Skip to content
Commits on Nov 19, 2015
Commits on Nov 17, 2015
Commits on Nov 2, 2015
  1. Controller: don't do protect_from_forgery on HEAD requests

    committed Nov 2, 2015
    POST and other destructive actions should already be using $verify
    to ensure that the request is using POST, which will bail if a HEAD
    request is issued instead.
  2. Controller: add full page caching

    committed Nov 2, 2015
    Works like Rails (2.3) and uses the URL as the path to the cache
    file, appending .html unless it looks like there's already an
    extension in the url (like .rss)
    
    Add expire_page() to remove cached files by controller, action, and
    id
  3. Request: do more aggressive parsing and validating of urls

    committed Nov 2, 2015
    eliminate /../, /./, etc. from full url and path
  4. EncryptedCookieSessionStore: re-enable throwing an exception on bad data

    committed Nov 2, 2015
    fix test that was failing because headers_sent() was reporting true,
    despite this just coming from phpunit itself.
  5. router: fix route matching on a path component of "0"

    committed Nov 2, 2015
    php's empty() considers a string "0" to be empty, so use our own
    test function to work aroud this
Commits on Mar 2, 2015
Commits on May 4, 2012
Commits on Feb 8, 2012
Commits on Dec 19, 2011
  1. pass form method to output_remote_form_around_closure

    committed Dec 18, 2011
    don't include form_authenticity_token for GET forms
Commits on Dec 11, 2011
  1. always install rescuer, do cli exceptions properly, mask pdo passwords

    committed Dec 11, 2011
    when passing the pdo init string, pass it as a new
    StringMaskedDuringRescue which will pass the proper string through
    __toString(), but when it's printed in a rescue message, print its
    masked string
    
    in rescue functions, print arguments since they can be useful
  2. absolute namespace, just in case

    committed Dec 11, 2011
Commits on Nov 27, 2011
  1. don't protect setcookie() run, it still causes problems during rescue

    committed Nov 27, 2011
    just check whether headers have already been sent
Commits on Nov 22, 2011
Commits on Nov 19, 2011
  1. fix render([ "html" => "" ])

    committed Nov 19, 2011
Commits on Nov 18, 2011
Commits on Nov 13, 2011
  1. add flash_success and add_flash_successes(), like errors and notices

    committed Nov 13, 2011
    make notices print blue by default now, and successes in green
  2. introduce global function raw() to mark text as not-to-be-escaped

    committed Nov 13, 2011
    to remove ambiguity over what parts of built forms are escaped and
    and which are not, and increase security in everything else that
    prints html, run everything supplied by the application through h()
    to escape html.
    
    since there may be instances where html should be printed, like in
    flash_errors(), introduce a global function raw() that can be used
    to protect a string until it hits the helpers, where it will be
    recognized as a raw object and not run through h().  most things
    that did h() now do raw_or_h().
    
    note that the raw object must continue all the way through to the
    helper, so doing
    
        $this->add_flash_error(raw("<b>error:</b> ") . $somevar)
    
    does nothing, because the Raw object will get __toString()'d right
    away and get seen as a normal string when it gets to the helper,
    which will run h() on it.  the entire argument must be the raw
    object with your own html protection done on the parts you need it:
    
        $this->add_flash_error(raw("<b>error:</b> " . h($somevar)))
Commits on Nov 12, 2011
Commits on Nov 11, 2011
  1. fix encrypted cookie setting handling

    committed Nov 11, 2011
    session_get_cookie_params() is only useful before session_start() is
    called, for parameters set in config/boot.php.
    
    for per-request modification, that function has no effect, so trying
    to change the lifetime in a login controller won't work.
    
    read cookie parameters at session instance creation (which is after
    boot.php changed them) and allow each one to be overridden with
    \HalfMoon\EncryptedCookieSessionStore::set_lifetime() and similar.
  2. public static

    committed Nov 11, 2011
Commits on Nov 10, 2011
Something went wrong with that request. Please try again.