mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
11,445 Commits 61 Branches 565 Tags 420 MiB
Commit Graph

3733 Commits

Author SHA1 Message Date
Michael Koziarski b1201792a7 Make the erubis implementation easier for plugins to change. 2009-10-15 17:54:01 +13:00
Michael Koziarski cc1ad46ead Add a read-only method which plugin authors can use to determine if xss escaping. 
This doesn't provide a way to turn off the escaping, but alternative template engine authors
can figure out what their default should be by calling this.  Avoids a messy version + plugin check.
 2009-10-15 17:22:50 +13:00
Joshua Peek bc1a18d7bd Punt on ConcurrentHash [#3322 state:resolved] 2009-10-14 19:53:52 -05:00
Joshua Peek 8cbf825425 Rename Orchestra to Notifications [#3321 state:resolved] 2009-10-14 19:50:36 -05:00
George Ogata 3de8b44b26 Make IntegrationTest::Runner propagate method_missing to ancestors. 
Fixes RSpec integration example groups, which mixes its Matchers
module into ActiveSupport::TestCase.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-10-15 11:01:42 +13:00
Craig Smith 316f4704ea Test cases should see all the cookies, not just cookies that have been set in the controller. 
Previously this example would always pass, even when cookies.delete was not called.

@request.cookies['foo'] = 'bar'
get :delete_cookie
assert_nil cookies['foo']

Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#2768 state:committed]
 2009-10-15 10:58:55 +13:00
Michael Koziarski 1d01bad3ce Make sure non-escaped urls aren't considered safe 2009-10-15 09:58:35 +13:00
Michael Koziarski 5d5e34fa52 Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the latter isn't 2009-10-15 09:58:17 +13:00
Phil Darnowsky 1b3195b63c ActionView.url_for doesn't escape by default 
ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by
default.  This was most commonly seen when generating a path with multiple
query parameters, e.g.

  url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456)

would return

  http://example.com/foo/bar?that=456&amp;this=123

escaping an ampersand that shouldn't be escaped.  This is both wrong and
inconsistent with the behavior of ActionController#url_for, and is changed.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
 2009-10-15 09:49:07 +13:00
Yehuda Katz a41c6c35ca Start adding configuration to ActionView instead of using constants. 
By using config rather than hardcoded constants, we can evolve the
  configuration system over time (we'd just need to update the config
  method with more robust capabilities and all consumers would get
  the capabilities with no code changes)
 2009-10-14 13:36:41 -07:00
Jeffrey Hardy a8dc9fd27b CookieJar#delete should return the key's value, consistent with a Hash 
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-10-14 11:50:51 -07:00
Joshua Peek 21e7b84621 Callbacks, DeprecatedCallbacks = NewCallbacks, Callbacks 2009-10-12 22:15:43 -05:00
Joshua Peek 9bc8defe38 Use "run_callbacks :foo" since it is the public api for callbacks [#3329 
state:resolved]
 2009-10-12 21:58:49 -05:00
Yehuda Katz b9ce8216fa Fix a bug where render :text could not handle yield :symbol. Fixes guides generation 2009-10-10 00:31:12 -10:00
Yehuda Katz 16a48a95e3 Fix issue with standalone ActionView 2009-10-09 00:55:00 -10:00
Yehuda Katz 2954cf1369 Avoid super in define_method for Rubinius 2009-10-09 00:54:12 -10:00
Yehuda Katz ee37ff46e9 Get rid of constant name usage for stack trace help in favor of overriding #inspect and .name. 2009-10-09 00:53:48 -10:00
Carl Lerche 992c2db76c Finish porting over the initializers to the app object and fix all the tests 2009-10-08 18:12:28 -07:00
Joshua Peek 3b6bdfc105 API change: content_tag_for outputs prefixed class name 2009-10-08 14:13:49 -05:00
Carl Lerche 665c7ad29d Fix warning spew for 1.9 2009-10-08 10:58:04 -07:00
Michael Koziarski c352ec060c error procs have to be safe too 2009-10-08 12:13:48 +13:00
Michael Koziarski 9415935902 Switch to on-by-default XSS escaping for rails. 
This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.
 2009-10-08 09:31:20 +13:00
Yehuda Katz 3916f0340e Not calling a private method anymore 2009-10-07 00:33:13 -10:00
Yehuda Katz e57197a967 Fix warning spew 2009-10-06 22:36:14 -10:00
Joshua Peek b480da5cd6 Coerce all out going body parts to Strings 2009-10-05 13:58:43 -05:00
Joshua Peek 76d823677f Revert "Revert "Fix Dispatch.new so passenger works" as it broke the build" 
This reverts commit 49b52cadc2.
 2009-10-05 09:17:51 -05:00
Michael Koziarski 49b52cadc2 Revert "Fix Dispatch.new so passenger works" as it broke the build 
This reverts commit c97c31b096.
 2009-10-05 17:23:37 +13:00
Joshua Peek c97c31b096 Fix Dispatch.new so passenger works 2009-10-04 12:45:53 -05:00
Joshua Peek 31319b471b NumberHelper depends on big decimal extensions 2009-10-03 22:06:25 -05:00
Carl Lerche 420004e030 Initialize a new instance of Rails.application during integration tests 
This is to fix the AWDWR tests until the application object is refactored to be a singleton.
 2009-09-30 12:39:26 -07:00
Erik Ostrom 8ffc2e3b8d Ported the new ActionView::TestCase from 2-3-stable to master [#3260 
state:resolved]

