Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 782 lines (453 sloc) 27.901 kb
53c845c @rafaelfranca Preparing for 3.2.19 release
rafaelfranca authored
1 ## Rails 3.2.19 (Jul 2, 2014) ##
2
31a485f @carlosantoniodasilva Merge pull request #13183 from sorah/never_ignore_i18n_translate_raise_o...
carlosantoniodasilva authored
3 * Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
4 `options[:raise]`.
5
6 This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
7
8 *Shota Fukumori (sora_h)*
9
bbec7d7 @rafaelfranca Merge branch '3-2-sec' into 3-2-stable
rafaelfranca authored
10
4e8f1d2 @rafaelfranca Preparing for 3.2.18 release
rafaelfranca authored
11 ## Rails 3.2.18 (May 6, 2014) ##
12
13 * Only accept actions without File::SEPARATOR in the name.
14
15 This will avoid directory traversal in implicit render.
16
17 Fixes: CVE-2014-0130
18
19 *Rafael Mendonça França*
20
21
a3bda38 @rafaelfranca Merge branch '3-2-17' into 3-2-stable
rafaelfranca authored
22 ## Rails 3.2.17 (Feb 18, 2014) ##
23
666e9f6 @rafaelfranca Preparing for 3.2.17 release
rafaelfranca authored
24 * Use the reference for the mime type to get the format
25
26 Fixes: CVE-2014-0082
27
28 * Escape format, negative_format and units options of number helpers
29
30 Fixes: CVE-2014-0081
31
a3bda38 @rafaelfranca Merge branch '3-2-17' into 3-2-stable
rafaelfranca authored
32
666e9f6 @rafaelfranca Preparing for 3.2.17 release
rafaelfranca authored
33 ## Rails 3.2.16 (Dec 12, 2013) ##
31a485f @carlosantoniodasilva Merge pull request #13183 from sorah/never_ignore_i18n_translate_raise_o...
carlosantoniodasilva authored
34
6422630 @tenderlove updating the changelog
tenderlove authored
35 * Deep Munge the parameters for GET and POST Fixes CVE-2013-6417
36
37 * Stop using i18n's built in HTML error handling. Fixes: CVE-2013-4491
38
39 * Escape the unit value provided to number_to_currency Fixes CVE-2013-6415
40
41 * Only use valid mime type symbols as cache keys CVE-2013-6414
42
538f8ba @tenderlove updating changelogs
tenderlove authored
43 ## Rails 3.2.15 (Oct 16, 2013) ##
b972035 @rafaelfranca Fix the CHANGELOG headers [ci skip]
rafaelfranca authored
44
85106de @tamird make sure both headers are set before checking for ip spoofing
tamird authored
45 * Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
46 attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
47
48 Fixes #12410
49 Backports #10844
50
51 *Tamir Duberstein*
52
03ac291 @beedub pass the extra params to the rack test environment so that routes with b...
beedub authored
53 * Fix the assert_recognizes test method so that it works when there are
54 constraints on the querystring.
55
56 Issue/Pull Request #9368
57 Backport #5219
58
59 *Brian Hahn*
60
424a5a7 @kassio fix issue #11605
kassio authored
61 * Fix to render partial by context(#11605).
62
63 *Kassio Borges*
64
0f5ba6e @907th Fix `assert_redirected_to` does not show user-supplied message.
907th authored
65 * Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to`
66 does not show user-supplied message.
67
68 Issue: when `assert_redirected_to` fails due to the response redirect not
69 matching the expected redirect the user-supplied message (second parameter)
70 is not shown. This message is only shown if the response is not a redirect.
71
72 *Alexey Chernenkov*
73
e0db277 @rafaelfranca Fix actionpack CHANGELOG entry
rafaelfranca authored
74
75 ## Rails 3.2.14 (Jul 22, 2013) ##
76
622e4ab @pixeltrix Fix shorthand routes where controller and action are in the scope
pixeltrix authored
77 * Merge `:action` from routing scope and assign endpoint if both `:controller`
78 and `:action` are present. The endpoint assignment only occurs if there is
79 no `:to` present in the options hash so should only affect routes using the
80 shorthand syntax (i.e. endpoint is inferred from the the path).
81
82 Fixes #9856
83
84 *Yves Senn*, *Andrew White*
85
ca23e6d @rafaelfranca Add CHANGELOG entry for #10971
rafaelfranca authored
86 * Always escape the result of `link_to_unless` method.
87
88 Before:
89
90 link_to_unless(true, '<b>Showing</b>', 'github.com')
91 # => "<b>Showing</b>"
92
93 After:
94
95 link_to_unless(true, '<b>Showing</b>', 'github.com')
96 # => "&lt;b&gt;Showing&lt;/b&gt;"
97
98 *dtaniwaki*
99
9f754e8 @rafaelfranca Compare host scheme using case-insensitive regexp
rafaelfranca authored
100 * Use a case insensitive URI Regexp for #asset_path.
101
102 This fix a problem where the same asset path using different case are generating
103 different URIs.
