Permalink
Newer
Older
100644 6134 lines (3524 sloc) 304 KB
3
* Add backtrace to development routing error page. *Richard Schneeman*
4
5
* Replace `include_seconds` boolean argument with `:include_seconds => true` option
6
in `distance_of_time_in_words` and `time_ago_in_words` signature. *Dmitriy Kiriyenko*
7
8
* Remove `button_to_function` and `link_to_function` helpers. *Rafael Mendonça França*
9
10
* Make current object and counter (when it applies) variables accessible when
11
rendering templates with :object / :collection. *Carlos Antonio da Silva*
12
13
* JSONP now uses mimetype application/javascript instead of application/json *omjokine*
14
15
* Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
16
17
* Session arguments passed to `process` calls in functional tests are now merged into
18
the existing session, whereas previously they would replace the existing session.
19
This change may break some existing tests if they are asserting the exact contents of
20
the session but should not break existing tests that only assert individual keys.
21
22
*Andrew White*
23
24
* Add `index` method to FormBuilder class. *Jorge Bejar*
25
26
* Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
27
28
* Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
29
to `false`. This change breaks remote forms that need to work also without javascript,
30
so if you need such behavior, you can either set it to `true` or explicitly pass
31
`:authenticity_token => true` in form options
32
33
* Added ActionDispatch::SSL middleware that when included force all the requests to be under HTTPS protocol. *Rafael Mendonça França*
34
35
* Add `include_hidden` option to select tag. With `:include_hidden => false` select with `multiple` attribute doesn't generate hidden input with blank value. *Vasiliy Ermolovich*
37
* Removed default `size` option from the `text_field`, `search_field`, `telephone_field`, `url_field`, `email_field` helpers. *Philip Arndt*
38
39
* Removed default `cols` and `rows` options from the `text_area` helper. *Philip Arndt*
40
41
* Adds support for layouts when rendering a partial with a given collection. *serabe*
43
* Allows the route helper `root` to take a string argument. For example, `root 'pages#main'`. *bcardarella*
45
* Forms of persisted records use always PATCH (via the `_method` hack). *fxn*
47
* For resources, both PATCH and PUT are routed to the `update` action. *fxn*
49
* Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior.
50
51
class AccountsController < ApplicationController
52
force_ssl :if => :ssl_configured?
53
54
def ssl_configured?
55
!Rails.env.development?
56
end
57
end
58
59
*Pat Allan*
60
61
* Adds support for the PATCH verb:
62
* Request objects respond to `patch?`.
63
* Routes have a new `patch` method, and understand `:patch` in the
64
existing places where a verb is configured, like `:via`.
65
* New method `patch` available in functional tests.
66
* If `:patch` is the default verb for updates, edits are
67
tunneled as PATCH rather than as PUT, and routing acts accordingly.
68
* New method `patch_via_redirect` available in integration tests.
69
70
*dlee*
71
72
* Integration tests support the `OPTIONS` method. *Jeremy Kemper*
73
74
* `expires_in` accepts a `must_revalidate` flag. If true, "must-revalidate"
75
is added to the Cache-Control header. *fxn*
76
77
* Add `date_field` and `date_field_tag` helpers which render an `input[type="date"]` tag *Olek Janiszewski*
78
79
* Adds `image_url`, `javascript_url`, `stylesheet_url`, `audio_url`, `video_url`, and `font_url`
80
to assets tag helper. These URL helpers will return the full path to your assets. This is useful
81
when you are going to reference this asset from external host. *Prem Sichanugrist*
82
83
* Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
84
85
* Allow `value_method` and `text_method` arguments from `collection_select` and
86
`options_from_collection_for_select` to receive an object that responds to `:call`,
87
such as a `proc`, to evaluate the option in the current element context. This works
88
the same way with `collection_radio_buttons` and `collection_check_boxes`.
89
90
*Carlos Antonio da Silva + Rafael Mendonça França*
91
92
* Add `collection_check_boxes` form helper, similar to `collection_select`:
93
Example:
94
95
collection_check_boxes :post, :author_ids, Author.all, :id, :name
96
# Outputs something like:
97
<input id="post_author_ids_1" name="post[author_ids][]" type="checkbox" value="1" />
98
<label for="post_author_ids_1">D. Heinemeier Hansson</label>
99
<input id="post_author_ids_2" name="post[author_ids][]" type="checkbox" value="2" />
100
<label for="post_author_ids_2">D. Thomas</label>
101
<input name="post[author_ids][]" type="hidden" value="" />
102
103
The label/check_box pairs can be customized with a block.
104
105
*Carlos Antonio da Silva + Rafael Mendonça França*
106
107
* Add `collection_radio_buttons` form helper, similar to `collection_select`:
108
Example:
109
110
collection_radio_buttons :post, :author_id, Author.all, :id, :name
111
# Outputs something like:
112
<input id="post_author_id_1" name="post[author_id]" type="radio" value="1" />
113
<label for="post_author_id_1">D. Heinemeier Hansson</label>
114
<input id="post_author_id_2" name="post[author_id]" type="radio" value="2" />
115
<label for="post_author_id_2">D. Thomas</label>
116
117
The label/radio_button pairs can be customized with a block.
118
119
*Carlos Antonio da Silva + Rafael Mendonça França*
120
121
* check_box with `:form` html5 attribute will now replicate the `:form`
122
attribute to the hidden field as well. *Carlos Antonio da Silva*
123
124
* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
125
check that info. Closes #5245. *Santiago Pastorino*
126
127
* `label` form helper accepts :for => nil to not generate the attribute. *Carlos Antonio da Silva*
128
129
* Add `:format` option to number_to_percentage *Rodrigo Flores*
130
131
* Add `config.action_view.logger` to configure logger for ActionView. *Rafael Mendonça França*
133
* Deprecated ActionController::Integration in favour of ActionDispatch::Integration
134
135
* Deprecated ActionController::IntegrationTest in favour of ActionDispatch::IntegrationTest
136
137
* Deprecated ActionController::PerformanceTest in favour of ActionDispatch::PerformanceTest
138
139
* Deprecated ActionController::AbstractRequest in favour of ActionDispatch::Request
140
141
* Deprecated ActionController::Request in favour of ActionDispatch::Request
142
143
* Deprecated ActionController::AbstractResponse in favour of ActionDispatch::Response
144
145
* Deprecated ActionController::Response in favour of ActionDispatch::Response
146
147
* Deprecated ActionController::Routing in favour of ActionDispatch::Routing
148
149
* check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
150
This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
151
*Tadas Tamosauskas*
152
153
* `favicon_link_tag` helper will now use the favicon in app/assets by default. *Lucas Caton*
154
155
* `ActionView::Helpers::TextHelper#highlight` now defaults to the
156
HTML5 `mark` element. *Brian Cardarella*
159
## Rails 3.2.3 (March 30, 2012) ##
161
* Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
162
163
* Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
164
165
* Upgrade rack-cache to 1.2. *José Valim*
166
167
* ActionController::SessionManagement is removed. *Santiago Pastorino*
169
* Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
171
* Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*
173
* Always pass a respond block from to responder. We should let the responder decide what to do with the given overridden response block, and not short circuit it. *Prem Sichanugrist*
175
* Fixes layout rendering regression from 3.2.2. *José Valim*
178
## Rails 3.2.2 (March 1, 2012) ##
179
180
* Format lookup for partials is derived from the format in which the template is being rendered. Closes #5025 part 2 *Santiago Pastorino*
181
182
* Use the right format when a partial is missing. Closes #5025. *Santiago Pastorino*
183
184
* Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
185
186
* check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
187
This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
188
*Tadas Tamosauskas*
189
190
191
## Rails 3.2.1 (January 26, 2012) ##
192
193
* Documentation improvements.
194
195
* Allow `form.select` to accept ranges (regression). *Jeremy Walker*
196
197
* `datetime_select` works with -/+ infinity dates. *Joe Van Dyk*
198
199
200
## Rails 3.2.0 (January 20, 2012) ##
Jan 17, 2012
202
* Add `config.action_dispatch.default_charset` to configure default charset for ActionDispatch::Response. *Carlos Antonio da Silva*
203
204
* Deprecate setting default charset at controller level, use the new `config.action_dispatch.default_charset` instead. *Carlos Antonio da Silva*
205
206
* Deprecate ActionController::UnknownAction in favour of AbstractController::ActionNotFound. *Carlos Antonio da Silva*
207
208
* Deprecate ActionController::DoubleRenderError in favour of AbstractController::DoubleRenderError. *Carlos Antonio da Silva*
209
210
* Deprecate method_missing handling for not found actions, use action_missing instead. *Carlos Antonio da Silva*
211
212
* Deprecate ActionController#rescue_action, ActionController#initialize_template_class, and ActionController#assign_shortcuts.