The test case now mimicks the template environment more closely, so it's
possible to use render, load helper dependencies.

This also fixes assert_select, and similar assertions. Because view tests
and helpers generally don't render full templates assert_select looks
first in rendered and then in output_buffer to find the rendered output.

Additional `master'-only changes: Made the Action Pack Rakefile run the
ActionView::TestCase tests, and made ActionView::Rendering#_render_text
always return a string.

Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-09-28 13:31:30 -05:00
John Trupiano c9318e9010 Introduce :almost keyword for distance_of_time_in_words. Make 1.75 days - 2 days return '2 days'. 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#3266 state:committed]
 2009-09-28 14:37:31 +13:00
Jay Pignata 8ef1cd9733 Enhancing distance_of_time_in_words to prefix year output with over and about depending upon how many months have elapsed 
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#3106 state:committed]
 2009-09-28 14:36:38 +13:00
Joshua Peek a6757a02e1 Move middleware and route configuration from AC::Dispatcher to Rails application object 2009-09-26 21:59:28 -05:00
Joshua Peek 14866fa3d8 Allow setting a default application for all integration tests 2009-09-26 21:38:48 -05:00
Joshua Peek acfeec5151 Allow integration test rack app to be set with "@app" ivar instead of using open_session 2009-09-26 20:51:05 -05:00
Joshua Peek 1f72700575 Move default middleware stack into initializer 2009-09-26 13:41:32 -05:00
Joshua Peek ef58194129 Move Rails::Static into ActionDispatch 2009-09-26 11:37:42 -05:00
Joshua Peek dfbd3b9409 Extract "parse_config" into AD 2009-09-25 21:40:55 -05:00
Joshua Peek 088ce2904d Fix generic url rewriter in integration tests 2009-09-25 11:10:39 -05:00
Jeremy Kemper 0bd6e933c0 Restore split between require-time and runtime load path mungery. Simplifies vendor requires. 2009-09-24 18:38:18 -07:00
Yehuda Katz + Carl Lerche f0dd77c6be Move railties/lib/* into railties/lib/* 2009-09-24 16:11:41 -07:00
Joshua Peek 610b81beca Clean up log output for rendered templates 2009-09-24 12:30:13 -05:00
Joshua Peek 9f96708f53 Resurrect AC::Benchmarking [#3140 state:resolved] 2009-09-24 12:13:09 -05:00
Joshua Peek 3fb623fa90 SessionRestoreError belongs in AD 2009-09-23 23:37:31 -05:00
Joshua Peek 542ddde5d4 Move helpers specific to functional tests out of TestProcess into AC::TestCase 2009-09-23 23:03:24 -05:00
Joshua Peek 4a55d1de8d Move integration test runner into ActionDispatch 2009-09-23 22:38:19 -05:00