104
105 Before:
106
107 image_tag("HTTP://google.com")
108 # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
109 image_tag("http://google.com")
110 # => "<img alt=\"Google\" src=\"http://google.com\" />"
111
112 After:
113
114 image_tag("HTTP://google.com")
115 # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
116 image_tag("http://google.com")
117 # => "<img alt=\"Google\" src=\"http://google.com\" />"
118
119 *David Celis + Rafael Mendonça França*
120
c9bd202 @rafaelfranca Improve the changelog entry [ci skip]
rafaelfranca authored
121 * Fix explicit names on multiple file fields. If a file field tag has
44a9aed @rmm5t Fix explicit names on multiple file fields
rmm5t authored
122 the multiple option, it is turned into an array field (appending `[]`),
c9bd202 @rafaelfranca Improve the changelog entry [ci skip]
rafaelfranca authored
123 but if an explicit name is passed to `file_field` the `[]` is not
124 appended.
125 Fixes #9830.
44a9aed @rmm5t Fix explicit names on multiple file fields
rmm5t authored
126
127 *Ryan McGeary*
128
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
129 * Fix assets loading performance in 3.2.13.
38d0647 @fredwu Added changelog for 687e68d
fredwu authored
130
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
131 Issue #8756 uses Sprockets for resolving files that already exist on disk,
132 for those files their extensions don't need to be rewritten.
afe5880 @rafaelfranca Improve CHANGELOG entry [ci skip]
rafaelfranca authored
133
134 Fixes #9803.
38d0647 @fredwu Added changelog for 687e68d
fredwu authored
135
136 *Fred Wu*
137
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
138 * Fix `ActionController#action_missing` not being called.
2c8f349 @rafaelfranca Merge pull request #9802 from newsline/fix-broken-action-missing
rafaelfranca authored
139 Fixes #9799.
140
141 *Janko Luin*
142
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
143 * `ActionView::Helpers::NumberHelper#number_to_human` returns the number unaltered when
1b12d08 @hoffm Backport #9347 to rails 3.2
hoffm authored
144 the units hash does not contain the needed key, e.g. when the number provided is less
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
145 than the largest key provided.
1b12d08 @hoffm Backport #9347 to rails 3.2
hoffm authored
146
147 Examples:
148
060fca7 @carlosantoniodasilva Fix formatting and minor review in AP changelog
carlosantoniodasilva authored
149 number_to_human(123, units: {}) # => 123
150 number_to_human(123, units: { thousand: 'k' }) # => 123
1b12d08 @hoffm Backport #9347 to rails 3.2
hoffm authored
151
152 Fixes #9269.
153 Backport #9347.
154
155 *Michael Hoffman*
156
ce75569 @jbarreneche Extract hardcoded lists to Redo::RestaurantsList
jbarreneche authored
157 * Include I18n locale fallbacks in view lookup.
158 Fixes GH#3512.
159
160 *Juan Barreneche*
a8e7a00 @carlosantoniodasilva Fix changelog conflicts and remove release dates [ci skip]
carlosantoniodasilva authored
161
162 * Fix `ActionDispatch::Request#formats` when the Accept request-header is an
163 empty string. Fix #7774 [Backport #8977, #9541]
164
165 *Soylent + Maxime Réty*
23434f6 @steveklabnik Update CHANGELOGs for 3.2.13 release.
steveklabnik authored
166
167
0e56c1d @claudiob Add release dates to documentation [ci skip]
claudiob authored
168 ## Rails 3.2.13 (Mar 18, 2013) ##
ce75569 @jbarreneche Extract hardcoded lists to Redo::RestaurantsList
jbarreneche authored
169
a0c3c1e @carlosantoniodasilva Merge pull request #9616 from exviva/multiple_select_name_double_square_...
carlosantoniodasilva authored
170 * Fix incorrectly appended square brackets to a multiple select box
171 if an explicit name has been given and it already ends with "[]".
172
173 Before:
174
175 select(:category, [], {}, multiple: true, name: "post[category][]")
176 # => <select name="post[category][][]" ...>
177
178 After:
179
180 select(:category, [], {}, multiple: true, name: "post[category][]")
181 # => <select name="post[category][]" ...>
182
183 Backport #9616.
184
185 *Olek Janiszewski*
186
a72dab0 @senny determine the match shorthand target early.
senny authored
187 * Determine the controller#action from only the matched path when using the
188 shorthand syntax. Previously the complete path was used, which led
189 to problems with nesting (scopes and namespaces).
190 Fixes #7554.
191 Backport #9361.
192
193 Example:
194
195 # this will route to questions#new
196 scope ':locale' do
197 get 'questions/new'
198 end
199
200 *Yves Senn*
201
a5013bb @josevalim Merge pull request #5288 from lest/patch-2
josevalim authored
202 * Fix `assert_template` with `render :stream => true`.
203 Fix #1743.
204 Backport #5288.
205
206 *Sergey Nartimov*
207
1129cb3 Fix typo on CHANGELOG.md
Érik Escobedo authored
208 * Eagerly populate the http method lookup cache so local project inflections do
5f3b40e @asanghi fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP ...
asanghi authored
209 not interfere with use of underscore method ( and we don't need locks )
210
211 *Aditya Sanghi*
212
9669aa7 @rafaelfranca Merge pull request #8914 from nilbus/fix-header-bloat
rafaelfranca authored
213 * `BestStandardsSupport` no longer duplicates `X-UA-Compatible` values on
214 each request to prevent header size from blowing up.
215
216 *Edward Anderson*
217
7003b36 @dylanahsmith Fix JSON params parsing regression for non-object JSON content.
dylanahsmith authored
218 * Fixed JSON params parsing regression for non-object JSON content.