213
These methods were not being used internally anymore and are going to be removed in Rails 4. *Carlos Antonio da Silva*
214
215
* Use a BodyProxy instead of including a Module that responds to
216
close. Closes #4441 if Active Record is disabled assets are delivered
217
correctly *Santiago Pastorino*
218
Jan 10, 2012
219
* Rails initialization with initialize_on_precompile = false should set assets_dir *Santiago Pastorino*
220
221
* Add font_path helper method *Santiago Pastorino*
222
Dec 28, 2011
223
* Depends on rack ~> 1.4.0 *Santiago Pastorino*
224
Dec 24, 2011
225
* Add :gzip option to `caches_page`. The default option can be configured globally using `page_cache_compression` *Andrey Sitnik*
226
227
* The ShowExceptions middleware now accepts a exceptions application that is responsible to render an exception when the application fails. The application is invoked with a copy of the exception in `env["action_dispatch.exception"]` and with the PATH_INFO rewritten to the status code. *José Valim*
228
229
* Add `button_tag` support to ActionView::Helpers::FormBuilder.
230
231
This support mimics the default behavior of `submit_tag`.
232
233
Example:
234
235
<%= form_for @post do |f| %>
236
<%= f.button %>
237
<% end %>
238
Jan 17, 2012
239
* Date helpers accept a new option, `:use_two_digit_numbers = true`, that renders select boxes for months and days with a leading zero without changing the respective values.
240
For example, this is useful for displaying ISO8601-style dates such as '2011-08-01'. *Lennart Fridén and Kim Persson*
241
242
* Make ActiveSupport::Benchmarkable a default module for ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be *DHH*
243
244
* Deprecated implied layout lookup in controllers whose parent had a explicit layout set:
245
246
class ApplicationController
247
layout "application"
248
end
249
250
class PostsController < ApplicationController
251
end
252
253
In the example above, Posts controller will no longer automatically look up for a posts layout.
254
255
If you need this functionality you could either remove `layout "application"` from ApplicationController or explicitly set it to nil in PostsController. *José Valim*
256
257
* Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. *Prem Sichanugrist*
258
259
For example, consider this snippet:
260
261
class CarsController
262
layout 'single_car', :only => :show
263
end
264
265
Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
266
267
* form_for with +:as+ option uses "#{action}_#{as}" as css class and id:
268
269
Before:
270
271
form_for(@user, :as => 'client') # => "<form class="client_new">..."
272
273
Now:
274
275
form_for(@user, :as => 'client') # => "<form class="new_client">..."
276
277
*Vasiliy Ermolovich*
278
279
* Allow rescue responses to be configured through a railtie as in `config.action_dispatch.rescue_responses`. Please look at ActiveRecord::Railtie for an example *José Valim*
280
281
* Allow fresh_when/stale? to take a record instead of an options hash *DHH*
282
Dec 1, 2011
283
* Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
284
285
* Log "Filter chain halted as CALLBACKNAME rendered or redirected" every time a before callback halts *José Valim*
Nov 28, 2011
287
* You can provide a namespace for your form to ensure uniqueness of id attributes on form elements.
288
The namespace attribute will be prefixed with underscore on the generate HTML id. *Vasiliy Ermolovich*
289
290
Example:
291
292
<%= form_for(@offer, :namespace => 'namespace') do |f| %>
293
<%= f.label :version, 'Version' %>:
294
<%= f.text_field :version %>
295
<% end %>
296
297
* Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
299
It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
301
* Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
302
303
* Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog *DHH*
304
305
* Limit the number of options for select_year to 1000.
306
307
Pass the :max_years_allowed option to set your own limit.
308
309
*Libo Cannici*
310
311
* Passing formats or handlers to render :template and friends is deprecated. For example: *Nick Sutterer & José Valim*
312
313
render :template => "foo.html.erb"
314
315
Instead, you can provide :handlers and :formats directly as option:
316
render :template => "foo", :formats => [:html, :js], :handlers => :erb
317
318
* Changed log level of warning for missing CSRF token from :debug to :warn. *Mike Dillon*
319
320
* content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block *Prem Sichanugrist*
321
322
So instead of having to do this:
323
324
@items.each do |item|
325
content_tag_for(:li, item) do
326
Title: <%= item.title %>
327
end
328
end
329
330
You can now do this:
331
332
content_tag_for(:li, @items) do |item|
333
Title: <%= item.title %>
334
end
335
336
* send_file now guess the mime type *Esad Hajdarevic*
337
338
* Mime type entries for PDF, ZIP and other formats were added *Esad Hajdarevic*
339
340
* Generate hidden input before select with :multiple option set to true.
341
This is useful when you rely on the fact that when no options is set,
342
the state of select will be sent to rails application. Without hidden field
343
nothing is sent according to HTML spec *Bogdan Gusiev*
344
345
* Refactor ActionController::TestCase cookies *Andrew White*
346
347
Assigning cookies for test cases should now use cookies[], e.g:
348
349
cookies[:email] = 'user@example.com'
350
get :index
351
assert_equal 'user@example.com', cookies[:email]
352
353
To clear the cookies, use clear, e.g:
354
355
cookies.clear
356
get :index
357
assert_nil cookies[:email]
358
359
We now no longer write out HTTP_COOKIE and the cookie jar is
360
persistent between requests so if you need to manipulate the environment
361
for your test you need to do it before the cookie jar is created.
362
363
* ActionController::ParamsWrapper on ActiveRecord models now only wrap
364
attr_accessible attributes if they were set, if not, only the attributes
365
returned by the class method attribute_names will be wrapped. This fixes
366
the wrapping of nested attributes by adding them to attr_accessible.
367
369
## Rails 3.1.4 (March 1, 2012) ##
371
* Skip assets group in Gemfile and all assets configurations options
372
when the application is generated with --skip-sprockets option.
373
374
*Guillermo Iguaran*
375
376
* Use ProcessedAsset#pathname in Sprockets helpers when debugging is on. Closes #3333 #3348 #3361.
377
378
*Guillermo Iguaran*
379
380
* Allow to use asset_path on named_routes aliasing RailsHelper's
381
asset_path to path_to_asset *Adrian Pike*
382
383
* Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
386
## Rails 3.1.3 (November 20, 2011) ##
388
* Downgrade sprockets to ~> 2.0.3. Using 2.1.0 caused regressions.
389
390
* Fix using `translate` helper with a html translation which uses the `:count` option for
391
pluralization.
392
393
*Jon Leighton*
394
396
## Rails 3.1.2 (November 18, 2011) ##
398
* Fix XSS security vulnerability in the `translate` helper method. When using interpolation
399
in combination with HTML-safe translations, the interpolated input would not get HTML
400
escaped. *GH 3664*
401
402
Before:
403
404
translate('foo_html', :something => '<script>') # => "...<script>..."
405
406
After:
407
408
translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
409
410
*Sergey Nartimov*
411
Nov 14, 2011
412
* Upgrade sprockets dependency to ~> 2.1.0
413
414
* Ensure that the format isn't applied twice to the cache key, else it becomes impossible
415
to target with expire_action.
416
417
*Christopher Meiklejohn*
418
419
* Swallow error when can't unmarshall object from session.
420
421
*Bruno Zanchet*
422
423
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be raised
424
while attempting to convert a template from one encoding to another.
425
426
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
427
428
The workaround is to load all conversions into memory ahead of time, and will
429
only happen if the ruby version is *exactly* 1.9.3p0. The hope is obviously that
430
the underlying problem will be resolved in the next patchlevel release of
431
1.9.3.
432
433
*Jon Leighton*
435
* Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)
436
438
## Rails 3.1.1 (October 07, 2011) ##
439
440
* javascript_path and stylesheet_path now refer to /assets if asset pipelining
441
is on. *Santiago Pastorino*
442
443
* button_to support form option. Now you're able to pass for example
444
'data-type' => 'json'. *ihower*
445
446
* image_path and image_tag should use /assets if asset pipelining is turned
447
on. Closes #3126 *Santiago Pastorino and christos*
448
449
* Avoid use of existing precompiled assets during rake assets:precompile run.
450
Closes #3119 *Guillermo Iguaran*
451
452
* Copy assets to nondigested filenames too *Santiago Pastorino*
453
454
* Give precedence to `config.digest = false` over the existence of
455
manifest.yml asset digests *christos*
456
457
* escape options for the stylesheet_link_tag method *Alexey Vakhov*
458
459
* Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so
460
it works on Windows *cablegram*
461
462
* env var passed to process shouldn't be modified in process method. *Santiago
463
Pastorino*
464
465
* `rake assets:precompile` loads the application but does not initialize
466
it.
467
To the app developer, this means configuration add in
468
config/initializers/* will not be executed.