José Valim 2407479603 Fixes Sam Ruby tests suite. 
Signed-off-by: Yehuda Katz <wycats@gmail.com>
 2009-09-21 17:56:24 -07:00
José Valim a0233dd3b2 Use NewCallbacks on ActionDispatch::Callbacks. 2009-09-20 10:56:38 -03:00
José Valim 7cc1c2e71d Add Orchestra instrumentation to fragment and page caching. 2009-09-20 10:56:38 -03:00
José Valim 8f47f311b7 Instrument process_action, render and sql. 2009-09-20 10:56:38 -03:00
Yehuda Katz 81c421386c 1.9 fix for changes to #to_s. By Sam Ruby. [#3228 state:resolved] 2009-09-18 10:35:42 -07:00
Joshua Peek 23e72d4cc8 Forward all methods to delayed log 2009-09-16 22:34:44 -05:00
José Valim befec8a0d8 Remove unused code in ActionView. 
Signed-off-by: Yehuda Katz <wycats@gmail.com>
 2009-09-15 16:18:10 -07:00
Joshua Peek 52aeb8d2e7 Beef up AD::Rescue to replace global exception handling lost in ApplicationController 2009-09-15 16:33:15 -05:00
Joshua Peek 90d7ae23c6 Remove global exception catching from ApplicationController. 
It was severely broken since it was ported to NewBase and is causing problems with normal exception catching. A replacement is coming soon.
 2009-09-15 10:05:46 -05:00
Jeremy Kemper b8e914709c Require active_support after autoload setup 2009-09-14 13:04:43 -07:00
Jeremy Kemper af68eb99c1 Uses extlib_inheritable_accessor 2009-09-14 13:04:43 -07:00
Joshua Peek b2f0b8cbda Rollback AS bundler work and improve activation of vendored dependencies 2009-09-13 22:55:46 -05:00
Joshua Peek 67eb892e94 AV::UrlHelper depends on Array#second 2009-09-13 17:25:40 -05:00
Joshua Peek 8491b77f55 Omit PATH_INFO in integration test so rack mock will properly override it 2009-09-13 17:15:35 -05:00
Joshua Peek a01bf41c61 Lazy require memcache for session middleware 2009-09-13 15:30:55 -05:00
Joshua Peek a9f5f4bb45 Don't force test suite to use bundler 2009-09-13 12:42:13 -05:00
Michael Koziarski 81cba78e9e Merge commit 'alloy/master-nested_attributes_and_autosave' 2009-09-13 10:32:24 +12:00
Yehuda Katz 76cd4cb27e Memoize in the endpoint. 2009-09-12 15:38:34 -05:00
Yehuda Katz 7152a4e9a6 Add per-controller middleware 2009-09-12 13:51:15 -05:00
Andrew France 1b78e9bba3 Allow fields_for on a nested_attributes association to accept an explicit collection to be used. [#2648 state:resolved] 
Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
 2009-09-12 15:50:05 +02:00
Jeremy Kemper 8682d76cc9 Revert "Allow frameworks to be required by their gem name" 
This has just been confusing. Better to educate than band-aid.