219
220 *Dylan Smith*
221
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
222 * Prevent unnecessary asset compilation when using `javascript_include_tag` on
223 files with non-standard extensions.
3debd57 @carlosantoniodasilva Bump rack dependency to 1.4.3
carlosantoniodasilva authored
224
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
225 *Noah Silas*
3debd57 @carlosantoniodasilva Bump rack dependency to 1.4.3
carlosantoniodasilva authored
226
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
227 * Fixes issue where duplicate assets can be required with sprockets.
f55ef82 @jejacks0n Fixes issue where duplicate assets can be required with sprockets.
jejacks0n authored
228
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
229 *Jeremy Jackson*
9bc5e65 @noahsilas Fix javascript_include_tag when no js runtime is available
noahsilas authored
230
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
231 * Bump `rack` dependency to 1.4.3, eliminate `Rack::File` headers deprecation warning.
232
233 *Sam Ruby + Carlos Antonio da Silva*
9bc5e65 @noahsilas Fix javascript_include_tag when no js runtime is available
noahsilas authored
234
d564ee0 @carlosantoniodasilva Reorder AP changelog and remove duplicated entry [ci skip]
carlosantoniodasilva authored
235 * Do not append second slash to `root_url` when using `trailing_slash: true`
f55ef82 @jejacks0n Fixes issue where duplicate assets can be required with sprockets.
jejacks0n authored
236
33841a9 @senny Backport #8701, do not append a second slash with `trailing_slash: true`
senny authored
237 Fix #8700.
238 Backport #8701.
239
240 Example:
241 # before
242 root_url # => http://test.host//
243
244 # after
245 root_url # => http://test.host/
246
247 *Yves Senn*
248
970c10c @rafaelfranca Improve CHANGELOG message [ci skip]
rafaelfranca authored
249 * Fix a bug in `content_tag_for` that prevents it for work without a block.
250
ea881ca @jasl fix block.arity raise nil error when not given a block to "content_tag_f...
jasl authored
251 *Jasl*
252
6ab1a95 @pixeltrix Clear url helper methods when routes are reloaded
pixeltrix authored
253 * Clear url helper methods when routes are reloaded by removing the methods
254 explicitly rather than just clearing the module because it didn't work
255 properly and could be the source of a memory leak.
256
257 *Andrew White*
258
f64be7d @carlosantoniodasilva Changelog improvements [ci skip]
carlosantoniodasilva authored
259 * Fix a bug in `ActionDispatch::Request#raw_post` that caused `env['rack.input']`
6fbee4f @rafaelfranca Merge pull request #8490 from mattv/fix_request_raw_post
rafaelfranca authored
260 to be read but not rewound.
261
262 *Matt Venables*
263
eaa0d0b @rafaelfranca Merge pull request #8402 from senny/8376_descriptive_error_message_for_p...
rafaelfranca authored
264 * More descriptive error messages when calling `render :partial` with
265 an invalid `:layout` argument.
e0da95b @carlosantoniodasilva Update changelogs with version/release dates [ci skip]
carlosantoniodasilva authored
266
8f8ae5f @steveklabnik Fix markdown syntax in actionpack CHANGELOG.
steveklabnik authored
267 Fixes #8376.
eaa0d0b @rafaelfranca Merge pull request #8402 from senny/8376_descriptive_error_message_for_p...
rafaelfranca authored
268
269 render :partial => 'partial', :layout => true
270 # results in ActionView::MissingTemplate: Missing partial /true
271
272 *Yves Senn*
273
f64be7d @carlosantoniodasilva Changelog improvements [ci skip]
carlosantoniodasilva authored
274 * Accept symbols as `#send_data` :disposition value. [Backport #8329] *Elia Schito*
9c33cb2 @elia Accept symbols as #send_data :disposition value
elia authored
275
f64be7d @carlosantoniodasilva Changelog improvements [ci skip]
carlosantoniodasilva authored
276 * Add i18n scope to `distance_of_time_in_words`. [Backport #7997] *Steve Klabnik*
ff5d606 @carlosantoniodasilva Add changelog entry for #6003 backport
carlosantoniodasilva authored
277
1a876f6 @steveklabnik Add i18n scope to disance_of_time_in_words.
steveklabnik authored
278 * Fix side effect of `url_for` changing the `:controller` string option. [Backport #6003]
ff5d606 @carlosantoniodasilva Add changelog entry for #6003 backport
carlosantoniodasilva authored
279 Before:
280
281 controller = '/projects'
282 url_for :controller => controller, :action => 'status'
283
284 puts controller #=> 'projects'
285
286 After
287
288 puts controller #=> '/projects'
289
f64be7d @carlosantoniodasilva Changelog improvements [ci skip]
carlosantoniodasilva authored
290 *Nikita Beloglazov + Andrew White*
ff5d606 @carlosantoniodasilva Add changelog entry for #6003 backport
carlosantoniodasilva authored
291
666a7e3 @josevalim Merge pull request #8235 from tilsammans/dont_escape_actionmailer_when_p...
josevalim authored
292 * Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`. This is a list
293 of mime types where template text is not html escaped by default. It prevents `Jack & Joe`
294 from rendering as `Jack &amp; Joe` for the whitelisted mime types. The default whitelist
295 contains text/plain. Fix #7976 [Backport #8235]
296
297 *Joost Baaij*
298
90a5ec7 @carlosantoniodasilva Merge pull request #8093 from nikitug/keep_app_x_ua_compatible
carlosantoniodasilva authored
299 * `BestStandardsSupport` middleware now appends it's `X-UA-Compatible` value to app's
300 returned value if any. Fix #8086 [Backport #8093]
301
302 *Nikita Afanasenko*
303
d12e753 @senny backport, handle trailing slash with engines
senny authored
304 * prevent double slashes in engine urls when `Rails.application.default_url_options[:trailing_slash] = true` is set
305 Fix #7842
306
307 *Yves Senn*
308
2a6f208 @rafaelfranca Merge pull request #8108 from Casecommons/fix-multiple-and-index-in-inst...
rafaelfranca authored
309 * Fix input name when `:multiple => true` and `:index` are set.