469
Plugins developers need to special case their initializers that are
470
meant to be run in the assets group by adding :group => :assets. *José Valim*
471
472
* Sprockets uses config.assets.prefix for asset_path *asee*
473
474
* FileStore key_file_path properly limit filenames to 255 characters. *phuibonhoa*
475
476
* Fix Hash#to_query edge case with html_safe strings. *brainopia*
477
478
* Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
479
Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. *Santiago Pastorino*
480
481
* Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. *Mark J. Titorenko*
482
483
* Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 *Guillermo Iguaran*
484
485
* Fix basic auth credential generation to not make newlines. GH #2882
486
487
* Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
488
Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. *Guillermo Iguaran*
489
490
* CookieJar is now Enumerable. Fixes #2795
491
492
* Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 *Guillermo Iguaran*
493
494
* Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 *Guillermo Iguaran*
495
496
* Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. *Guillermo Iguaran*
497
498
499
## Rails 3.1.0 (August 30, 2011) ##
500
501
* Param values are `paramified` in controller tests. *David Chelimsky*
502
503
* x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. *Santiago Pastorino*
504
505
* The submit form helper does not generate an id "object_name_id" anymore. *fbrusatti*
506
507
* Make sure respond_with with :js tries to render a template in all cases *José Valim*
508
509
* json_escape will now return a SafeBuffer string if it receives SafeBuffer string *tenderlove*
510
511
* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string *Prem Sichanugrist*
512
513
* Fix escape_js to work correctly with the new SafeBuffer restriction *Paul Gallagher*
514
515
* Brought back alternative convention for namespaced models in i18n *thoefer*
516
517
Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
518
519
* It is prohibited to perform a in-place SafeBuffer mutation *tenderlove*
520
521
The old behavior of SafeBuffer allowed you to mutate string in place via
522
method like `sub!`. These methods can add unsafe strings to a safe buffer,
523
and the safe buffer will continue to be marked as safe.
524
525
An example problem would be something like this:
526
527
<%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
528
529
In the above example, an untrusted string (`params[:xss]`) is added to the
530
safe buffer returned by `link_to`, and the untrusted content is successfully
531
sent to the client without being escaped. To prevent this from happening
532
`sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
533
534
In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
535
536
<%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
537
538
The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
539
540
You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
541
542
* Warn if we cannot verify CSRF token authenticity *José Valim*
543
544
* Allow AM/PM format in datetime selectors *Aditya Sanghi*
545
546
* Only show dump of regular env methods on exception screen (not all the rack crap) *DHH*
547
548
* auto_link has been removed with no replacement. If you still use auto_link
549
please install the rails_autolink gem:
550
http://github.com/tenderlove/rails_autolink
551
552
*tenderlove*
553
554
* Added streaming support, you can enable it with: *José Valim*
555
556
class PostsController < ActionController::Base
557
stream :only => :index
558
end
559
560
Please read the docs at `ActionController::Streaming` for more information.
561
562
* Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter *José Valim*
563
564
* Created `ActionView::Renderer` and specified an API for `ActionView::Context`, check those objects for more information *José Valim*
565
566
* Added `ActionController::ParamsWrapper` to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default *Prem Sichanugrist*
567
568
This can be customized by setting `ActionController::Base.wrap_parameters` in `config/initializer/wrap_parameters.rb`
569
570
* RJS has been extracted out to a gem. *fxn*
571
572
* Implicit actions named not_implemented can be rendered. *Santiago Pastorino*
573
574
* Wildcard route will always match the optional format segment by default. *Prem Sichanugrist*
575
576
For example if you have this route:
577
578
match '*pages' => 'pages#show'
579
580
by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
581
582
match '*pages' => 'pages#show', :format => false
583
584
* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call *DHH*
585
586
class PostsController < ApplicationController
587
USER_NAME, PASSWORD = "dhh", "secret"
588
589
before_filter :authenticate, :except => [ :index ]
590
591
def index
592
render :text => "Everyone can see me!"
593
end
594
595
def edit
596
render :text => "I'm only accessible if you know the password"
597
end
598
599
private
600
def authenticate
601
authenticate_or_request_with_http_basic do |user_name, password|
602
user_name == USER_NAME && password == PASSWORD
603
end
604
end
605
end
606
607
..can now be written as
608
609
class PostsController < ApplicationController
610
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
611
612
def index
613
render :text => "Everyone can see me!"
614
end
615
616
def edit
617
render :text => "I'm only accessible if you know the password"
618
end
619
end
620
621
* Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. *DHH and Prem Sichanugrist*
622
623
* Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash *DHH*
624
625
form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })
626
627
* Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper *DHH*
628
629
* Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
630
631
* URL parameters which return false for to_param now appear in the query string (previously they were removed) *Andrew White*
632
633
* URL parameters which return nil for to_param are now removed from the query string *Andrew White*
634
635
* ActionDispatch::MiddlewareStack now uses composition over inheritance. It is
636
no longer an array which means there may be methods missing that were not tested.
638
* Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). *Jakub Kuźma, Igor Wiedler*
639
640
* HTML5 button_tag helper. *Rizwan Reza*
641
642
* Template lookup now searches further up in the inheritance chain. *Artemave*
643
644
* Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. *Piotr Sarnacki*
645
646
* url_for and named url helpers now accept :subdomain and :domain as options, *Josh Kalderimis*
647
648
* The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). *Josh Kalderimis*
649
650
* Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). *Piotr Sarnacki*
651
652
* Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
653
654
tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
655
# => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
656
657
Keys are dasherized. Values are JSON-encoded, except for strings and symbols. *Stephen Celis*
658
659
* Deprecate old template handler API. The new API simply requires a template handler to respond to call. *José Valim*
660
661
* :rhtml and :rxml were finally removed as template handlers. *José Valim*
662
663
* Moved etag responsibility from ActionDispatch::Response to the middleware stack. *José Valim*
664
665
* Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. *José Valim*
666
667
* file_field automatically adds :multipart => true to the enclosing form. *Santiago Pastorino*
668
669
* Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. *fxn*
670
671
* Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. *Yehuda Katz, Carl Lerche*
672
673
674
## Rails 3.0.12 (March 1, 2012) ##
675
676
* Fix using `tranlate` helper with a html translation which uses the `:count` option for
677
pluralization.
678
679
*Jon Leighton*
680
681
682
## Rails 3.0.11 (November 18, 2011) ##
683
684
* Fix XSS security vulnerability in the `translate` helper method. When using interpolation
685
in combination with HTML-safe translations, the interpolated input would not get HTML
686
escaped. *GH 3664*
687
688
Before:
689
690
translate('foo_html', :something => '<script>') # => "...<script>..."
691
692
After:
693
694
translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
695
696
*Sergey Nartimov*
697
698
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be
699
raised while attempting to convert a template from one encoding to another.
700
701
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
702
703
The workaround is to load all conversions into memory ahead of time, and will
704
only happen if the ruby version is exactly 1.9.3p0. The hope is obviously
705
that the underlying problem will be resolved in the next patchlevel release
706
of 1.9.3.
707
708
* Fix assert_select_email to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.
709
710
* Fix url_for when passed a hash to prevent additional options (eg. :host, :protocol) from being added to the hash after calling it.
711
712
713
## Rails 3.0.10 (August 16, 2011) ##
714
715
* Fixes an issue where cache sweepers with only after filters would have no
716
controller object, it would raise undefined method controller_name for nil [jeroenj]
717
718
* Ensure status codes are logged when exceptions are raised.
719
720
* Subclasses of OutputBuffer are respected.
721
722
* Fixed ActionView::FormOptionsHelper#select with :multiple => false
723
724
* Avoid extra call to Cache#read in case of a fragment cache hit
725
726
727
## Rails 3.0.9 (June 16, 2011) ##
728
729
* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove]
730
731
* Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist]
732
733
* Fix text helpers to work correctly with the new SafeBuffer restriction [Paul Gallagher, Arun Agrawal, Prem Sichanugrist]
734
735
736
## Rails 3.0.8 (June 7, 2011) ##
737
738
* It is prohibited to perform a in-place SafeBuffer mutation [tenderlove]
739
740
The old behavior of SafeBuffer allowed you to mutate string in place via
741
method like `sub!`. These methods can add unsafe strings to a safe buffer,
742
and the safe buffer will continue to be marked as safe.
743
744
An example problem would be something like this:
745
746
<%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
747
748
In the above example, an untrusted string (`params[:xss]`) is added to the
749
safe buffer returned by `link_to`, and the untrusted content is successfully
750
sent to the client without being escaped. To prevent this from happening
751
`sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
752
753
In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
754
755
<%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
756
757
The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
758
759
You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
760
761
* Fixed github issue #342 with asset paths and relative roots.
762
763
764
## Rails 3.0.7 (April 18, 2011) ##
765
766
* No changes.
767
768
769
## Rails 3.0.6 (April 5, 2011) ##
770
771
* Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
772
html safe. Please make sure that calls to auto_link() are wrapped in a
773
sanitize(), or a raw() depending on the type of input passed to auto_link().