This reverts commit 18a24274ec.
Originally from http://dev.rubyonrails.org/ticket/8845 [drnic]
 2009-09-12 02:41:01 -07:00
Nathaniel Talbott f024aabee3 Fix filtering parameters when there are Fixnum or other un-dupable values. 
[#3184 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-09-10 18:53:50 -07:00
José Valim af5b12c64c Fix callbacks on ActionPack. 
Signed-off-by: Yehuda Katz <wycats@gmail.com>
 2009-09-08 10:28:28 -07:00
Joshua Peek c531bd6665 Cleanup hacky routing with controller_path in url helper tests. This doesn't work in real life anyway. 2009-09-06 22:29:29 -05:00
Michael Koziarski b16e0c9223 Clean tag attributes before passing through the escape_once logic. 
Addresses CVE-2009-3009
 2009-09-04 09:25:38 +12:00
Jay Pignata bd97c3044a CookieStore should not be derived from Hash - reverting [#2268 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-09-03 15:15:15 -05:00
Yehuda Katz + Carl Lerche 119793a4c1 Replace :formats => ["*/*"] with the default formats set 2009-09-03 12:52:53 -07:00
Yehuda Katz + Carl Lerche e3744166ec Refactor ActionController to use find_template and template_exists? 2009-09-03 12:52:53 -07:00
Sam Pohlenz 4b6321efa9 Don't raise exceptions for missing javascript_include_tag or stylesheet_link_tag sources unless the :cache or :concat options are given. [#2738 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-09-03 14:01:01 -05:00
Yehuda Katz + Carl Lerche f3fc5c4b5f Refactor ActionView::Resolver 2009-09-03 11:18:57 -07:00
Yehuda Katz + Carl Lerche dd34691b8d Extract finding the template in AC to it's own method 2009-09-03 11:18:56 -07:00
Jay Pignata e0f1a7dc19 If session_options[:id] is requested when using CookieStore, unmarshal the session to access it [#2268 state:resolved] 
Signed-off-by: Joshua Peek <josh@joshpeek.com>
 2009-09-03 11:50:01 -05:00
Yehuda Katz + Carl Lerche 66a4585f88 Fix the */* with Net::HTTP bug [#3100 state:resolved] 2009-09-01 15:54:29 -07:00
Joshua Peek a79790e1a5 rack-test 0.4.2 has rack 1.1.pre goodies, we'll use it instead 2009-08-31 23:08:20 -05:00
Joshua Peek 5e5e34377c Back off rack 1.1-pre and bundle in the new testing goodies 2009-08-31 15:39:19 -05:00
Joshua Peek 8974ab2e2e action_dispatch and action_view are just more autoloads, so its okay to require them 2009-08-31 14:49:59 -05:00
Joshua Peek c63dac81c1 Switch over to rack-test gem 2009-08-31 14:27:10 -05:00
Joshua Peek 6f40139b53 SessionHash#update and SessionHash#delete are missing a call to load! [#3056 state:resolved] 2009-08-31 13:39:06 -05:00
José Valim 3f78de67b5 Ensure that blocks are also handled inside the responder. 2009-08-29 18:21:19 +02:00
José Valim 684a6b3c71 Attempt to render the template inside the responder, so it can be used for caching and pagination. 
Signed-off-by: Yehuda Katz <wycats@gmail.com>
 2009-08-29 11:01:00 -05:00
Joshua Peek ba5995dcd9 Reset session in integration tests after changing routes to reload the middleware stack 2009-08-27 12:43:26 -05:00
Yehuda Katz bb91beabbd Remove some old cruft 2009-08-27 05:00:57 -05:00
Carl Lerche 6a001e925e Require necessary active_support files in cookie store 2009-08-26 23:07:55 -07:00
Carl Lerche 4467fa7d24 Fixed stupid mistake... nothing to see here. 2009-08-26 20:51:54 -07:00
Carl Lerche 78ced08338 Add a default parameter for Resolver#initialize 2009-08-26 19:52:18 -07:00
Carl Lerche 2890760665 Set the request and response in ActionController::Middleware 2009-08-26 19:52:18 -07:00
Carl Lerche efbd535f36 Have AbstractController::Logger#process_action return super's value 2009-08-26 19:52:17 -07:00
Jeffrey Hardy 05b529ca57 UrlRewriter#rewrite_url should call #to_param on the value given in :anchor option, just as #url_for does 
[#2746 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-08-26 14:11:26 -07:00
Akira Matsuda cc9af20da7 I18n: use I18n for select helpers' prompt text 
[#2252 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-08-26 13:55:57 -07:00
Jeremy Kemper a7ca5595a2 Revert "I18n: use I18n for select helpers' prompt text" 
Broke CI.

[#2252 state:open]

This reverts commit adedf72821.
 2009-08-26 12:12:40 -07:00
Akira Matsuda adedf72821 I18n: use I18n for select helpers' prompt text 
[#2252 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
 2009-08-26 11:29:16 -07:00
Yehuda Katz 9408fcd2e8 Create new ActionController::Middleware class that will work as a normal Rack middleware. 
* This initial implementation is a bit hackish, but it uses a normal middleware API
    so it's future-proof when we improve the internals.
 2009-08-26 00:18:52 -07:00
Yehuda Katz + Carl Lerche 5bc66f160d And the same thing for Basic 2009-08-25 17:34:07 -07:00