310
311 Before:
312
313 check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
314 #=> <input name=\"post[foo][comment_ids]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids]\" type=\"checkbox\" value=\"1\" />
315
316 After:
317
318 check_box("post", "comment_ids", { :multiple => true, :index => "foo" }, 1)
319 #=> <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
320
321 Fix #8108
322
323 *Daniel Fox, Grant Hutchins & Trace Wax*
324
f4dc7e3 @rafaelfranca Add release date of 3.2.10
rafaelfranca authored
325
f15581b @jmccartie Fixed changelog typos [ci skip]
jmccartie authored
326 ## Rails 3.2.12 (Feb 11, 2013) ##
e0da95b @carlosantoniodasilva Update changelogs with version/release dates [ci skip]
carlosantoniodasilva authored
327
328 * No changes.
329
330
11f5deb @carlosantoniodasilva Update changelogs with release date [ci skip]
carlosantoniodasilva authored
331 ## Rails 3.2.11 (Jan 8, 2013) ##
332
333 * Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
d5cd97b @tenderlove * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * d...
tenderlove authored
334
335
f4dc7e3 @rafaelfranca Add release date of 3.2.10
rafaelfranca authored
336 ## Rails 3.2.10 (Jan 2, 2013) ##
337
338 * No changes.
339
11f5deb @carlosantoniodasilva Update changelogs with release date [ci skip]
carlosantoniodasilva authored
340
69455e7 @claudiob Add release date of Rails 3.2.9 to documentation
claudiob authored
341 ## Rails 3.2.9 (Nov 12, 2012) ##
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
342
e41d78c @spastorino Clear url helpers when reloading routes
spastorino authored
343 * Clear url helpers when reloading routes.
344
345 *Santiago Pastorino*
346
4a86362 @rafaelfranca Revert "Merge pull request #7668 from Draiken/fix_issue_6497"
rafaelfranca authored
347 * Revert the shorthand routes scoped with `:module` option fix
348 This added a regression since it is changing the URL mapping.
349 This makes the stable release backward compatible.
350
351 *Rafael Mendonça França*
352
d5b275d @rafaelfranca Revert "Merge pull request #7659 from HugoLnx/template_error_no_matches_...
rafaelfranca authored
353 * Revert the `assert_template` fix to not pass with ever string that matches the template name.
354 This added a regression since people were relying on this buggy behavior.
355 This will introduce back #3849 but this stable release will be backward compatible.
356 Fixes #8068.
357
358 *Rafael Mendonça França*
359
6b7cd20 @rafaelfranca Revert "Merge pull request #7797 from senny/7459_prefix_tempalte_asserti...
rafaelfranca authored
360 * Revert the rename of internal variable on ActionController::TemplateAssertions to prevent
361 naming collisions. This added a regression related with shoulda-matchers, since it is
362 expecting the [instance variable @layouts](https://github.com/thoughtbot/shoulda-matchers/blob/9e1188eea68c47d9a56ce6280e45027da6187ab1/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb#L74).
363 This will introduce back #7459 but this stable release will be backward compatible.
d5b275d @rafaelfranca Revert "Merge pull request #7659 from HugoLnx/template_error_no_matches_...
rafaelfranca authored
364 Fixes #8068.
6b7cd20 @rafaelfranca Revert "Merge pull request #7797 from senny/7459_prefix_tempalte_asserti...
rafaelfranca authored
365
366 *Rafael Mendonça França*
367
380800e @teleological Accept :remote as symbol in link_to options
teleological authored
368 * Accept :remote as symbolic option for `link_to` helper. *Riley Lynch*
369
92d7612 @rafaelfranca Merge pull request #7848 from senny/3415_assert_template_has_nil_variabl...
rafaelfranca authored
370 * Warn when the `:locals` option is passed to `assert_template` outside of a view test case
371 Fix #3415
372
373 *Yves Senn*
374
2bad605 @rafaelfranca Merge pull request #7797 from senny/7459_prefix_tempalte_assertion_varia...
rafaelfranca authored
375 * Rename internal variables on ActionController::TemplateAssertions to prevent
376 naming collisions. @partials, @templates and @layouts are now prefixed with an underscore.
377 Fix #7459
378
379 *Yves Senn*
380
3b5bc8d @rafaelfranca Merge pull request #7789 from senny/7777_resource_functions_modify_optio...
rafaelfranca authored
381 * `resource` and `resources` don't modify the passed options hash
382 Fix #7777
383
384 *Yves Senn*
385
19987b6 @jeremy Asset manifest includes aliases for foo.js -> foo/index.js and vice vers...
jeremy authored
386 * Precompiled assets include aliases from foo.js to foo/index.js and vice versa.