774
For example:
775
776
<%= sanitize(auto_link(some_user_input)) %>
777
778
Thanks to Torben Schulz for reporting this. The fix can be found here:
779
61ee3449674c591747db95f9b3472c5c3bd9e84d
780
781
* Fixes the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default *Prem Sichanugrist*
782
783
* Fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 *Josh Kalderimis*
784
785
* Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
786
787
* URL parameters which return nil for to_param are now removed from the query string *Andrew White*
788
789
* Don't allow i18n to change the minor version, version now set to ~> 0.5.0 *Santiago Pastorino*
790
791
* Make TranslationHelper#translate use the :rescue_format option in I18n 0.5.0 *Sven Fuchs*
792
793
* Fix regression: javascript_include_tag shouldn't raise if you register an expansion key with nil or [] value *Santiago Pastorino*
794
795
* Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body. *Cheah Chu Yeow*
796
797
798
## Rails 3.0.5 (February 26, 2011) ##
799
800
* No changes.
801
802
803
## Rails 3.0.4 (February 8, 2011) ##
804
805
* No changes.
806
807
808
## Rails 3.0.3 (November 16, 2010) ##
809
810
* When ActiveRecord::Base objects are sent to predicate methods, the id of the object should be sent to ARel, not the ActiveRecord::Base object.
811
812
* :constraints routing should only do sanity checks against regular expressions. String arguments are OK.
813
814
815
## Rails 3.0.2 (November 15, 2010) ##
816
817
* The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. *Don Wilson*
818
819
820
## Rails 3.0.1 (October 15, 2010) ##
821
822
* No Changes, just a version bump.
823
824
825
## Rails 3.0.0 (August 29, 2010) ##
826
827
* password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) *Santiago Pastorino*
828
829
* Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. *José Valim*
830
831
* Add clear_helpers as a way to clean up all helpers added to this controller, maintaining just the helper with the same name as the controller. *José Valim*
832
833
* Support routing constraints in functional tests. *Andrew White*
834
835
* Add a header that tells Internet Explorer (all versions) to use the best available standards support. *Yehuda Katz*
836
837
* Allow stylesheet/javascript extensions to be changed through railties. *Josh Kalderimis*
838
839
* link_to, button_to, and tag/tag_options now rely on html_escape instead of escape_once. *fxn*
840
841
* url_for returns always unescaped strings, and the :escape option is gone. *fxn*
842
843
* Added accept-charset parameter and _snowman hidden field to force the contents
844
of Rails POSTed forms to be in UTF-8 *Yehuda Katz*
845
846
* Upgrade to Rack 1.2.1 *Jeremy Kemper*
847
848
* Allow :path to be given to match/get/post/put/delete instead of :path_names in the new router *Carlos Antônio da Silva*
849
850
* Added resources_path_names to the new router DSL *José Valim*
851
852
* Allow options to be given to the namespace method in the new router *Carlos Antônio da Silva*
853
854
* Deprecate :name_prefix in the new router DSL *José Valim*
855
856
* Add shallow routes back to the new router *Diego Carrion, Andrew White*
857
858
resources :posts do
859
shallow do
860
resources :comments
861
end
862
end
863
864
You can now use comment_path for /comments/1 instead of post_comment_path for /posts/1/comments/1.
865
866
* Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 *Guillermo Álvarez*
867
868
* Removed textilize, textilize_without_paragraph and markdown helpers. *Santiago Pastorino*
869
870
* Remove middleware laziness *José Valim*
871
872
* Make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean. *José Valim*
873
874
* OAuth 2: HTTP Token Authorization support to complement Basic and Digest Authorization. *Rick Olson*
875
876
* Fixed inconsistencies in form builder and view helpers #4432 *Neeraj Singh*
877
878
* Both :xml and :json renderers now forwards the given options to the model, allowing you to invoke them as render :xml => @projects, :include => :tasks *José Valim, Yehuda Katz*
879
880
* Renamed the field error CSS class from fieldWithErrors to field_with_errors for consistency. *Jeremy Kemper*
881
882
* Add support for shorthand routes like /projects/status(.:format) #4423 *Diego Carrion*
883
884
* Changed translate helper so that it doesn’t mark every translation as safe HTML. Only keys with a "_html" suffix and keys named "html" are considered to be safe HTML. All other translations are left untouched. *Craig Davey*
885
886
* New option :as added to form_for allows to change the object name. The old <% form_for :client, @post %> becomes <% form_for @post, :as => :client %> *spastorino*
887
888
* Removed verify method in controllers. *JV*
889
It's now available as a plugin at http://github.com/rails/verification
890
891
* Removed input, form, error_messages_for and error_message_on from views. *JV*
892
It's now available as a plugin at http://github.com/rails/dynamic_form
893
894
* Routes can be scoped by controller module. *Jeremy Kemper*
895
896
# /session => Auth::SessionsController
897
scope :module => 'auth' do
898
resource :session
899
end
900
901
* Added #favicon_link_tag, it uses #image_path so in particular the favicon gets an asset ID *fxn*
902
903
* Fixed that default locale templates should be used if the current locale template is missing *DHH*
904
905
* Added all the new HTML5 form types as individual form tag methods (search, url, number, etc) #3646 *Stephen Celis*
906
907
* Changed the object used in routing constraints to be an instance of
908
ActionDispatch::Request rather than Rack::Request *YK*
909
910
* Changed ActionDispatch::Request#method to return a String, to be compatible
911
with Rack::Request. Added ActionDispatch::Request#method_symbol to
912
return a symbol form of the request method. *YK*
913
914
* Changed ActionDispatch::Request#method to return the original
915
method and #request_method to return the overridden method in the
916
case of methodoverride being used (this means that #method returns
917
"HEAD" and #request_method returns "GET" in HEAD requests). This
918
is for compatibility with Rack::Request *YK*
919
920
* #concat is now deprecated in favor of using <%= %> helpers *YK*
921
922
* Block helpers now return Strings, so you can use <%= form_for @foo do |f| %>.
923
<% form_for do |f| %> still works with deprecation notices *YK*
924
925
* Add a new #mount method on the router that does not anchor the PATH_INFO
926
at the end *YK & CL*
927
928
* Create a new LookupContext object that is responsible for performantly
929
finding a template for a given pattern *JV*
930
931
* Removed relative_url_for in favor of respecting SCRIPT_NAME *YK & CL*
932
933
* Changed file streaming to use Rack::Sendfile middleware *YK*
934
935
* ActionDispatch::Request#content_type returns a String to be compatible with
936
Rack::Request. Use #content_mime_type for the Mime::Type instance *YK*
937
938
* Updated Prototype to 1.6.1 and Scriptaculous to 1.8.3 *ML*
939
940
* Change the preferred way that URL helpers are included into a class*YK & CL*
941
942
# for all helpers including named routes
943
include Rails.application.router.url_helpers
944
945
# for just url_for
946
include Rails.application.router.url_for
947
948
* Fixed that PrototypeHelper#update_page should return html_safe *DHH*
949
950
* Fixed that much of DateHelper wouldn't return html_safe? strings *DHH*
951
952
* Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) *DHH*
953
954
* Added that ActionController::Base now does helper :all instead of relying on the default ApplicationController in Rails to do it *DHH*
955
956
* Added ActionDispatch::Request#authorization to access the http authentication header regardless of its proxy hiding *DHH*
957
958
* Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that'll automatically set the proper flash before the redirection *DHH*. Examples:
959
960
flash[:notice] = 'Post was created'
961
redirect_to(@post)
962
963
...becomes:
964
965
redirect_to(@post, :notice => 'Post was created')
966
967
* Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= *DHH*
968
969
* Introduce grouped_collection_select helper. #1249 *Dan Codeape, Erik Ostrom*
970
971
* Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls. #1664 *Matthew Rudy Jacobs*
972
973
* Ruby 1.9: fix Content-Length for multibyte send_data streaming. #2661 *Sava Chankov*
974
975
* Ruby 1.9: ERB template encoding using a magic comment at the top of the file. *Jeremy Kemper*
976
<%# encoding: utf-8 %>
977
978
* Change integration test helpers to accept Rack environment instead of just HTTP Headers *Pratik Naik*
979
980
Before : get '/path', {}, 'Accept' => 'text/javascript'
981
After : get '/path', {}, 'HTTP_ACCEPT' => 'text/javascript'
982
983
* Instead of checking Rails.env.test? in Failsafe middleware, check env["rails.raise_exceptions"] *Bryan Helmkamp*
984
985
* Fixed that TestResponse.cookies was returning cookies unescaped #1867 *Doug McInnes*
986
987
988
## 2.3.2 Final (March 15, 2009) ##
989
990
* Fixed that redirection would just log the options, not the final url (which lead to "Redirected to #<Post:0x23150b8>") *DHH*
991
992
* Don't check authenticity tokens for any AJAX requests *Ross Kaffenberger/Bryan Helmkamp*
993
994
* Added ability to pass in :public => true to fresh_when, stale?, and expires_in to make the request proxy cachable #2095 *Gregg Pollack*
995
996
* Fixed that passing a custom form builder would be forwarded to nested fields_for calls #2023 *Eloy Duran/Nate Wiger*
997
998
* Form option helpers now support disabled option tags and the use of lambdas for selecting/disabling option tags from collections #837 *Tekin*
999
1000
* Added partial scoping to TranslationHelper#translate, so if you call translate(".foo") from the people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo") *DHH*
1001
1002
* Fix a syntax error in current_page?() that was prevent matches against URL's with multiple query parameters #1385, #1868 *chris finne/Andrew White*
1003
1004
* Added localized rescue template when I18n.locale is set (ex: public/404.da.html) #1835 *José Valim*
1005
1006
* Make the form_for and fields_for helpers support the new Active Record nested update options. #1202 *Eloy Duran*
1007
1008
<% form_for @person do |person_form| %>
1009
...
