Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Aug 19, 2014
  1. @sikachu

    Make `AC::Params#to_h` return Hash with safe keys

    sikachu authored
    `ActionController::Parameters#to_h` now returns a `Hash` with
    unpermitted keys removed. This change is to reflect on a security
    concern where some method performed on an `ActionController::Parameters`
    may yield a `Hash` object which does not maintain `permitted?` status.
    If you would like to get a `Hash` with all the keys intact, duplicate
    and mark it as permitted before calling `#to_h`.
        params = 'Senjougahara Hitagi')
        params.to_h # => {}
        unsafe_params = params.dup.permit!
        unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
        safe_params = params.permit(:name)
        safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
    This change is consider a stopgap as we cannot chage the code to stop
    `ActionController::Parameters` to inherit from
    `HashWithIndifferentAccess` in the next minor release.
    Also, adding a CHANGELOG entry to mention that
    `ActionController::Parameters` will not inheriting from
    `HashWithIndifferentAccess` in the next major version.
Commits on Feb 18, 2014
  1. @sikachu

    Introduce `render :html` for render HTML string

    sikachu authored
    This is an option for to HTML content with a content type of
    `text/html`. This rendering option calls `ERB::Util.html_escape`
    internally to escape unsafe HTML string, so you will have to mark your
    string as html safe if you have any HTML tag in it.
    Please see #12374 for more detail.
  2. @sikachu

    Introduce `render :plain` for render plain text

    sikachu authored
    This is as an option to render content with a content type of
    `text/plain`. This is the preferred option if you are planning to render
    a plain text content.
    Please see #12374 for more detail.
  3. @sikachu

    Introduce `render :body` for render raw content

    sikachu authored
    This is an option for sending a raw content back to browser. Note that
    this rendering option will unset the default content type and does not
    include "Content-Type" header back in the response.
    You should only use this option if you are expecting the "Content-Type"
    header to not be set. More information on "Content-Type" header can be
    found on RFC 2616, section 7.2.1.
    Please see #12374 for more detail.
Commits on Feb 20, 2013
  1. @sikachu

    Remove XML Parser from ActionDispatch

    sikachu authored
    If you want an ability to parse XML parameters, please install
    `actionpack-xml_parser` gem.
Commits on Aug 24, 2012
  1. @sikachu

    Extract ActiveRecord::SessionStore from Rails

    sikachu authored
    This functionality will be available from gem
    `active_record-session_store` instead.
Commits on Aug 6, 2012
  1. @sikachu

    Do not include application.js if it doesn't exists

    sikachu authored
    Rails were including 'application.js' to the pack when using
    `javascript_include_tag :all` even there's no application.js in the
    public directory.
Commits on Feb 4, 2012
  1. @sikachu

    Add *_url helpers to get the full assets URL

    sikachu authored
    Adds `image_url`, `javascript_url`, `stylesheet_url`, `audio_url`,
    `video_url`, and `font_url` to assets tag helper. These URL helpers will
    return the full path to your assets. This is useful when you are going
    to reference this asset from external host.
Commits on Feb 3, 2012
  1. @sikachu

    Fix override API response bug in respond_with

    sikachu authored
    Default responder was only using the given respond block when user
    requested for HTML format, or JSON/XML format with valid resource. This
    fix the responder so that it will use the given block regardless of the
    validity of the resource. Note that in this case you'll have to check
    for object's validity by yourself in the controller.
    Fixes #4796
Commits on Dec 7, 2011
  1. @sikachu

    Allow layout fallback when using `layout` method

    sikachu authored
    Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail.
    For example, consider this snippet:
        class CarsController
          layout 'single_car', :only => :show
    Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
Something went wrong with that request. Please try again.