387
388 # Precompiles phone-<digest>.css and aliases phone/index.css to phone.css.
389 config.assets.precompile = [ 'phone.css' ]
390
391 # Precompiles phone/index-<digest>.css and aliases phone.css to phone/index.css.
392 config.assets.precompile = [ 'phone/index.css' ]
393
394 # Both of these work with either precompile thanks to their aliases.
395 <%= stylesheet_link_tag 'phone', media: 'all' %>
396 <%= stylesheet_link_tag 'phone/index', media: 'all' %>
397
398 *Jeremy Kemper*
399
7d17cd2 @rafaelfranca Merge pull request #7659 from HugoLnx/template_error_no_matches_rebased
rafaelfranca authored
400 * `assert_template` is no more passing with what ever string that matches
401 with the template name.
402
403 Before when we have a template `/layout/hello.html.erb`, `assert_template`
404 was passing with any string that matches. This behavior allowed false
405 positive like:
406
407 assert_template "layout"
408 assert_template "out/hello"
409
410 Now it only passes with:
411
412 assert_template "layout/hello"
413 assert_template "hello"
414
415 Fixes #3849.
416
417 *Hugolnx*
418
d77d4a8 @rafaelfranca New CHANGELOG entries always in the top [ci skip]
rafaelfranca authored
419 * Handle `ActionDispatch::Http::UploadedFile` like `Rack::Test::UploadedFile`, don't call to_param on it. Since
420 `Rack::Test::UploadedFile` isn't API compatible this is needed to test file uploads that rely on `tempfile`
421 being available.
422
423 *Tim Vandecasteele*
424
98f8021 @rafaelfranca Revert "Revert "Respect `config.digest = false` for `asset_path`""
rafaelfranca authored
425 * Respect `config.digest = false` for `asset_path`
426
427 Previously, the `asset_path` internals only respected the `:digest`
428 option, but ignored the global config setting. This meant that
429 `config.digest = false` could not be used in conjunction with
430 `config.compile = false` this corrects the behavior.
431
432 *Peter Wagenet*
433
dd76b3b @senny log 404 status when ActiveRecord::RecordNotFound was raised (#7646)
senny authored
434 * Fix #7646, the log now displays the correct status code when an exception is raised.
435
436 *Yves Senn*
437
4b19855 @nashby correct handling of date selects when using both disabled and discard op...
nashby authored
438 * Fix handling of date selects when using both disabled and discard options.
439 Fixes #7431.
440
441 *Vasiliy Ermolovich*
442
c091fae @rafaelfranca Merge pull request #7410 from sandeepravi/default_options_helper_value
rafaelfranca authored
443 * Fix select_tag when option_tags is nil.
444 Fixes #7404.
445
446 *Sandeep Ravichandran*
447
8e2a05b @sikachu Do not include application.js if it doesn't exists
sikachu authored
448 * `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*
449
2e04a34 @brainopia Update changelog to reflect support of cookie jar options for all
brainopia authored
450 * Support cookie jar options (e.g., domain :all) for all session stores.
451 Fixes GH#3047, GH#2483.
452
453 *Ravil Bayramgalin*
454
bccc35b @jeremy Backport 5c51cd0: #send_file leans on Rack::Sendfile to X-Accel-Redirect...
jeremy authored
455 * Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile
456 will usually intercept the response and just uses the path directly, so no reason to open the file. This performance
457 improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
458
459 *Jeremy Kemper & Erich Menge*
460
2e98e0f @rafaelfranca Fix CHANGELOG [ci skip]
rafaelfranca authored
461
ddedf5d @spastorino Add release date to CHANGELOGs
spastorino authored
462 ## Rails 3.2.8 (Aug 9, 2012) ##
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
463
e91e4e8 @spastorino Do not mark strip_tags result as html_safe
spastorino authored
464 * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
465 helper doesn't correctly handle malformed html. As a result an attacker can
466 execute arbitrary javascript through the use of specially crafted malformed
467 html.
468
469 *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
470
6d0526d @spastorino escape select_tag :prompt values
spastorino authored
471 * When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
472 If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
473 Vulnerable code will look something like this:
474 select_tag("name", options, :prompt => UNTRUSTED_INPUT)
475
476 *Santiago Pastorino*
2e98e0f @rafaelfranca Fix CHANGELOG [ci skip]
rafaelfranca authored
477
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
478 * Reverted the deprecation of `:confirm`. *Rafael Mendonça França*
479
480 * Reverted the deprecation of `:disable_with`. *Rafael Mendonça França*
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
481
e826a5c @rafaelfranca Revert "Deprecate `:mouseover` options for `image_tag` helper."
rafaelfranca authored
482 * Reverted the deprecation of `:mouseover` option to `image_tag`. *Rafael Mendonça França*
483
f50a5d2 @rafaelfranca Revert "Deprecate link_to_function and button_to_function helpers"
rafaelfranca authored
484 * Reverted the deprecation of `button_to_function` and `link_to_function` helpers.
