mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
56,233 Commits 61 Branches 565 Tags 420 MiB
Commit Graph

13005 Commits

Author SHA1 Message Date
Prathamesh Sonpatki 7ca7c0ef28 Put some space for non-assets requests in development mode 
- Fixes #23428.
 2016-02-03 15:48:38 +05:30
Sean Griffin 522099a13f Sleep well, sweet prince 
Prototype, you have served us well. But you are no longer how we make an
XMLHttpRequest. RIP
 2016-02-02 18:55:33 -07:00
Rafael França dd041934dd Merge pull request #23396 from pschambacher/pschambacher/fix_assert_generates 
Duplicate assert_generates options before modifying it
 2016-02-02 01:49:55 -02:00
Kang-Kyu Lee c4ac23bfa6 Update CHANGELOG.md 
fix indentation to show it as code
 2016-02-01 14:21:34 -08:00
Rafael Mendonça França 60b040e362 Add some Action Cable CHANGELOG entries 
And improve changelongs.

[ci skip]
 2016-02-01 19:57:50 -02:00
Sean Griffin 49f6ce63f3 Preparing for Rails 5.0.0.beta2 2016-02-01 14:37:52 -07:00
Kasper Timm Hansen 84c3738c14 Converge on filter. 
Some places were saying filter, while others said filter_options, spare the ambiguity
and use filter throughout.

This inlines a needless local variable and clarifies a route filter consists of defaults
and values to match against.
 2016-02-01 22:15:21 +01:00
Kasper Timm Hansen 5966b801ce Simplify filter normalization. 
Assume the filter is a string, if it wasn't a hash and isn't nil. Remove needless else
and rely on Ruby's default nil return.

Add spaces within hash braces.
 2016-02-01 22:11:52 +01:00
Kasper Timm Hansen baae952588 Merge pull request #23225 from vipulnsward/20420-rake-routes-options 
Add options for rake routes task
 2016-02-01 22:09:22 +01:00
Vipul A M 8a436fdd98 Add options for rake routes task 
Add two options: `-c` and `-g`.
`-g` option returns the urls name, verb and path fields that match the pattern.
`-c` option returns the urls for specific controller.

Fixes #18902, and Fixes #20420

[Anton Davydov & Vipul A M]
 2016-02-02 00:27:30 +05:30
Jon Moss b3427c662e Add documentation for #17573 
Fixes some parts of #23148.

[ci skip]
 2016-02-01 13:28:30 -05:00
Pierre Schambacher c3639458af Duplicate assert_generates options before modifying it 2016-02-01 11:51:45 +00:00
Matthew Draper d6f2000a67 Wrangle the asset build into something that sounds more general 2016-02-01 05:03:03 +10:30
Rafael França 8d30ef7cdd Merge pull request #23342 from y-yagi/remove_unused_variable 
remove unused variable from render test
 2016-01-30 12:11:02 -05:00
Rafael França dfde688496 Merge pull request #23343 from y-yagi/remove_unused_require 
remove unused require
 2016-01-30 12:10:47 -05:00
eileencodes c4d85dfbc7 Handle response_body= when body is nil 
There are some cases when the `body` in `response_body=` can be set to
nil. One of those cases is in `actionpack-action_caching` which I found
while upgrading it for Rails 5.

It's not possible to run `body.each` on a `nil` body so we have to
return after we run `response.reset_body!`.
 2016-01-30 09:42:59 -05:00
yuuji.yaginuma a027a750d0 remove unused require 
`with_indifferent_access` had been used in `assigns` method, but has been removed in ca83436.
 2016-01-30 13:50:22 +09:00
yuuji.yaginuma 647a04cdbc remove unused variable from render test 
This removes the following warning.

```
rails/actionpack/test/controller/render_test.rb:278: warning: assigned but unused variable - response
```
 2016-01-30 13:40:12 +09:00
Tawan Sierek 349f187f58 Add additional documentation on Headers#[] [ci skip] 
Issue #16519 covers confusion potentially caused by how HTTP
headers, that contain underscores in their names, are retrieved
through `ActionDispatch::Http::Headers#[]`.

