rails/CHANGELOG.md at 1abf15657b47b32dd5ba295bcdb618b41b46c0bc

304 KiB

Raw Blame History

Rails 4.0.0 (unreleased)

Copy literal route constraints to defaults so that url generation know about them. The copied constraints are :protocol, :subdomain, :domain, :host and :port.

Andrew White
respond_to and respond_with now raise ActionController::UnknownFormat instead of directly returning head 406. The exception is rescued and converted to 406 in the exception handling middleware. Steven Soroka
Allows assert_redirected_to to match against a regular expression. Andy Lindeman
Add backtrace to development routing error page. Richard Schneeman
Replace include_seconds boolean argument with :include_seconds => true option in distance_of_time_in_words and time_ago_in_words signature. Dmitriy Kiriyenko
Remove button_to_function and link_to_function helpers. Rafael Mendonça França
Make current object and counter (when it applies) variables accessible when rendering templates with :object / :collection. Carlos Antonio da Silva
JSONP now uses mimetype application/javascript instead of application/json. omjokine
Allow to lazy load default_form_builder by passing a String instead of a constant. Piotr Sarnacki
Session arguments passed to process calls in functional tests are now merged into the existing session, whereas previously they would replace the existing session. This change may break some existing tests if they are asserting the exact contents of the session but should not break existing tests that only assert individual keys.

Andrew White
Add index method to FormBuilder class. Jorge Bejar
Remove the leading \n added by textarea on assert_select. Santiago Pastorino
Changed default value for config.action_view.embed_authenticity_token_in_remote_forms to false. This change breaks remote forms that need to work also without javascript, so if you need such behavior, you can either set it to true or explicitly pass :authenticity_token => true in form options
Added ActionDispatch::SSL middleware that when included force all the requests to be under HTTPS protocol. Rafael Mendonça França
Add include_hidden option to select tag. With :include_hidden => false select with multiple attribute doesn't generate hidden input with blank value. Vasiliy Ermolovich
Removed default size option from the text_field, search_field, telephone_field, url_field, email_field helpers. Philip Arndt
Removed default cols and rows options from the text_area helper. Philip Arndt
Adds support for layouts when rendering a partial with a given collection. serabe
Allows the route helper root to take a string argument. For example, root 'pages#main'. bcardarella
Forms of persisted records use always PATCH (via the _method hack). fxn
For resources, both PATCH and PUT are routed to the update action. fxn

Don't ignore force_ssl in development. This is a change of behavior - use a :if condition to recreate the old behavior.

class AccountsController < ApplicationController
  force_ssl :if => :ssl_configured?

  def ssl_configured?
    !Rails.env.development?
  end
end

Pat Allan

Adds support for the PATCH verb:
- Request objects respond to patch?.
- Routes have a new patch method, and understand :patch in the existing places where a verb is configured, like :via.
- New method patch available in functional tests.
- If :patch is the default verb for updates, edits are tunneled as PATCH rather than as PUT, and routing acts accordingly.
- New method patch_via_redirect available in integration tests.
dlee
Integration tests support the OPTIONS method. Jeremy Kemper
expires_in accepts a must_revalidate flag. If true, "must-revalidate" is added to the Cache-Control header. fxn
Add date_field and date_field_tag helpers which render an input[type="date"] tag Olek Janiszewski
Adds image_url, javascript_url, stylesheet_url, audio_url, video_url, and font_url to assets tag helper. These URL helpers will return the full path to your assets. This is useful when you are going to reference this asset from external host. Prem Sichanugrist
Default responder will now always use your overridden block in respond_with to render your response. Prem Sichanugrist
Allow value_method and text_method arguments from collection_select and options_from_collection_for_select to receive an object that responds to :call, such as a proc, to evaluate the option in the current element context. This works the same way with collection_radio_buttons and collection_check_boxes.

Carlos Antonio da Silva + Rafael Mendonça França
Add collection_check_boxes form helper, similar to collection_select: Example:

collection_check_boxes :post, :author_ids, Author.all, :id, :name

Outputs something like:
D. Heinemeier Hansson D. Thomas
The label/check_box pairs can be customized with a block.