485
486 *Rafael Mendonça França*
487
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
488
d1b9cf2 @tenderlove updating release date
tenderlove authored
489 ## Rails 3.2.7 (Jul 26, 2012) ##
125dfdf @tenderlove updating changelogs
tenderlove authored
490
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
491 * Do not convert digest auth strings to symbols. CVE-2012-3424
492
493 * Bump Journey requirements to 1.0.4
494
495 * Add support for optional root segments containing slashes
125dfdf @tenderlove updating changelogs
tenderlove authored
496
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
497 * Fixed bug creating invalid HTML in select options
125dfdf @tenderlove updating changelogs
tenderlove authored
498
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
499 * Show in log correct wrapped keys
125dfdf @tenderlove updating changelogs
tenderlove authored
500
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
501 * Fix NumberHelper options wrapping to prevent verbatim blocks being rendered instead of line continuations.
125dfdf @tenderlove updating changelogs
tenderlove authored
502
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
503 * ActionController::Metal doesn't have logger method, check it and then delegate
125dfdf @tenderlove updating changelogs
tenderlove authored
504
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
505 * ActionController::Caching depends on RackDelegation and AbstractController::Callbacks
125dfdf @tenderlove updating changelogs
tenderlove authored
506
507
8381d39 @tenderlove updating changelogs
tenderlove authored
508 ## Rails 3.2.6 (Jun 12, 2012) ##
8d4f63a @drogus Include routes.mounted_helpers into integration tests
drogus authored
509
ceb8ec3 @tenderlove updating changelogs with security fixes
tenderlove authored
510 * nil is removed from array parameter values
511
8381d39 @tenderlove updating changelogs
tenderlove authored
512 CVE-2012-2694
513
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
514 * Deprecate `:confirm` in favor of `':data => { :confirm => "Text" }'` option for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and `submit_tag` helpers.
515
516 *Carlos Galdino*
517
f550d4d @drogus Allow to use mounted helpers in ActionView::TestCase
drogus authored
518 * Allow to use mounted_helpers (helpers for accessing mounted engines) in ActionView::TestCase. *Piotr Sarnacki*
519
8d4f63a @drogus Include routes.mounted_helpers into integration tests
drogus authored
520 * Include mounted_helpers (helpers for accessing mounted engines) in ActionDispatch::IntegrationTest by default. *Piotr Sarnacki*
521
b13d89e @rafaelfranca Add release date of 3.2.5 on the CHANGELOG
rafaelfranca authored
522
523 ## Rails 3.2.5 (Jun 1, 2012) ##
524
525 * No changes.
526
527
d3e5d1c @tenderlove updating changelogs
tenderlove authored
528 ## Rails 3.2.4 (May 31, 2012) ##
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
529
616c91d @iHiD Deprecate old APIs for highlight, excerpt and word_wrap
iHiD authored
530 * Deprecate old APIs for highlight, excerpt and word_wrap *Jeremy Walker*
531
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
532 * Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to`, `button_tag` and `submit_tag` helpers.
533
534 *Carlos Galdino + Rafael Mendonça França*
535
536 * Deprecate `:mouseover` option for `image_tag` helper. *Rafael Mendonça França*
1aff772 @rafaelfranca Deprecate `:mouseover` options for `image_tag` helper.
rafaelfranca authored
537
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
538 * Deprecate `button_to_function` and `link_to_function` helpers. *Rafael Mendonça França*
539
d3e5d1c @tenderlove updating changelogs
tenderlove authored
540 * Don't break Haml with textarea newline fix. GH #393, #4000, #5190, #5191
541
542 * Fix options handling on labels. GH #2492, #5614
543
544 * Added config.action_view.embed_authenticity_token_in_remote_forms to deal
545 with regression from 16ee611fa
546
547 * Set rendered_format when doing render :inline. GH #5632
548
549 * Fix the redirect when it receive blocks with arity of 1. Closes #5677
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
550
44aca7b @tenderlove adding security notifications to CHANGELOGs
tenderlove authored
551 * Strip [nil] from parameters hash. Thanks to Ben Murphy for
552 reporting this! CVE-2012-2660
553
b13d89e @rafaelfranca Add release date of 3.2.5 on the CHANGELOG
rafaelfranca authored
554
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
555 ## Rails 3.2.3 (March 30, 2012) ##
8674823 @spastorino Add CHANGELOG entry
spastorino authored
556
beba826 @drogus Lazy load `default_form_builder` if it's passed as a string
drogus authored
557 * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
558
dd69076 @spastorino Add missing CHANGELOG entry
spastorino authored
559 * Fix #5632, render :inline set the proper rendered format. *Santiago Pastorino*
560
b395ca1 @spastorino Add missing CHANGELOG entry
spastorino authored
561 * Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*
562
13fe190 @spastorino Remove the leading \n added by textarea on assert_select
spastorino authored
563 * Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
564
d646d9d @drogus Added config.action_view.embed_authenticity_token_in_remote_forms
drogus authored
565 * Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
566
16ee611 @dhh Do not include the authenticity token in forms where remote: true as aja...
dhh authored
567 * Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
568
520571a @spastorino Turn off verbose mode of rack-cache, we still have X-Rack-Cache to check...
spastorino authored
569 * Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
570 check that info. Closes #5245. *Santiago Pastorino*
571
8674823 @spastorino Add CHANGELOG entry
spastorino authored
572 * Fix #5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*
573
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
574 * Upgrade rack-cache to 1.2. *José Valim*
575
576 * ActionController::SessionManagement is deprecated. *Santiago Pastorino*
577
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
578 * Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
579
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
580 * Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
581
582 * Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*
583
584 * Fixes layout rendering regression from 3.2.2. *José Valim*
8674823 @spastorino Add CHANGELOG entry
spastorino authored
585
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
586
587 ## Rails 3.2.2 (March 1, 2012) ##
2e5ec3b @josevalim Merge check box fixes from remote-tracking branch 'cantonio/checkbox-hid...
