Under certain circumstances, the middleware isn't informed that the
response body has been fully closed which result in request state not
being fully reset before the next request.
[CVE-2022-23633]
Running the Action Pack tests outputs a warning:
./actionpack/test/controller/test_case_test.rb:1007: warning: instance variable @counter not initialized
Surrounding the line with silence_warnings cleans up the output.
The `filter_parameters` configuration includes a list of filters in the
latest `filter_parameter_logging` initializer template.
This updates the guides to reflect those changes.
This commit adds documentation to the constants and methods that are
part of Active Model's Attributes API. So far this API has been hidden
with the :nodoc: flag since its inception in Active Record and
subsequent move to Active Model (#30920 and #30985); as the API matures
and gets ready for public usage, visible documentation for its endpoints
becomes necessary.
The classes and modules being documented and publicized by this commit
are the main `Attributes` module, the `Type` namespace, and all the
standard attribute type classes included in the current API, which users
will be able to extend and replicate to suit their customization needs.
Some private modules are also receiving documetation, although they will
continue using the :nodoc: flag. Those are `Attribute` and
`AttributeSet`. Although they remain private I found useful to add some
comments to describe their responsibilities.
In cache stores prepending `LocalCache`, serialized `Entry`
instances are stored in `LocalCache::LocalStore`. This
speeds up hot key lookups without a network roundtrip in a
context of a single given request.
However, with these entries being stored in their serialized
form, `#read_multi_entries` returns them directly to cache
consumers.
Instead, we will now deserialize these entries first.
During testing view helpers do not have access to the `request` object but they do when used inside of a view.
If we were to test a helper like this one :
```ruby
def active?(test_path)
request.path.match? test_path
end
```
we would get this error :
```
NoMethodError: undefined method `path' for nil:NilClass
```
Adding `:request` to the attr_accessor will make tests consistent with the default behavior.
This was suggested as a better fix in https://github.com/rails/rails/pull/43414. The goal is to decrease merge conflicts that often come at the bottom due to the semi colon placement.
We've been running with a monkey patch for it for about a month, and can confirm, it's definitely an improvement. So I'm making this as an alternative suggestion to https://github.com/rails/rails/pull/43414
Adding @mlarraz as a co-author - thanks for the original inspiration.
Co-authored-by: @mlarraz <mlarraz@users.noreply.github.com>
Jean Boussier