Carlos Antonio da Silva + Rafael Mendonça França
Add collection_radio_buttons form helper, similar to collection_select: Example:

collection_radio_buttons :post, :author_id, Author.all, :id, :name

Outputs something like:
D. Heinemeier Hansson D. Thomas
The label/radio_button pairs can be customized with a block.

Carlos Antonio da Silva + Rafael Mendonça França
check_box with :form html5 attribute will now replicate the :form attribute to the hidden field as well. Carlos Antonio da Silva
Turn off verbose mode of rack-cache, we still have X-Rack-Cache to check that info. Closes #5245. Santiago Pastorino
label form helper accepts :for => nil to not generate the attribute. Carlos Antonio da Silva
Add :format option to number_to_percentage Rodrigo Flores
Add config.action_view.logger to configure logger for ActionView. Rafael Mendonça França
Deprecated ActionController::Integration in favour of ActionDispatch::Integration
Deprecated ActionController::IntegrationTest in favour of ActionDispatch::IntegrationTest
Deprecated ActionController::PerformanceTest in favour of ActionDispatch::PerformanceTest
Deprecated ActionController::AbstractRequest in favour of ActionDispatch::Request
Deprecated ActionController::Request in favour of ActionDispatch::Request
Deprecated ActionController::AbstractResponse in favour of ActionDispatch::Response
Deprecated ActionController::Response in favour of ActionDispatch::Response
Deprecated ActionController::Routing in favour of ActionDispatch::Routing
check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form. This is a behavior change, previously the hidden tag had a value of the disabled checkbox. Tadas Tamosauskas
favicon_link_tag helper will now use the favicon in app/assets by default. Lucas Caton
ActionView::Helpers::TextHelper#highlight now defaults to the HTML5 mark element. Brian Cardarella

Rails 3.2.3 (March 30, 2012)

Add config.action_view.embed_authenticity_token_in_remote_forms (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing :authenticity_token => true in form options Piotr Sarnacki
Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value DHH
Upgrade rack-cache to 1.2. José Valim
ActionController::SessionManagement is removed. Santiago Pastorino
Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. José Valim
Add a new line after the textarea opening tag. Closes #393 Rafael Mendonça França
Always pass a respond block from to responder. We should let the responder decide what to do with the given overridden response block, and not short circuit it. Prem Sichanugrist
Fixes layout rendering regression from 3.2.2. José Valim

Rails 3.2.2 (March 1, 2012)

Format lookup for partials is derived from the format in which the template is being rendered. Closes #5025 part 2 Santiago Pastorino
Use the right format when a partial is missing. Closes #5025. Santiago Pastorino
Default responder will now always use your overridden block in respond_with to render your response. Prem Sichanugrist
check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form. This is a behavior change, previously the hidden tag had a value of the disabled checkbox. Tadas Tamosauskas

Rails 3.2.1 (January 26, 2012)

Documentation improvements.
Allow form.select to accept ranges (regression). Jeremy Walker
datetime_select works with -/+ infinity dates. Joe Van Dyk

Rails 3.2.0 (January 20, 2012)

Add config.action_dispatch.default_charset to configure default charset for ActionDispatch::Response. Carlos Antonio da Silva
Deprecate setting default charset at controller level, use the new config.action_dispatch.default_charset instead. Carlos Antonio da Silva
Deprecate ActionController::UnknownAction in favour of AbstractController::ActionNotFound. Carlos Antonio da Silva
Deprecate ActionController::DoubleRenderError in favour of AbstractController::DoubleRenderError. Carlos Antonio da Silva
Deprecate method_missing handling for not found actions, use action_missing instead. Carlos Antonio da Silva
Deprecate ActionController#rescue_action, ActionController#initialize_template_class, and ActionController#assign_shortcuts. These methods were not being used internally anymore and are going to be removed in Rails 4. Carlos Antonio da Silva
Use a BodyProxy instead of including a Module that responds to close. Closes #4441 if Active Record is disabled assets are delivered correctly Santiago Pastorino
Rails initialization with initialize_on_precompile = false should set assets_dir Santiago Pastorino
Add font_path helper method Santiago Pastorino
Depends on rack ~> 1.4.0 Santiago Pastorino
Add :gzip option to caches_page. The default option can be configured globally using page_cache_compression Andrey Sitnik
The ShowExceptions middleware now accepts a exceptions application that is responsible to render an exception when the application fails. The application is invoked with a copy of the exception in env["action_dispatch.exception"] and with the PATH_INFO rewritten to the status code. José Valim
Add button_tag support to ActionView::Helpers::FormBuilder.