josevalim authored
588
82d6ded @spastorino Fix CHANGELOG
spastorino authored
589 * Format lookup for partials is derived from the format in which the template is being rendered. Closes #5025 part 2 *Santiago Pastorino*
110b43c @spastorino Add CHANGELOG entry
spastorino authored
590
82d6ded @spastorino Fix CHANGELOG
spastorino authored
591 * Use the right format when a partial is missing. Closes #5025. *Santiago Pastorino*
b122968 @spastorino Add CHANGELOG entry
spastorino authored
592
567ac65 @sikachu Fix override API response bug in respond_with
sikachu authored
593 * Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
594
2e5ec3b @josevalim Merge check box fixes from remote-tracking branch 'cantonio/checkbox-hid...
josevalim authored
595 * check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
596 This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
597 *Tadas Tamosauskas*
598
8674823 @spastorino Add CHANGELOG entry
spastorino authored
599
97e8d1d @fxn CHANGELOG revision for v3.2.1
fxn authored
600 ## Rails 3.2.1 (January 26, 2012) ##
601
602 * Documentation improvements.
603
604 * Allow `form.select` to accept ranges (regression). *Jeremy Walker*
605
606 * `datetime_select` works with -/+ infinity dates. *Joe Van Dyk*
607
608
f36dcaf @dhh Preparing for 3.2.0 release
dhh authored
609 ## Rails 3.2.0 (January 20, 2012) ##
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
610
ae7037e @guilleiguaran Update CHANGELOG and docs for config.assets.logger
guilleiguaran authored
611 * Setting config.assets.logger to false turn off Sprockets logger *Guillermo Iguaran*
612
ed0f0ad @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
613 * Add `config.action_dispatch.default_charset` to configure default charset for ActionDispatch::Response. *Carlos Antonio da Silva*
614
615 * Deprecate setting default charset at controller level, use the new `config.action_dispatch.default_charset` instead. *Carlos Antonio da Silva*
616
617 * Deprecate ActionController::UnknownAction in favour of AbstractController::ActionNotFound. *Carlos Antonio da Silva*
618
619 * Deprecate ActionController::DoubleRenderError in favour of AbstractController::DoubleRenderError. *Carlos Antonio da Silva*
620
621 * Deprecate method_missing handling for not found actions, use action_missing instead. *Carlos Antonio da Silva*
622
623 * Deprecate ActionController#rescue_action, ActionController#initialize_template_class, and ActionController#assign_shortcuts.
624 These methods were not being used internally anymore and are going to be removed in Rails 4. *Carlos Antonio da Silva*
625
c4c6beb @rafaelfranca Add option to configure Sprockets logger
rafaelfranca authored
626 * Add config.assets.logger to configure Sprockets logger *Rafael França*
627
c159b01 @spastorino Use a BodyProxy instead of including a Module that responds to close.
spastorino authored
628 * Use a BodyProxy instead of including a Module that responds to
629 close. Closes #4441 if Active Record is disabled assets are delivered
630 correctly *Santiago Pastorino*
631
6f48fb3 @spastorino Add CHANGELOG entry
spastorino authored
632 * Rails initialization with initialize_on_precompile = false should set assets_dir *Santiago Pastorino*
633
0d7d3a6 @spastorino Add font_path helper method
spastorino authored
634 * Add font_path helper method *Santiago Pastorino*
635
a0fd9fb @spastorino Add CHANGELOG entry
spastorino authored
636 * Depends on rack ~> 1.4.0 *Santiago Pastorino*
637
fc42998 @josevalim Update CHANGELOGs.
josevalim authored
638 * Add :gzip option to `caches_page`. The default option can be configured globally using `page_cache_compression` *Andrey Sitnik*
639
6481bc5 @josevalim Update CHANGELOGs and guides.
josevalim authored
640 * The ShowExceptions middleware now accepts a exceptions application that is responsible to render an exception when the application fails. The application is invoked with a copy of the exception in `env["action_dispatch.exception"]` and with the PATH_INFO rewritten to the status code. *José Valim*
641
3f65e7f @wfarr Add button_tag support to ActionView::Helpers::FormBuilder.
wfarr authored
642 * Add `button_tag` support to ActionView::Helpers::FormBuilder.
643
644 This support mimics the default behavior of `submit_tag`.
645
646 Example:
647
648 <%= form_for @post do |f| %>
649 <%= f.button %>
650 <% end %>
651
ed0f0ad @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
652 * Date helpers accept a new option, `:use_two_digit_numbers = true`, that renders select boxes for months and days with a leading zero without changing the respective values.
dc43e40 @DevL Added :use_two_digit_numbers option [Lennart Fridén & Kim Persson]
DevL authored
653 For example, this is useful for displaying ISO8601-style dates such as '2011-08-01'. *Lennart Fridén and Kim Persson*
654
22a6079 @dhh Make ActiveSupport::Benchmarkable a default module for ActionController:...
dhh authored
655 * Make ActiveSupport::Benchmarkable a default module for ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be *DHH*
656
5ad5215 @josevalim Deprecate implicit layout lookup in favor of inheriting the _layout conf...