This confusion has its origin in how a CGI maps HTTP header names
to variable names. Even though underscores in header names
are rarely encountered, they are valid according to RFC822 [1].
Nonetheless CGI like variable names, as requested by the Rack
specfication, will only contain underscores and therefore the
original header name cannot be recovered after the Rack server passed
on the environemnt hash. Please, see also the disscussion on
StackOverflow [2], which also links to an explaination in the
nginx documentation [3].

[1] http://www.ietf.org/rfc/rfc822.txt
[2] http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names
[3] https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#missing-disappearing-http-headers
 2016-01-29 22:11:16 +01:00
Rafael Mendonça França f16709231d Merge pull request #22800 from dgynn/pr_cache_helper_options 
Restore ability to pass extra options to cache stores
 2016-01-29 00:15:19 -05:00
Aaron Patterson c082a7aae4 speed up accept header parsing a bit. 
Accept header is taken from what Safari on El Capitan sends:

```ruby
require 'benchmark/ips'
require 'action_dispatch/http/mime_type'
require 'active_support/all'

accept = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'

Benchmark.ips do |x|
  x.report "omg" do
    Mime::Type.parse(accept)
  end
end
```

Before:

```
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     3.181k i/100ms
-------------------------------------------------
                 omg     35.062k (±12.8%) i/s -    174.955k
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     3.153k i/100ms
-------------------------------------------------
                 omg     33.724k (±12.4%) i/s -    167.109k
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     3.575k i/100ms
-------------------------------------------------
                 omg     37.251k (±10.4%) i/s -    185.900k
```

After:

```
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     3.365k i/100ms
-------------------------------------------------
                 omg     40.069k (±16.1%) i/s -    198.535k
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     4.168k i/100ms
-------------------------------------------------
                 omg     47.596k (± 7.7%) i/s -    237.576k
[aaron@TC actionpack (master)]$ be ruby ../x.rb
Calculating -------------------------------------
                 omg     4.282k i/100ms
-------------------------------------------------
                 omg     43.626k (±17.7%) i/s -    209.818k
```
 2016-01-28 16:08:15 -08:00
Aaron Patterson f8c9ef8401 convert AcceptList to a regular class 
we never use this custom array outside the mime type `parse` method.  We
can reduce the interaction to just a regular array, so we should use
that instead (IOW, there was nothing special about AcceptList so we
should remove it).
 2016-01-28 14:14:32 -08:00
eileencodes 5181d5c283 Run `file.close` before unlinking for travis 
This works on OSX but for some reason travis is throwing a
```
  1) Error:
ExpiresInRenderTest#test_dynamic_render_with_absolute_path:
NoMethodError: undefined method `unlink' for nil:NilClass
```
Looking at other tests in Railties the file has a name and we close
it before unlinking, so I'm going to try that.
 2016-01-28 15:23:55 -05:00
eileencodes 020d6fda29 Regression test for rendering file from absolute path 
Test that we are not allowing you to grab a file with an absolute path
outside of your application directory. This is dangerous because it
could be used to retrieve files from the server like `/etc/passwd`.
 2016-01-28 14:25:57 -05:00
Aaron Patterson a447252ac4 remove == from AcceptItem 
Remove nonsense definition of == from `AcceptItem`.  The definition only
compared names and not `q` values or even object identity.  The only use
was in the `assort!` method that really just wanted the index of the
item given the item's name.  Instead we just change the caller to use
`index` with the block form.
 2016-01-27 18:28:05 -08:00
Aaron Patterson 7fc79bc790 remove useless private methods 
This commit refactors the private methods that were just aliases to []
to just directly use [] and cache the return values on the stack.
 2016-01-27 18:28:05 -08:00
Aaron Patterson f7f59c2eb7 change `@app_xml_idx` to an lvar and cache it on the stack 
same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar
lookups and the `||=` call.
 2016-01-27 18:28:05 -08:00
Aaron Patterson 542b2e9c9b change `@text_xml_idx` to an lvar and cache it on the stack 
this eliminates the ivar lookup and also eliminates the `||=`
conditional that happens every time we called the `text_xml_idx` method.
 2016-01-27 18:28:04 -08:00
Marek 385e0a3311 Fix typo in strong params hash deprecation message 
and remove unecessary spaces in string interpolation.
 2016-01-27 18:41:48 +00:00
Akira Matsuda 5262bf544a doc typo 
[ci skip]
 2016-01-27 18:19:53 +09:00
Aaron Patterson 3844854af1 add a skip for failing test 2016-01-26 18:01:24 -08:00
Aaron Patterson 00285e7cf7 fix permitted? conditional for `render` calls 2016-01-26 18:00:49 -08:00
Aaron Patterson 9777a97ffa Merge pull request #23242 from maclover7/fix-error-sec 
Fix undefined error for `ActionController::Parameters`
 2016-01-26 17:24:37 -08:00
Jon Moss 534b12afb5 Fix undefined error for `ActionController::Parameters` 2016-01-26 20:16:40 -05:00
Aaron Patterson 0361d8449f clear view path cache between tests 
The cache for `render file:` seems to also be used in the case of
`render(string)`.  If one is supposed to be a hit and the other is
supposed to be a miss, and they both reference the same file, then the
cache could return incorrect values.  This commit clears the cache
between runs so that we get non-cached behavior.
 2016-01-26 17:06:31 -08:00
Aaron Patterson 6dfab475ca Merge branch '5-0-beta-sec' 
* 5-0-beta-sec:
  bumping version
  fix version update task to deal with .beta1.1
  Eliminate instance level writers for class accessors
  allow :file to be outside rails root, but anything else must be inside the rails view directory
  Don't short-circuit reject_if proc
  stop caching mime types globally
  use secure string comparisons for basic auth username / password
 2016-01-25 11:25:11 -08:00
Aaron Patterson 908c011395 bumping version 2016-01-25 10:22:15 -08:00
Vipul A M c7281b37ac Fix nodoc to internal class error document some of them 
[ci skip]
Fixes #20808

