- 20 6月, 2017 2 次提交
- 03 6月, 2017 1 次提交
-
-
由 Genadi Samokovarov 提交于
-
- 19 5月, 2017 1 次提交
-
-
- 27 4月, 2017 1 次提交
-
-
由 Edouard CHIN 提交于
- `check_parameters` kwargs was added to the `current_page?` method, the implementation was assuming only hashes responds to `delete`. This was causing issues when `current_page?` was called with a Active Model object - ref https://github.com/rails/rails/pull/27549 - Fixes #28846
-
- 24 4月, 2017 1 次提交
-
-
由 Edouard CHIN 提交于
- This method was added in this commit https://github.com/rails/rails/commit/33258d713a4bc20b71e92fd656c923a7b189cd33 - The last caller got removed there https://github.com/rails/rails/commit/0b6ce3422370647cad3e91263a291f69b313d65b
-
- 19 4月, 2017 1 次提交
-
-
由 Rafael Mendonça França 提交于
Since this protection is now in Parameters we can use it instead of reimplementing again.
-
- 12 1月, 2017 1 次提交
-
-
由 Akira Matsuda 提交于
(I personally prefer writing one string in one line no matter how long it is, though)
-
- 04 1月, 2017 2 次提交
-
-
由 Maksym Pugach 提交于
Example: For "http://www.example.com/shop/checkout?order=desc&page=1" current_page?('http://www.example.com/shop/checkout') => true current_page?( 'http://www.example.com/shop/checkout', check_parameters: true ) => false
-
由 Ryuta Kamizono 提交于
``` % git grep -n permited actionview/test/template/url_helper_test.rb:238: def test_button_to_with_permited_strong_params actionview/test/template/url_helper_test.rb:245: def test_button_to_with_unpermited_strong_params activerecord/test/cases/relations_test.rb:1620: def test_update_on_relation_passing_active_record_object_is_not_permited ```
-
- 23 12月, 2016 1 次提交
-
-
由 Akira Matsuda 提交于
-
- 18 10月, 2016 1 次提交
-
-
由 Jon Moss 提交于
Before, an error would be raised saying that the method `to_param` was undefined on the instance of `ActionController::Parameters`. Now, we are checking to see if the `params` object being passed to `button_to` responds to the `permitted?` method, and if so, we will call `to_h` on it. If it does not respond to `permitted?`, then the `params` will remain unchanged. [Jon Moss, Rafael Mendonça França]
-
- 16 8月, 2016 1 次提交
-
-
由 Rafael Mendonça França 提交于
Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
-
- 08 8月, 2016 1 次提交
-
-
由 Xavier Noria 提交于
A few have been left for aesthetic reasons, but have made a pass and removed most of them. Note that if the method `foo` returns an array, `foo << 1` is a regular push, nothing to do with assignments, so no self required.
-
- 07 8月, 2016 3 次提交
-
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
-
- 20 7月, 2016 1 次提交
-
-
- 13 3月, 2016 1 次提交
-
-
由 yuuji.yaginuma 提交于
Follow up to #23980.
-
- 20 2月, 2016 1 次提交
-
-
由 James Coleman 提交于
In e6e0579d the `params` option was added to the `button_to` helper. However, the patch doesn't support nested hashes so `{a: {b: 'c'}}` for example gets turned into a hidden form input with the name 'a' and the value being the string representation of the `{b: 'c'}` nested hash. Since Rails supports nested hashes everywhere else (and even in the URL params of link_to and button_to), I believe this to be a bug/unfinished feature.
-
- 20 1月, 2016 1 次提交
-
-
由 Vipul A M 提交于
html_safe is not supposed to be public API for AV. This change removes usage of html_safe in favour of raw() in AV helpers. Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
-
- 05 1月, 2016 1 次提交
-
-
由 Ben Toews 提交于
-
- 15 12月, 2015 1 次提交
-
-
由 Jean Boussier 提交于
-
- 04 11月, 2015 2 次提交
-
-
由 Damien Burke 提交于
`link_to :back` creates a link to whatever was passed in via the referer header. If an attacker can alter the referer header, that would create a cross-site scripting vulnerability on every page that uses `link_to :back` This commit restricts the back URL to valid non-javascript URLs. https://github.com/rails/rails/issues/14444
-
由 Rafael Mendonça França 提交于
-
- 30 10月, 2015 1 次提交
-
-
由 Paul Grayson 提交于
It used to behave like this: url_for(controller: 'x', action: 'y', q: {}) # -> "/x/y?" We previously avoided empty query strings in most cases by removing nil values, then checking whether params was empty. But as you can see above, even non-empty params can yield an empty query string. So I changed the code to just directly check whether the query string ended up empty. (To make everything more consistent, the "removing nil values" functionality should probably move to ActionPack's Hash#to_query, the place where empty hashes and arrays get removed. However, this would change a lot more behavior.)
-
- 06 9月, 2015 1 次提交
-
-
由 Aaron Patterson 提交于
`hfvalue` parts should always be percent encoded, so lets do that! Revert "use path escaping for email addresses" This reverts commit 21ffef38.
-
- 05 9月, 2015 2 次提交
-
-
由 Aaron Patterson 提交于
Due to e25fdad2, we are correctly using path escaping for email addresses. This commit fixes the tests to expect path escaping.
-
由 Bernerd Schaefer 提交于
The `url_for` methods in `actionpack` and `actionview` now make a copy of the provided options before generating polymorphic paths or URLs. The bug in the previous behavior is most noticeable in a case like: url_options = [:new, :post, param: 'value'] if current_page?(url_options) css_class = "active" end link_to "New Post", url_options, class: css_class
-
- 27 8月, 2015 1 次提交
-
-
由 Gaurav Sharma 提交于
-
- 24 7月, 2015 1 次提交
-
-
由 Clayton Smith 提交于
-
- 05 5月, 2015 1 次提交
-
-
由 Yves Senn 提交于
Prompted by: https://github.com/rails/rails/commit/e38dd7bfa4360e241eadf0cf44abdf86ea33a393#commitcomment-11011496 /cc @kuldeepaggarwal
-
- 01 5月, 2015 2 次提交
-
-
由 Yves Senn 提交于
This illustrates the purpose of the block for `link_to_if` and `link_to_unless` helper methods. It should help to prevent further mistakes like #19844.
-
由 Yves Senn 提交于
This reverts commit d459b001, reversing changes made to 4d4950fa.
😓 The block is not supposed to be passed to `link_to`. It's used for a customized behavior of the `condtion = false` case. The docs illustrate that like so: ``` <%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user }) end %> ```
-
- 03 2月, 2015 1 次提交
-
-
由 Vipul A M 提交于
-
- 01 2月, 2015 1 次提交
-
-
由 Vipul A M 提交于
Fixed test for deprecation warning in actionview, renaming from https://github.com/rails/rails/commit/baf14ae513337cb185acf865e93dfc48f3aabf6a
-
- 21 12月, 2014 1 次提交
-
-
由 Mark Dodwell 提交于
-
- 02 10月, 2014 1 次提交
-
-
由 Kuldeep Aggarwal 提交于
when mail_to generate blank options for any passed options(cc, bcc, body, subject) then MICROSOFT OUTLOOK treats it differently and set wrong values in different options.
-
- 17 6月, 2014 2 次提交