, if path is a relative path, add format without the discrimination of the query. Therefore, if there is a query, format at end of the query would been added, format was not be specified correctly. This fix add format to end of path rather than query.
-
- 23 6月, 2016 1 次提交
-
-
由 Jon Moss 提交于
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+."
-
- 09 6月, 2016 1 次提交
-
-
由 Brandon Medenwald 提交于
* Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional * Add a test when render_to_string called on ActionController::Base.new()
-
- 08 6月, 2016 1 次提交
-
-
由 Kasper Timm Hansen 提交于
Was worried the `as` might impede on users doing the long form JSON response encoding; test for certainty.
-
- 03 6月, 2016 1 次提交
-
-
由 Jeff Kreeftmeijer 提交于
Since 69009f, `ActionController::Metal::DataStreaming#send_file` doesn't set `@_response_body` anymore. `AbstractController::Callbacks` used `@_response_body` in its callback terminator, so it failed to halt the callback cycle when using `#send_file` from a `before_action`. Instead, it now uses `#performed?` on `AbstractController::Base` and `ActionController::Metal`, which checks `response.committed?`, besides checking if `@_response_body` is set, if possible. Example application: https://gist.github.com/jeffkreeftmeijer/78ae4572f36b198e729724b0cf79ef8e
-
- 01 6月, 2016 1 次提交
-
-
由 Matthew Draper 提交于
-
- 31 5月, 2016 2 次提交
- 24 5月, 2016 1 次提交
-
-
由 Matthew Caruana Galizia 提交于
CSRF verification for non-XHR GET requests (cross-origin `<script>` tags) didn't check this flag before logging failures. Setting `config.action_controller.log_warning_on_csrf_failure = false` now disables logging for these CSRF failures as well. Closes #25086. Signed-off-by: NJeremy Daer <jeremydaer@gmail.com>
-
- 19 5月, 2016 1 次提交
-
-
由 Jeremy Daer 提交于
Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005 * Forward compat with new unified Integer class in Ruby 2.4+. * Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3. * Drops needless Fixnum distinction in docs, preferring Integer.
-
- 16 5月, 2016 1 次提交
-
-
由 Jeremy Daer 提交于
Follows the same pattern as controllers and jobs. Exceptions raised in delivery jobs (enqueued by `#deliver_later`) are also delegated to the mailer's rescue_from handlers, so you can handle the DeserializationError raised by delivery jobs: ```ruby class MyMailer < ApplicationMailer rescue_from ActiveJob::DeserializationError do … end ``` ActiveSupport::Rescuable polish: * Add the `rescue_with_handler` class method so exceptions may be handled at the class level without requiring an instance. * Rationalize `exception.cause` handling. If no handler matches the exception, fall back to the handler that matches its cause. * Handle exceptions raised elsewhere. Pass `object: …` to execute the `rescue_from` handler (e.g. a method call or a block to instance_exec) against a different object. Defaults to `self`.
-
- 07 5月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
In #18721 we removed the discard key from the session hash used to flash messages and that broke compatibility with Rails 4 applications because they try to map in the discarded flash messages and it returns nil. Fixes #24726.
-
- 06 5月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
It is a common pattern in the Rails community that when people want to :xa use any kind of helper that is defined inside app/helpers they includes the helper module inside the controller like: module UserHelper def my_user_helper # ... end end class UsersController < ApplicationController include UserHelper def index render inline: my_user_helper end end This has problem because the helper can't access anything that is defined in the view level context class. Also all public methods of the helper become available in the controller what can lead to undesirable methods being routed and behaving as actions. Also if you helper depends on other helpers or even Action View helpers you need to include each one of these dependencies in your controller otherwise your helper is not going to work. We already have a helpers proxy at controller class level but that proxy doesn't have access to the instance variables defined in the controller. With this new instance level helper proxy users can reuse helpers in the controller without having to include the modules and with access to instance variables defined in the controller. class UsersController < ApplicationController def index render inline: helpers.my_user_helper end end
-
- 27 4月, 2016 1 次提交
-
-
由 Derek Prior 提交于
I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: NKasper Timm Hansen <kaspth@gmail.com>
-
- 24 4月, 2016 1 次提交
-
-
由 Prathamesh Sonpatki 提交于
- Followup of https://github.com/rails/rails/issues/18693. - I think we missed deprecating `request_via_redirect` in that pull request. - Originally requested by DHH here https://github.com/rails/rails/issues/18333.
-
- 21 4月, 2016 1 次提交
-
-
由 Jon Moss 提交于
Previously, users were trying to modify a frozen Hash. Includes a regression test :) Fixes #22975
-
- 20 4月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
When the token is generated by the form we were using the schema and host information while only using the path to compare if the action was the same. This was causing the token to be invalid. To fix this we use the same information to generate the token and check it. Fix #24257
-
- 18 4月, 2016 1 次提交
-
-
由 Vipul A M 提交于
-
- 15 4月, 2016 1 次提交
-
-
由 Sean Griffin 提交于
This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`
-
- 12 4月, 2016 1 次提交
-
-
由 Vipul A M 提交于
- we are ending sentences properly - fixing of space issues - fixed continuity issues in some sentences. Reverts https://github.com/rails/rails/commit/8fc97d198ef31c1d7a4b9b849b96fc08a667fb02 . This change reverts making sure we add '.' at end of deprecation sentences. This is to keep sentences within Rails itself consistent and with a '.' at the end.
-
- 04 4月, 2016 1 次提交
-
-
由 Ryan T. Hosford 提交于
- skip calling helper_method if it's not there: if we don't have helpers, we needn't define one. - tests that an api controller can include and use ActionController::Cookies
-
- 01 4月, 2016 1 次提交
-
-
由 Jeremy Daer 提交于
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
-