josevalim authored
657 * Deprecated implied layout lookup in controllers whose parent had a explicit layout set:
658
659 class ApplicationController
660 layout "application"
661 end
662
663 class PostsController < ApplicationController
664 end
665
666 In the example above, Posts controller will no longer automatically look up for a posts layout.
667
668 If you need this functionality you could either remove `layout "application"` from ApplicationController or explicitly set it to nil in PostsController. *José Valim*
669
18ceed2 @sikachu Allow layout fallback when using `layout` method
sikachu authored
670 * Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. *Prem Sichanugrist*
671
672 For example, consider this snippet:
673
674 class CarsController
675 layout 'single_car', :only => :show
676 end
677
678 Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
679
e29773f @nashby form_for with +:as+ option uses "action_as" as css class and id
nashby authored
680 * form_for with +:as+ option uses "#{action}_#{as}" as css class and id:
681
682 Before:
683
684 form_for(@user, :as => 'client') # => "<form class="client_new">..."
685
686 Now:
687
688 form_for(@user, :as => 'client') # => "<form class="new_client">..."
689
690 *Vasiliy Ermolovich*
691
07f90f6 @josevalim Merge branch 'exceptions' with the following features:
josevalim authored
692 * Allow rescue responses to be configured through a railtie as in `config.action_dispatch.rescue_responses`. Please look at ActiveRecord::Railtie for an example *José Valim*
693
218c272 @dhh Allow fresh_when/stale? to take a record instead of an options hash [DHH...
dhh authored
694 * Allow fresh_when/stale? to take a record instead of an options hash *DHH*
695
1e51cd9 @josevalim Update CHANGELOG.
josevalim authored
696 * Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
697
698 * Log "Filter chain halted as CALLBACKNAME rendered or redirected" every time a before callback halts *José Valim*
38ab982 @josevalim Log 'Filter chain halted as CALLBACKNAME rendered or redirected' every t...
josevalim authored
699
2559256 @nashby update CHANGELOG
nashby authored
700 * You can provide a namespace for your form to ensure uniqueness of id attributes on form elements.
701 The namespace attribute will be prefixed with underscore on the generate HTML id. *Vasiliy Ermolovich*
702
703 Example:
704
705 <%= form_for(@offer, :namespace => 'namespace') do |f| %>
706 <%= f.label :version, 'Version' %>:
707 <%= f.text_field :version %>
708 <% end %>
709
654df86 @josevalim Show detailed exceptions no longer returns true if the request is local ...
josevalim authored
710 * Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
3a1d519 @lest deprecation warning, changelog entry
lest authored
711
654df86 @josevalim Show detailed exceptions no longer returns true if the request is local ...
josevalim authored
712 It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
3a1d519 @lest deprecation warning, changelog entry
lest authored
713
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
714 * Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
715
716 * Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog *DHH*
717
718 * Limit the number of options for select_year to 1000.
719
720 Pass the :max_years_allowed option to set your own limit.
721
722 *Libo Cannici*
723
724 * Passing formats or handlers to render :template and friends is deprecated. For example: *Nick Sutterer & José Valim*
725
726 render :template => "foo.html.erb"
727
728 Instead, you can provide :handlers and :formats directly as option:
729 render :template => "foo", :formats => [:html, :js], :handlers => :erb
730
731 * Changed log level of warning for missing CSRF token from :debug to :warn. *Mike Dillon*
732
733 * content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block *Prem Sichanugrist*
734
735 So instead of having to do this:
736
737 @items.each do |item|
738 content_tag_for(:li, item) do
739 Title: <%= item.title %>
740 end
741 end
742
743 You can now do this:
744
745 content_tag_for(:li, @items) do |item|
746 Title: <%= item.title %>
747 end
748
749 * send_file now guess the mime type *Esad Hajdarevic*
750
751 * Mime type entries for PDF, ZIP and other formats were added *Esad Hajdarevic*
752
753 * Generate hidden input before select with :multiple option set to true.
754 This is useful when you rely on the fact that when no options is set,
755 the state of select will be sent to rails application. Without hidden field
756 nothing is sent according to HTML spec *Bogdan Gusiev*
757
758 * Refactor ActionController::TestCase cookies *Andrew White*
759
760 Assigning cookies for test cases should now use cookies[], e.g:
761
762 cookies[:email] = 'user@example.com'
763 get :index
764 assert_equal 'user@example.com', cookies[:email]
765
766 To clear the cookies, use clear, e.g:
767
768 cookies.clear
769 get :index
770 assert_nil cookies[:email]
771
772 We now no longer write out HTTP_COOKIE and the cookie jar is
773 persistent between requests so if you need to manipulate the environment
774 for your test you need to do it before the cookie jar is created.
775
677f968 Add information to the changelog about the changes to ActionController::...
Jean-Francois Turcot authored
776 * ActionController::ParamsWrapper on ActiveRecord models now only wrap
777 attr_accessible attributes if they were set, if not, only the attributes
778 returned by the class method attribute_names will be wrapped. This fixes
779 the wrapping of nested attributes by adding them to attr_accessible.
780
8efced6 @fxn CHANGELOGs are now per branch
fxn authored
781 Please check [3-1-stable](https://github.com/rails/rails/blob/3-1-stable/actionpack/CHANGELOG.md) for previous changes.
Something went wrong with that request. Please try again.