1010
<% person_form.fields_for :projects do |project_fields| %>
1011
<% if project_fields.object.active? %>
1012
Name: <%= project_fields.text_field :name %>
1013
<% end %>
1014
<% end %>
1015
<% end %>
1016
1017
1018
* Added grouped_options_for_select helper method for wrapping option tags in optgroups. #977 *Jon Crawford*
1019
1020
* Implement HTTP Digest authentication. #1230 *Gregg Kellogg, Pratik Naik* Example :
1021
1022
class DummyDigestController < ActionController::Base
1023
USERS = { "lifo" => 'world' }
1024
1025
before_filter :authenticate
1026
1027
def index
1028
render :text => "Hello Secret"
1029
end
1030
1031
private
1032
1033
def authenticate
1034
authenticate_or_request_with_http_digest("Super Secret") do |username|
1035
# Return the user's password
1036
USERS[username]
1037
end
1038
end
1039
end
1040
1041
* Improved i18n support for the number_to_human_size helper. Changes the storage_units translation data; update your translations accordingly. #1634 *Yaroslav Markin*
1042
storage_units:
1043
# %u is the storage unit, %n is the number (default: 2 MB)
1044
format: "%n %u"
1045
units:
1046
byte:
1047
one: "Byte"
1048
other: "Bytes"
1049
kb: "KB"
1050
mb: "MB"
1051
gb: "GB"
1052
tb: "TB"
1053
1054
* Added :silence option to BenchmarkHelper#benchmark and turned log_level into a hash parameter and deprecated the old use *DHH*
1055
1056
* Fixed the AssetTagHelper cache to use the computed asset host as part of the cache key instead of just assuming the its a string #1299 *DHH*
1057
1058
* Make ActionController#render(string) work as a shortcut for render :file/:template/:action => string. #1435 *Pratik Naik* Examples:
1059
1060
\# Instead of render(:action => 'other_action')
1061
render('other_action') # argument has no '/'
1062
render(:other_action)
1063
1064
\# Instead of render(:template => 'controller/action')
1065
render('controller/action') # argument must not begin with a '/', but contain a '/'
1066
1067
\# Instead of render(:file => '/Users/lifo/home.html.erb')
1068
render('/Users/lifo/home.html.erb') # argument must begin with a '/'
1069
1070
* Add :prompt option to date/time select helpers. #561 *Sam Oliver*
1071
1072
* Fixed that send_file shouldn't set an etag #1578 *Hongli Lai*
1073
1074
* Allow users to opt out of the spoofing checks in Request#remote_ip. Useful for sites whose traffic regularly triggers false positives. *Darren Boyd*
1075
1076
* Deprecated formatted_polymorphic_url. *Jeremy Kemper*
1077
1078
* Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) *David Heinemeier Hansson*
1079
1080
* Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) *David Heinemeier Hansson*
1081
1082
* Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 *aaronbatalion*
1083
1084
* Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. *Michael Koziarski*
1085
1086
* Allow helpers directory to be overridden via ActionController::Base.helpers_dir #1424 *Sam Pohlenz*
1087
1088
* Remove deprecated ActionController::Base#assign_default_content_type_and_charset
1089
1090
* Changed the default of ActionView#render to assume partials instead of files when not given an options hash *DHH*. Examples:
1091
1092
# Instead of <%= render :partial => "account" %>
1093
<%= render "account" %>
1094
1095
# Instead of <%= render :partial => "account", :locals => { :account => @buyer } %>
1096
<%= render "account", :account => @buyer %>
1097
1098
# @account is an Account instance, so it uses the RecordIdentifier to replace
1099
# <%= render :partial => "accounts/account", :locals => { :account => @account } %>
1100
<%= render(@account) %>
1101
1102
# @posts is an array of Post instances, so it uses the RecordIdentifier to replace
1103
# <%= render :partial => "posts/post", :collection => @posts %>
1104
<%= render(@posts) %>
1105
1106
* Remove deprecated render_component. Please use the plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
1107
1108
* Fixed RedCloth and BlueCloth shouldn't preload. Instead just assume that they're available if you want to use textilize and markdown and let autoload require them *David Heinemeier Hansson*
1109
1110
1111
## 2.2.2 (November 21st, 2008) ##
1112
1113
* I18n: translate number_to_human_size. Add storage_units: [Bytes, KB, MB, GB, TB] to your translations. #1448 *Yaroslav Markin*
1114
1115
* Restore backwards compatible functionality for setting relative_url_root. Include deprecation
1116
1117
* Switched the CSRF module to use the request content type to decide if the request is forgeable. #1145 *Jeff Cohen*
1118
1119
* Added :only and :except to map.resources to let people cut down on the number of redundant routes in an application. Typically only useful for huge routesets. #1215 *Tom Stuart*
1120
1121
map.resources :products, :only => :show do |product|
1122
product.resources :images, :except => :destroy
1123
end
1124
1125
* Added render :js for people who want to render inline JavaScript replies without using RJS *David Heinemeier Hansson*
1126
1127
* Fixed that polymorphic_url should compact given array #1317 *hiroshi*
1128
1129
* Fixed the sanitize helper to avoid double escaping already properly escaped entities #683 *antonmos/Ryan McGeary*
1130
1131
* Fixed that FormTagHelper generated illegal html if name contained square brackets #1238 *Vladimir Dobriakov*
1132
1133
* Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 *Bernardo Padua/Tor Erik*
1134
1135
* Simplified the logging format for parameters (don't include controller, action, and format as duplicates) *David Heinemeier Hansson*
1136
1137
* Remove the logging of the Session ID when the session store is CookieStore *David Heinemeier Hansson*
1138
1139
* Fixed regex in redirect_to to fully support URI schemes #1247 *Seth Fitzsimmons*
1140
1141
* Fixed bug with asset timestamping when using relative_url_root #1265 *Joe Goldwasser*
1142
1143
1144
## 2.2.0 RC1 (October 24th, 2008) ##
1145
1146
* Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections *packagethief*
1147
1148
* Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends *DHH*. Example:
1149
1150
class ArticlesController < ApplicationController
1151
def show_with_respond_to_block
1152
@article = Article.find(params[:id])
1153
1154
1155
# If the request sends headers that differs from the options provided to stale?, then
1156
# the request is indeed stale and the respond_to block is triggered (and the options
1157
# to the stale? call is set on the response).
1158
#
1159
# If the request headers match, then the request is fresh and the respond_to block is
1160
# not triggered. Instead the default render will occur, which will check the last-modified
1161
# and etag headers and conclude that it only needs to send a "304 Not Modified" instead
1162
# of rendering the template.
1163
if stale?(:last_modified => @article.published_at.utc, :etag => @article)
1164
respond_to do |wants|
1165
# normal response processing
1166
end
1167
end
1168
end
1169
1170
def show_with_implied_render
1171
@article = Article.find(params[:id])
1172
1173
# Sets the response headers and checks them against the request, if the request is stale
1174
# (i.e. no match of either etag or last-modified), then the default render of the template happens.
1175
# If the request is fresh, then the default render will return a "304 Not Modified"
1176
# instead of rendering the template.
1177
fresh_when(:last_modified => @article.published_at.utc, :etag => @article)
1178
end
1179
end
1180
1181
1182
* Added inline builder yield to atom_feed_helper tags where appropriate *Sam Ruby*. Example:
1183
1184
entry.summary :type => 'xhtml' do |xhtml|
1185
xhtml.p pluralize(order.line_items.count, "line item")
1186
xhtml.p "Shipped to #{order.address}"
1187
xhtml.p "Paid by #{order.pay_type}"
1188
end
1189
1190
* Make PrototypeHelper#submit_to_remote a wrapper around PrototypeHelper#button_to_remote. *Tarmo Tänav*
1191
1192
* Set HttpOnly for the cookie session store's cookie. #1046
1193
1194
* Added FormTagHelper#image_submit_tag confirm option #784 *Alastair Brunton*
1195
1196
* Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 *Jose Fernandez*
1197
1198
* Stopped logging template compiles as it only clogs up the log *David Heinemeier Hansson*
1199
1200
* Changed the X-Runtime header to report in milliseconds *David Heinemeier Hansson*
1201
1202
* Changed BenchmarkHelper#benchmark to report in milliseconds *David Heinemeier Hansson*
1203
1204
* Changed logging format to be millisecond based and skip misleading stats *DHH*. Went from:
1205
1206
Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com]
1207
1208
...to:
1209
1210
Completed in 100ms (View: 40, DB: 4) | 200 OK [http://example.com]
1211
1212
* Add support for shallow nesting of routes. #838 *S. Brent Faulkner*
1213
1214
Example :
1215
1216
map.resources :users, :shallow => true do |user|
1217
user.resources :posts
1218
end
1219
1220
- GET /users/1/posts (maps to PostsController#index action as usual)
1221
named route "user_posts" is added as usual.