This support mimics the default behavior of submit_tag.

Example:
```
<%= form_for @post do |f| %>
  <%= f.button %>
<% end %>
```
Date helpers accept a new option, :use_two_digit_numbers = true, that renders select boxes for months and days with a leading zero without changing the respective values. For example, this is useful for displaying ISO8601-style dates such as '2011-08-01'. Lennart Fridén and Kim Persson
Make ActiveSupport::Benchmarkable a default module for ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be DHH
Deprecated implied layout lookup in controllers whose parent had a explicit layout set:
```
class ApplicationController
  layout "application"
end

class PostsController < ApplicationController
end
```
In the example above, Posts controller will no longer automatically look up for a posts layout.

If you need this functionality you could either remove layout "application" from ApplicationController or explicitly set it to nil in PostsController. José Valim
Rails will now use your default layout (such as "layouts/application") when you specify a layout with :only and :except condition, and those conditions fail. Prem Sichanugrist

For example, consider this snippet:
```
class CarsController
  layout 'single_car', :only => :show
end
```
Rails will use 'layouts/single_car' when a request comes in :show action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.

form_for with +:as+ option uses "#{action}_#{as}" as css class and id:

Before:

form_for(@user, :as => 'client') # => "<form class="client_new">..."

Now:

form_for(@user, :as => 'client') # => "<form class="new_client">..."

Vasiliy Ermolovich

Allow rescue responses to be configured through a railtie as in config.action_dispatch.rescue_responses. Please look at ActiveRecord::Railtie for an example José Valim
Allow fresh_when/stale? to take a record instead of an options hash DHH
Assets should use the request protocol by default or default to relative if no request is available Jonathan del Strother
Log "Filter chain halted as CALLBACKNAME rendered or redirected" every time a before callback halts José Valim
You can provide a namespace for your form to ensure uniqueness of id attributes on form elements. The namespace attribute will be prefixed with underscore on the generate HTML id. Vasiliy Ermolovich

Example:
```
<%= form_for(@offer, :namespace => 'namespace') do |f| %>
  <%= f.label :version, 'Version' %>:
  <%= f.text_field :version %>
<% end %>
```
Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when consider_all_requests_local is false.

It's possible to override show_detailed_exceptions? in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless show_detailed_exceptions? is overridden and set to request.local?.
Responders now return 204 No Content for API requests without a response body (as in the new scaffold) José Valim
Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog DHH
Limit the number of options for select_year to 1000.

Pass the :max_years_allowed option to set your own limit.

Libo Cannici
Passing formats or handlers to render :template and friends is deprecated. For example: Nick Sutterer & José Valim
```
render :template => "foo.html.erb"
```
Instead, you can provide :handlers and :formats directly as option: render :template => "foo", :formats => [:html, :js], :handlers => :erb
Changed log level of warning for missing CSRF token from :debug to :warn. Mike Dillon
content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block Prem Sichanugrist

So instead of having to do this:
```
@items.each do |item|
  content_tag_for(:li, item) do
     Title: <%= item.title %>
  end
end
```
You can now do this:
```
content_tag_for(:li, @items) do |item|
  Title: <%= item.title %>
end
```
send_file now guess the mime type Esad Hajdarevic
Mime type entries for PDF, ZIP and other formats were added Esad Hajdarevic
Generate hidden input before select with :multiple option set to true. This is useful when you rely on the fact that when no options is set, the state of select will be sent to rails application. Without hidden field nothing is sent according to HTML spec Bogdan Gusiev
Refactor ActionController::TestCase cookies Andrew White

Assigning cookies for test cases should now use cookies[], e.g:
```
cookies[:email] = 'user@example.com'
get :index
assert_equal 'user@example.com', cookies[:email]
```
To clear the cookies, use clear, e.g:
```
cookies.clear
get :index
assert_nil cookies[:email]
```
We now no longer write out HTTP_COOKIE and the cookie jar is persistent between requests so if you need to manipulate the environment for your test you need to do it before the cookie jar is created.
ActionController::ParamsWrapper on ActiveRecord models now only wrap attr_accessible attributes if they were set, if not, only the attributes returned by the class method attribute_names will be wrapped. This fixes the wrapping of nested attributes by adding them to attr_accessible.