[Vipul A M & Julio Lopez]
 2016-01-25 23:04:40 +05:30
Aaron Patterson b7758b40fc allow :file to be outside rails root, but anything else must be inside the rails view directory 
CVE-2016-0752
 2016-01-22 15:02:27 -08:00
Aaron Patterson 51313c21a6 stop caching mime types globally 
Unknown mime types should not be cached globally.  This global cache
leads to a memory leak and a denial of service vulnerability.

CVE-2016-0751
 2016-01-22 15:00:31 -08:00
Aaron Patterson 17e6f1507b use secure string comparisons for basic auth username / password 
this will avoid timing attacks against applications that use basic auth.

CVE-2015-7576
 2016-01-22 14:55:14 -08:00
Vipul A M 48c03c59c3 rm changelog for unreleased changes fixes 
Based on https://github.com/rails/rails/pull/23167/files#r50507317

[ci skip]
 2016-01-22 12:43:03 +05:30
Rafael França 6fcc3c47eb Merge pull request #23167 from maclover7/fix-21032 
Fix `ActionController::Parameters#==` bug
 2016-01-21 17:34:55 -05:00
Jon Moss 627f736cc0 Fix `ActionController::Parameters#==` bug 
See bug #21032.
 2016-01-21 17:28:18 -05:00
Vipul A M 9b3dc9d850 - Fix warning introduced in 77acc004ef when fixing API responses. 
- render :text is deprecated, so added an assertion for it.
 2016-01-22 00:38:12 +05:30
sealocal 27a4e9345f remove doc reference to ActionController::MimeResponds#respond_to 2016-01-20 23:41:07 -08:00
sealocal 36b359f816 document simple example of ActionController::MimeResponds#respond_to 2016-01-20 23:39:46 -08:00
Jon Moss 77acc004ef Re-add ActionController::ApiRendering 
- Fixes bug #23142.
- Bug was occurring only with ActionController::API, because `_process_options` wasn't being run for API requests, even though it was being run for normal app requests.
 2016-01-20 19:16:23 -05:00
Aaron Patterson 06397336b2 Merge pull request #23140 from rails/fix-search-for-custom-routes 
Fix marking of custom routes for Journey
 2016-01-20 15:14:13 -08:00
Godfrey Chan 24e39ffb53 Merge pull request #17573 from zerothabhishek/master 
Response etags to always be weak: Prefixed 'W/' to value returned by Act...
 2016-01-20 14:27:52 -08:00