1222
1223
- GET /posts/2 (maps to PostsController#show action as if it were not nested)
1224
Additionally, named route "post" is added too.
1225
1226
* Added button_to_remote helper. #3641 *Donald Piret, Tarmo Tänav*
1227
1228
* Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
1229
1230
* Routes may be restricted to lists of HTTP methods instead of a single method or :any. #407 *Brennan Dunn, Gaius Centus Novus*
1231
map.resource :posts, :collection => { :search => [:get, :post] }
1232
map.session 'session', :requirements => { :method => [:get, :post, :delete] }
1233
1234
* Deprecated implicit local assignments when rendering partials *Josh Peek*
1235
1236
* Introduce current_cycle helper method to return the current value without bumping the cycle. #417 *Ken Collins*
1237
1238
* Allow polymorphic_url helper to take url options. #880 *Tarmo Tänav*
1239
1240
* Switched integration test runner to use Rack processor instead of CGI *Josh Peek*
1241
1242
* Made AbstractRequest.if_modified_sense return nil if the header could not be parsed *Jamis Buck*
1243
1244
* Added back ActionController::Base.allow_concurrency flag *Josh Peek*
1245
1246
* AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root *Josh Peek*
1247
1248
* Update Prototype to 1.6.0.2 #599 *Patrick Joyce*
1249
1250
* Conditional GET utility methods. *Jeremy Kemper*
1251
response.last_modified = @post.updated_at
1252
response.etag = [:admin, @post, current_user]
1253
1254
if request.fresh?(response)
1255
head :not_modified
1256
else
1257
# render ...
1258
end
1259
1260
* All 2xx requests are considered successful *Josh Peek*
1261
1262
* Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run *David Heinemeier Hansson*
1263
1264
* Removed config.action_view.cache_template_loading, use config.cache_classes instead *Josh Peek*
1265
1266
* Get buffer for fragment cache from template's @output_buffer *Josh Peek*
1267
1268
* Set config.action_view.warn_cache_misses = true to receive a warning if you perform an action that results in an expensive disk operation that could be cached *Josh Peek*
1269
1270
* Refactor template preloading. New abstractions include Renderable mixins and a refactored Template class *Josh Peek*
1271
1272
* Changed ActionView::TemplateHandler#render API method signature to render(template, local_assigns = {}) *Josh Peek*
1273
1274
* Changed PrototypeHelper#submit_to_remote to PrototypeHelper#button_to_remote to stay consistent with link_to_remote (submit_to_remote still works as an alias) #8994 *clemens*
1275
1276
* Add :recursive option to javascript_include_tag and stylesheet_link_tag to be used along with :all. #480 *Damian Janowski*
1277
1278
* Allow users to disable the use of the Accept header *Michael Koziarski*
1279
1280
The accept header is poorly implemented by browsers and causes strange
1281
errors when used on public sites where crawlers make requests too. You can use formatted urls (e.g. /people/1.xml) to support API clients in a much simpler way.
1282
To disable the header you need to set:
1283
config.action_controller.use_accept_header = false
1284
* Do not stat template files in production mode before rendering. You will no longer be able to modify templates in production mode without restarting the server *Josh Peek*
1285
1286
* Deprecated TemplateHandler line offset *Josh Peek*
1287
1288
* Allow caches_action to accept cache store options. #416. *José Valim*. Example:
1289
1290
caches_action :index, :redirected, :if => Proc.new { |c| !c.request.format.json? }, :expires_in => 1.hour
1291
1292
* Remove define_javascript_functions, javascript_include_tag and friends are far superior. *Michael Koziarski*
1293
1294
* Deprecate :use_full_path render option. The supplying the option no longer has an effect *Josh Peek*
1295
1296
* Add :as option to render a collection of partials with a custom local variable name. #509 *Simon Jefford, Pratik Naik*
1297
1298
render :partial => 'other_people', :collection => @people, :as => :person
1299
1300
This will let you access objects of @people as 'person' local variable inside 'other_people' partial template.
1301
1302
* time_zone_select: support for regexp matching of priority zones. Resolves #195 *Ernie Miller*
1303
1304
* Made ActionView::Base#render_file private *Josh Peek*
1305
1306
* Refactor and simplify the implementation of assert_redirected_to. Arguments are now normalised relative to the controller being tested, not the root of the application. *Michael Koziarski*
1307
1308
This could cause some erroneous test failures if you were redirecting between controllers
1309
in different namespaces and wrote your assertions relative to the root of the application.
1310
1311
* Remove follow_redirect from controller functional tests.
1312
1313
If you want to follow redirects you can use integration tests. The functional test version was only useful if you were using redirect_to :id=>...
1314
* Fix polymorphic_url with singleton resources. #461 *Tammer Saleh*
1315
1316
* Replaced TemplateFinder abstraction with ViewLoadPaths *Josh Peek*
1317
1318
* Added block-call style to link_to *Sam Stephenson/David Heinemeier Hansson*. Example:
1319
1320
<% link_to(@profile) do %>
1321
<strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
1322
<% end %>
1323
1324
* Performance: integration test benchmarking and profiling. *Jeremy Kemper*
1325
1326
* Make caching more aware of mime types. Ensure request format is not considered while expiring cache. *Jonathan del Strother*
1327
1328
* Drop ActionController::Base.allow_concurrency flag *Josh Peek*
1329
1330
* More efficient concat and capture helpers. Remove ActionView::Base.erb_variable. *Jeremy Kemper*
1331
1332
* Added page.reload functionality. Resolves #277. *Sean Huber*
1333
1334
* Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) *Mark Imbriaco, Bradford Folkens*
1335
1336
* Allow caches_action to accept a layout option *José Valim*
1337
1338
* Added Rack processor *Ezra Zygmuntowicz, Josh Peek*
1339
1340
1341
## 2.1.0 (May 31st, 2008) ##
1342
1343
* InstanceTag#default_time_from_options overflows to DateTime *Geoff Buesing*
1344
1345
* Fixed that forgery protection can be used without session tracking (Peter Jones) *#139*
1346
1347
* Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) *#136*
1348
1349
* Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" *Rick Olson*
1350
* InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap *Geoff Buesing*
1351
1352
* select_date defaults to Time.zone.today when config.time_zone is set *Geoff Buesing*
1353
1354
* Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) *#80*
1355
1356
* Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) *David Heinemeier Hansson*
1357
1358
* Reduce number of instance variables being copied from controller to view. *Pratik Naik*
1359
1360
* select_datetime and select_time default to Time.zone.now when config.time_zone is set *Geoff Buesing*
1361
1362
* datetime_select defaults to Time.zone.now when config.time_zone is set *Geoff Buesing*
1363
1364
* Remove ActionController::Base#view_controller_internals flag. *Pratik Naik*
1365
1366
* Add conditional options to caches_page method. *Paul Horsfall*
1367
1368
* Move missing template logic to ActionView. *Pratik Naik*
1369
1370
* Introduce ActionView::InlineTemplate class. *Pratik Naik*
1371
1372
* Automatically parse posted JSON content for Mime::JSON requests. *Rick Olson*
1373
1374
POST /posts
1375
{"post": {"title": "Breaking News"}}
1376
1377
def create
1378
@post = Post.create params[:post]