Rails 3.1.4 (March 1, 2012)

Skip assets group in Gemfile and all assets configurations options when the application is generated with --skip-sprockets option.

Guillermo Iguaran
Use ProcessedAsset#pathname in Sprockets helpers when debugging is on. Closes #3333 #3348 #3361.

Guillermo Iguaran
Allow to use asset_path on named_routes aliasing RailsHelper's asset_path to path_to_asset Adrian Pike
Assets should use the request protocol by default or default to relative if no request is available Jonathan del Strother

Rails 3.1.3 (November 20, 2011)

Downgrade sprockets to ~> 2.0.3. Using 2.1.0 caused regressions.
Fix using translate helper with a html translation which uses the :count option for pluralization.

Jon Leighton

Rails 3.1.2 (November 18, 2011)

Fix XSS security vulnerability in the translate helper method. When using interpolation in combination with HTML-safe translations, the interpolated input would not get HTML escaped. GH 3664

Before:
```
translate('foo_html', :something => '<script>') # => "...<script>..."
```
After:
```
translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
```
Sergey Nartimov
Upgrade sprockets dependency to ~> 2.1.0
Ensure that the format isn't applied twice to the cache key, else it becomes impossible to target with expire_action.

Christopher Meiklejohn
Swallow error when can't unmarshall object from session.

Bruno Zanchet
Implement a workaround for a bug in ruby-1.9.3p0 where an error would be raised while attempting to convert a template from one encoding to another.

Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.

The workaround is to load all conversions into memory ahead of time, and will only happen if the ruby version is exactly 1.9.3p0. The hope is obviously that the underlying problem will be resolved in the next patchlevel release of 1.9.3.

Jon Leighton
Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)

Rails 3.1.1 (October 07, 2011)

javascript_path and stylesheet_path now refer to /assets if asset pipelining is on. Santiago Pastorino
button_to support form option. Now you're able to pass for example 'data-type' => 'json'. ihower
image_path and image_tag should use /assets if asset pipelining is turned on. Closes #3126 Santiago Pastorino and christos
Avoid use of existing precompiled assets during rake assets:precompile run. Closes #3119 Guillermo Iguaran
Copy assets to nondigested filenames too Santiago Pastorino
Give precedence to config.digest = false over the existence of manifest.yml asset digests christos
escape options for the stylesheet_link_tag method Alexey Vakhov
Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so it works on Windows cablegram
env var passed to process shouldn't be modified in process method. Santiago Pastorino
rake assets:precompile loads the application but does not initialize it. To the app developer, this means configuration add in config/initializers/* will not be executed. Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets. José Valim
Sprockets uses config.assets.prefix for asset_path asee
FileStore key_file_path properly limit filenames to 255 characters. phuibonhoa
Fix Hash#to_query edge case with html_safe strings. brainopia
Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation. Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. Santiago Pastorino
Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. Mark J. Titorenko
Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 Guillermo Iguaran
Fix basic auth credential generation to not make newlines. GH #2882
Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled. Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. Guillermo Iguaran
CookieJar is now Enumerable. Fixes #2795
Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 Guillermo Iguaran
Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 Guillermo Iguaran
Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. Guillermo Iguaran

Rails 3.1.0 (August 30, 2011)

Param values are paramified in controller tests. David Chelimsky
x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. Santiago Pastorino
The submit form helper does not generate an id "object_name_id" anymore. fbrusatti
Make sure respond_with with :js tries to render a template in all cases José Valim
json_escape will now return a SafeBuffer string if it receives SafeBuffer string tenderlove
Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string Prem Sichanugrist
Fix escape_js to work correctly with the new SafeBuffer restriction Paul Gallagher
Brought back alternative convention for namespaced models in i18n thoefer

Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
It is prohibited to perform a in-place SafeBuffer mutation tenderlove

The old behavior of SafeBuffer allowed you to mutate string in place via method like sub!. These methods can add unsafe strings to a safe buffer, and the safe buffer will continue to be marked as safe.