1379
# ...
1380
end
1381
1382
* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. *Rick Olson*
1383
1384
* Provide a helper proxy to access helper methods from outside views. Closes #10839 *Josh Peek*
1385
e.g. ApplicationController.helpers.simple_format(text)
1386
1387
* Improve documentation. *Xavier Noria, leethal, jerome*
1388
1389
* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 *Josh Peek, eventualbuddha, Pratik Naik*
1390
1391
* Support render :partial => collection of heterogeneous elements. #11491 *Zach Dennis*
1392
1393
* Avoid remote_ip spoofing. *Brian Candler*
1394
1395
* Added support for regexp flags like ignoring case in the :requirements part of routes declarations #11421 *NeilW*
1396
1397
* Fixed that ActionController::Base#read_multipart would fail if boundary was exactly 10240 bytes #10886 *ariejan*
1398
1399
* Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 *esad, packagethief*
1400
1401
* Improve documentation. *Ryan Bigg, Jan De Poorter, Cheah Chu Yeow, Xavier Shay, Jack Danger Canty, Emilio Tagua, Xavier Noria, Sunny Ripert*
1402
1403
* Fixed that FormHelper#radio_button would produce invalid ids #11298 *harlancrystal*
1404
1405
* Added :confirm option to submit_tag #11415 *Emilio Tagua*
1406
1407
* Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) *zhangyuanyi*
1408
1409
* Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 *François Beausoleil, Chris O'Sullivan*
1410
1411
* Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. *Rick Olson*
1412
1413
* Refactor filters to use Active Support callbacks. #11235 *Josh Peek*
1414
1415
* Fixed that polymorphic routes would modify the input array #11363 *thomas.lee*
1416
1417
* Added :format option to NumberHelper#number_to_currency to enable better localization support #11149 *lylo*
1418
1419
* Fixed that TextHelper#excerpt would include one character too many #11268 *Irfy*
1420
1421
* Fix more obscure nested parameter hash parsing bug. #10797 *thomas.lee*
1422
1423
* Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets. #10350 *lotswholetime*
1424
1425
* Fix nested parameter hash parsing bug. #10797 *thomas.lee*
1426
1427
* Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 *Eloy Duran*
1428
1429
* Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off *David Heinemeier Hansson*
1430
1431
* Make MimeResponds::Responder#any work without explicit types. Closes #11140 *jaw6*
1432
1433
* Better error message for type conflicts when parsing params. Closes #7962 *spicycode, matt*
1434
1435
* Remove unused ActionController::Base.template_class. Closes #10787 *Pratik Naik*
1436
1437
* Moved template handlers related code from ActionView::Base to ActionView::Template. *Pratik Naik*
1438
1439
* Tests for div_for and content_tag_for helpers. Closes #11223 *Chris O'Sullivan*
1440
1441
* Allow file uploads in Integration Tests. Closes #11091 *RubyRedRick*
1442
1443
* Refactor partial rendering into a PartialTemplate class. *Pratik Naik*
1444
1445
* Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block *David Heinemeier Hansson*
1446
1447
* Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 *Ernesto Jimenez*
1448
1449
* Remove support for multivalued (e.g., '&'-delimited) cookies. *Jamis Buck*
1450
1451
* Fix problem with render :partial collections, records, and locals. #11057 *lotswholetime*
1452
1453
* Added support for naming concrete classes in sweeper declarations *David Heinemeier Hansson*
1454
1455
* Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 *Tim Pope, Chris Kampmeier*
1456
1457
* Fix typo in form_helper documentation. #10650 *Xavier Shay, Chris Kampmeier*
1458
1459
* Fix bug with setting Request#format= after the getter has cached the value. #10889 *cch1*
1460
1461
* Correct inconsistencies in RequestForgeryProtection docs. #11032 *Mislav Marohnić*
1462
1463
* Introduce a Template class to ActionView. #11024 *Pratik Naik*
1464
1465
* Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). #9883 *rmm5t*
1466
1467
* Introduce map.resources :cards, :as => 'tarjetas' to use a custom resource name in the URL: cards_path == '/tarjetas'. #10578 *blj*
1468
1469
* TestSession supports indifferent access. #7372 *tamc, Arsen7, mhackett, julik, jean.helou*
1470
1471
* Make assert_routing aware of the HTTP method used. #8039 *mpalmer*
1472
e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
1473
1474
* Make map.root accept a single symbol as an argument to declare an alias. #10818 *bscofield*
1475
1476
e.g. map.dashboard '/dashboard', :controller=>'dashboard'
1477
map.root :dashboard
1478
1479
* Handle corner case with image_tag when passed 'messed up' image names. #9018 *Duncan Beevers, mpalmer*
1480
1481
* Add label_tag helper for generating elements. #10802 *DefV*
1482
1483
* Introduce TemplateFinder to handle view paths and lookups. #10800 *Pratik Naik*
1484
1485
* Performance: optimize route recognition. Large speedup for apps with many resource routes. #10835 *oleganza*
1486
1487
* Make render :partial recognise form builders and use the _form partial. #10814 *Damian Janowski*
1488
1489
* Allow users to declare other namespaces when using the atom feed helpers. #10304 *david.calavera*
1490
1491
* Introduce send_file :x_sendfile => true to send an X-Sendfile response header. *Jeremy Kemper*
1492
1493
* Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 *Jeremy Evans*
1494
1495
* Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. *Michael Koziarski*
1496
1497
* UrlWriter respects relative_url_root. #10748 *Cheah Chu Yeow*
1498
1499
* The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. #10549 *Cheah Chu Yeow, Peter B, Tom Taylor*
1500
1501
* Support render :text => nil. #6684 *tjennings, PotatoSalad, Cheah Chu Yeow*
1502
1503
* assert_response failures include the exception message. #10688 *Seth Rasmussen*
1504
1505
* All fragment cache keys are now by default prefixed with the "views/" namespace *David Heinemeier Hansson*
1506
1507
* Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore *David Heinemeier Hansson*
1508
1509
* Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store *David Heinemeier Hansson*
1510
1511
* Made fragment caching in views work for rjs and builder as well #6642 *Dee Zsombor*
1512
1513
* Fixed rendering of partials with layout when done from site layout #9209 *antramm*
1514
1515
* Fix atom_feed_helper to comply with the atom spec. Closes #10672 *Xavier Shay*
1516
1517
* The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html)
1518
* IDs are not guaranteed unique
1519
* A default self link was not provided, contrary to the documentation
1520
* NOTE: This changes tags for existing atom entries, but at least they validate now.
1521
1522
* Correct indentation in tests. Closes #10671 *Luca Guidi*
1523
1524
* Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 *Brad Greenlee*
1525
1526
* Ensure that test case setup is run even if overridden. #10382 *Josh Peek*
1527
1528
* Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes #10566 *wesley.moxam*
1529
1530
* Add :default option to time_zone_select. #10590 *Matt Aimonetti*
1531
1532
1533
## 2.0.2 (December 16th, 2007) ##
1534
1535
* Added delete_via_redirect and put_via_redirect to integration testing #10497 *philodespotos*
1536
1537
* Allow headers['Accept'] to be set by hand when calling xml_http_request #10461 *BMorearty*
1538
1539
* Added OPTIONS to list of default accepted HTTP methods #10449 *holoway*
1540
1541
* Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 *Cheah Chu Yeow*. Example:
1542
1543
ActionController::Base.asset_host = Proc.new { |source|
1544
if source.starts_with?('/images')
1545
"http://images.example.com"
1546
else
1547
"http://assets.example.com"
1548
end
1549
}
1550
1551
* Fixed that ActionView#file_exists? would be incorrect if @first_render is set #10569 *dbussink*
1552
1553
* Added that Array#to_param calls to_param on all it's elements #10473 *brandon*
1554
1555
* Ensure asset cache directories are automatically created. #10337 *Josh Peek, Cheah Chu Yeow*
1556
1557
* render :xml and :json preserve custom content types. #10388 *jmettraux, Cheah Chu Yeow*
1558
1559
* Refactor Action View template handlers. #10437, #10455 *Josh Peek*
1560
1561
* Fix DoubleRenderError message and leave out mention of returning false from filters. Closes #10380 *Frederick Cheung*
1562
1563
* Clean up some cruft around ActionController::Base#head. Closes #10417 *ssoroka*
1564
1565
1566
## 2.0.1 (December 7th, 2007) ##
1567
1568
* Fixed send_file/binary_content for testing #8044 *tolsen*
1569
1570
* When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 *Jack Danger Canty*
1571
1572
* Update Prototype to 1.6.0.1. *sam*
1573
1574
* Update script.aculo.us to 1.8.0.1. *madrobby*
1575
1576
* Add 'disabled' attribute to <OPTION> separators used in time zone and country selects. Closes #10354 *Josh Susser*
1577
1578
* Added the same record identification guessing rules to fields_for as form_for has *David Heinemeier Hansson*
1579
1580
* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) *David Heinemeier Hansson*
1581
1582
* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 *Tarmo Tänav*
1583
1584
* Update to Prototype -r8232. *sam*
1585
1586
* Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. *pager, Michael Koziarski* #10292
1587
1588
* Added protection from trailing slashes on page caching #10229 *devrieda*
1589
1590
* Asset timestamps are appended, not prepended. Closes #10276 *Mike Naberezny*
1591
1592
* Minor inconsistency in description of render example. Closes #10029 *ScottSchram*
1593
1594
* Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods. *Rick Olson*
1595
1596
* Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. *Rick Olson*
1597
1598
* Add deprecation for old subtemplate syntax for ActionMailer templates, use render :partial *Rick Olson*
1599
1600
* Fix TemplateError so it doesn't bomb on exceptions while running tests *Rick Olson*
1601
1602
* Fixed that named routes living under resources shouldn't have double slashes #10198 *Isaac Feliu*
1603
1604
* Make sure that cookie sessions use a secret that is at least 30 chars in length. *Michael Koziarski*
1605
1606
* Fixed that partial rendering should look at the type of the first render to determine its own type if no other clues are available (like when using text.plain.erb as the extension in AM) #10130 *java*
1607
1608
* Fixed that has_many :through associations should render as collections too #9051 *mathie/Jack Danger Canty*
1609
1610
* Added :mouseover short-cut to AssetTagHelper#image_tag for doing easy image swaps #6893 *joost*
1611
1612
* Fixed handling of non-domain hosts #9479 *purp*
1613
1614
* Fix syntax error in documentation example for cycle method. Closes #8735 *foca*
1615
1616
* Document :with option for link_to_remote. Closes #8765 *Ryan Bates*
1617
1618
* Document :minute_step option for time_select. Closes #8814 *brupm*
1619
1620
* Explain how to use the :href option for link_to_remote to degrade gracefully in the absence of JavaScript. Closes #8911 *vlad*
1621
1622
* Disambiguate :size option for text area tag. Closes #8955 *redbeard*
1623
1624
* Fix broken tag in assert_tag documentation. Closes #9037 *mfazekas*
1625
1626
* Add documentation for route conditions. Closes #9041 *innu, Manfred Stienstra*
1627
1628
* Fix typo left over from previous typo fix in url helper. Closes #9414 *Henrik N*
1629
1630
* Fixed that ActionController::CgiRequest#host_with_port() should handle standard port #10082 *moro*
1631
1632
* Update Prototype to 1.6.0 and script.aculo.us to 1.8.0. *sam, madrobby*
1633
1634
* Expose the cookie jar as a helper method (before the view would just get the raw cookie hash) *David Heinemeier Hansson*
1635
1636
* Integration tests: get_ and post_via_redirect take a headers hash. #9130 *simonjefford*
1637
1638
* Simplfy #view_paths implementation. ActionView templates get the exact object, not a dup. *Rick Olson*
1639
1640
* Update tests for ActiveSupport's JSON escaping change. *Rick Olson*
1641
1642
* FormHelper's auto_index should use #to_param instead of #id_before_type_cast. Closes #9994 *mattly*
1643
1644
* Doc typo fixes for ActiveRecordHelper. Closes #9973 *mikong*
1645
1646
* Make example parameters in restful routing docs idiomatic. Closes #9993 *Jack Danger Canty*
1647
1648
* Make documentation comment for mime responders match documentation example. Closes #9357 *yon*
1649
1650
* Introduce a new test case class for functional tests. ActionController::TestCase. *Michael Koziarski*
1651
1652
* Fix incorrect path in helper rdoc. Closes #9926 *viktor tron*
1653
1654
* Partials also set 'object' to the default partial variable. #8823 *Nick Retallack, Jeremy Kemper*
1655
1656
* Request profiler. *Jeremy Kemper*
1657
$ cat login_session.rb
1658
get_with_redirect '/'
1659
say "GET / => #{path}"
1660
post_with_redirect '/sessions', :username => 'john', :password => 'doe'
1661
say "POST /sessions => #{path}"
1662
$ ./script/performance/request -n 10 login_session.rb
1663
1664
* Disabled checkboxes don't submit a form value. #9301 *vladr, robinjfisher*
1665
1666
* Added tests for options to ActiveRecordHelper#form. Closes #7213 *richcollins, mikong, Mislav Marohnić*
1667
1668
* Changed before_filter halting to happen automatically on render or redirect but no longer on simply returning false *David Heinemeier Hansson*
1669
1670
* Ensure that cookies handle array values correctly. Closes #9937 *queso*
1671
1672
* Make sure resource routes don't clash with internal helpers like javascript_path, image_path etc. #9928 *Geoff Buesing*
1673
1674
* caches_page uses a single after_filter instead of one per action. #9891 *Pratik Naik*
1675
1676
* Update Prototype to 1.6.0_rc1 and script.aculo.us to 1.8.0 preview 0. *sam, madrobby*
1677
1678
* Dispatcher: fix that to_prepare should only run once in production. #9889 *Nathaniel Talbott*
1679
1680
* Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. #9823 *kamk*
1681
1682
* error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and "<count> errors prohibited this <object_name> from being saved". #8270 *rmm5t, zach-inglis-lt3*
1683
1684
* Make sure that custom inflections are picked up by map.resources. #9815 *Mislav Marohnić*
1685
1686
* Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call *David Heinemeier Hansson*
1687
1688
* Extracted sanitization methods from TextHelper to SanitizeHelper *David Heinemeier Hansson*
1689
1690
* rescue_from accepts :with => lambda { |exception| ... } or a normal block. #9827 *Pratik Naik*
1691
1692
* Add :status to redirect_to allowing users to choose their own response code without manually setting headers. #8297 *Coda Hale, chasgrundy*
1693
1694
* Add link_to :back which uses your referrer with a fallback to a javascript link. #7366 *eventualbuddha, Tarmo Tänav*
1695
1696
* error_messages_for and friends also work with local variables. #9699 *Frederick Cheung*
1697
1698
* Fix url_for, redirect_to, etc. with :controller => :symbol instead of 'string'. #8562, #9525 *Justin Lynn, Tarmo Tänav, shoe*
1699
1700
* Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. *Rick Olson*
1701
1702
* Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config. *Rick Olson*
1703
1704
config.action_controller.optimise_named_routes = false
1705
1706
* ActionController::Routing::DynamicSegment#interpolation_chunk should call #to_s on all values before calling URI.escape. *Rick Olson*
1707
1708
* Only accept session ids from cookies, prevents session fixation attacks. *bradediger*
1709
1710
1711
## 2.0.0 Preview Release (September 29th, 2007) Includes duplicates of changes from 1.12.2 - 1.13.3 ##
1712
1713
* Fixed that render template did not honor exempt_from_layout #9698 *pezra*
1714
1715
* Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 *Rick Olson*
1716
1717
* Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 *Pratik Naik*
1718
1719
* Avoid calling is_missing on LoadErrors. Closes #7460. *ntalbott*
1720
1721
* Move Railties' Dispatcher to ActionController::Dispatcher, introduce before_ and after_dispatch callbacks, and warm up to non-CGI requests. *Jeremy Kemper*
1722
1723
* The tag helper may bypass escaping. *Jeremy Kemper*
1724
1725
* Cache asset ids. *Jeremy Kemper*
1726
1727
* Optimized named routes respect AbstractRequest.relative_url_root. #9612 *Daniel Morrison, Jeremy Kemper*
1728
1729
* Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public. #9449 *Norbert Crombach*
1730
1731
* Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. *Rick Olson*
1732
1733
* Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. *Rick Olson*
1734
1735
* Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. *Rick Olson, Pratik Naik, Jacques Distler*
1736
1737
This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
1738
Also applied updated versions of #strip_tags and #strip_links from #8877.
1739
1740
* Remove use of & logic operator. Closes #8114. *watson*
1741
1742
* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 *Ruy Asan*
1743
1744
* Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 *seth*
1745
1746
* Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 *Bounga*
1747
1748
* Added FormHelper#label. #8641, #9850 *jcoglan, Jarkko Laine*
1749
1750
* Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) *David Heinemeier Hansson*
1751
1752
* Prevent errors when generating routes for uncountable resources, (i.e. sheep where plural == singluar). map.resources :sheep now creates sheep_index_url for the collection and sheep_url for the specific item. *Michael Koziarski*
1753
1754
* Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks #8895 *Pratik Naik, Mark Somerville*
1755
1756
* Don't warn when a path segment precedes a required segment. Closes #9615. *Nicholas Seckar*
1757
1758
* Fixed CaptureHelper#content_for to work with the optional content parameter instead of just the block #9434 *sandofsky/wildchild*.
1760
* Added Mime::Type.register_alias for dealing with different formats using the same mime type *DHH*. Example:
1761
1762
class PostsController < ApplicationController
1763
before_filter :adjust_format_for_iphone
1764
1765
def index
1766
@posts = Post.find(:all)
1767
1768
respond_to do |format|
1769
format.html # => renders index.html.erb and uses "text/html" as the content type
1770
format.iphone # => renders index.iphone.erb and uses "text/html" as the content type