An example problem would be something like this:
```
<%= link_to('hello world', @user).sub!(/hello/, params[:xss])  %>
```
In the above example, an untrusted string (params[:xss]) is added to the safe buffer returned by link_to, and the untrusted content is successfully sent to the client without being escaped. To prevent this from happening sub! and other similar methods will now raise an exception when they are called on a safe buffer.

In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
```
 <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
```
The new versions will now ensure that all strings returned by these methods on safe buffers are marked unsafe.

You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
Warn if we cannot verify CSRF token authenticity José Valim
Allow AM/PM format in datetime selectors Aditya Sanghi
Only show dump of regular env methods on exception screen (not all the rack crap) DHH
auto_link has been removed with no replacement. If you still use auto_link please install the rails_autolink gem: http://github.com/tenderlove/rails_autolink

tenderlove
Added streaming support, you can enable it with: José Valim
```
class PostsController < ActionController::Base
  stream :only => :index
end
```
Please read the docs at ActionController::Streaming for more information.
Added ActionDispatch::Request.ignore_accept_header to ignore accept headers and only consider the format given as parameter José Valim
Created ActionView::Renderer and specified an API for ActionView::Context, check those objects for more information José Valim
Added ActionController::ParamsWrapper to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default Prem Sichanugrist

This can be customized by setting ActionController::Base.wrap_parameters in config/initializer/wrap_parameters.rb
RJS has been extracted out to a gem. fxn
Implicit actions named not_implemented can be rendered. Santiago Pastorino
Wildcard route will always match the optional format segment by default. Prem Sichanugrist

For example if you have this route:
```
match '*pages' => 'pages#show'
```
by requesting '/foo/bar.json', your params[:pages] will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply :format => false like this:
```
match '*pages' => 'pages#show', :format => false
```

Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call DHH

class PostsController < ApplicationController
  USER_NAME, PASSWORD = "dhh", "secret"

  before_filter :authenticate, :except => [ :index ]

  def index
    render :text => "Everyone can see me!"
  end

  def edit
    render :text => "I'm only accessible if you know the password"
  end

  private
    def authenticate
      authenticate_or_request_with_http_basic do |user_name, password|
        user_name == USER_NAME && password == PASSWORD
      end
    end
end

..can now be written as

class PostsController < ApplicationController
  http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index

  def index
    render :text => "Everyone can see me!"
  end

  def edit
    render :text => "I'm only accessible if you know the password"
  end
end

Allow you to add force_ssl into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify :only or :except to specific it to particular action. DHH and Prem Sichanugrist

Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash DHH

form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })

Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper DHH
Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. Prem Sichanugrist, fxn
URL parameters which return false for to_param now appear in the query string (previously they were removed) Andrew White
URL parameters which return nil for to_param are now removed from the query string Andrew White
ActionDispatch::MiddlewareStack now uses composition over inheritance. It is no longer an array which means there may be methods missing that were not tested.
Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). Jakub Kuźma, Igor Wiedler
HTML5 button_tag helper. Rizwan Reza
Template lookup now searches further up in the inheritance chain. Artemave
Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. Piotr Sarnacki
url_for and named url helpers now accept :subdomain and :domain as options, Josh Kalderimis
The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). Josh Kalderimis
Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). Piotr Sarnacki
Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
```
tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
# => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
```
Keys are dasherized. Values are JSON-encoded, except for strings and symbols. Stephen Celis
Deprecate old template handler API. The new API simply requires a template handler to respond to call. José Valim
:rhtml and :rxml were finally removed as template handlers. José Valim
Moved etag responsibility from ActionDispatch::Response to the middleware stack. José Valim
Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. José Valim
file_field automatically adds :multipart => true to the enclosing form. Santiago Pastorino
Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. fxn
Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. Yehuda Katz, Carl Lerche

Rails 3.0.12 (March 1, 2012)

Fix using tranlate helper with a html translation which uses the :count option for pluralization.

Jon Leighton

Rails 3.0.11 (November 18, 2011)

Fix XSS security vulnerability in the translate helper method. When using interpolation in combination with HTML-safe translations, the interpolated input would not get HTML escaped. GH 3664

Before:

translate('foo_html', :something => '

304 KiB Raw Blame History