Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 6000 lines (3442 sloc) 305.31 kB
2e98e0f @rafaelfranca Fix CHANGELOG [ci skip]
rafaelfranca authored
1 ## Rails 3.2.9 (unreleased) ##
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
2
4b19855 @nashby correct handling of date selects when using both disabled and discard…
nashby authored
3 * Fix handling of date selects when using both disabled and discard options.
4 Fixes #7431.
5
6 *Vasiliy Ermolovich*
7
c091fae @rafaelfranca Merge pull request #7410 from sandeepravi/default_options_helper_value
rafaelfranca authored
8 * Fix select_tag when option_tags is nil.
9 Fixes #7404.
10
11 *Sandeep Ravichandran*
12
8e2a05b @sikachu Do not include application.js if it doesn't exists
sikachu authored
13 * `javascript_include_tag :all` will now not include `application.js` if the file does not exists. *Prem Sichanugrist*
14
2e04a34 @brainopia Update changelog to reflect support of cookie jar options for all
brainopia authored
15 * Support cookie jar options (e.g., domain :all) for all session stores.
16 Fixes GH#3047, GH#2483.
17
18 *Ravil Bayramgalin*
19
bccc35b @jeremy Backport 5c51cd0: #send_file leans on Rack::Sendfile to X-Accel-Redir…
jeremy authored
20 * Performance Improvement to send_file: Avoid having to pass an open file handle as the response body. Rack::Sendfile
21 will usually intercept the response and just uses the path directly, so no reason to open the file. This performance
22 improvement also resolves an issue with jRuby encodings, and is the reason for the backport, see issue #6844.
23
24 *Jeremy Kemper & Erich Menge*
25
2e98e0f @rafaelfranca Fix CHANGELOG [ci skip]
rafaelfranca authored
26
ddedf5d @spastorino Add release date to CHANGELOGs
spastorino authored
27 ## Rails 3.2.8 (Aug 9, 2012) ##
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
28
e91e4e8 @spastorino Do not mark strip_tags result as html_safe
spastorino authored
29 * There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
30 helper doesn't correctly handle malformed html. As a result an attacker can
31 execute arbitrary javascript through the use of specially crafted malformed
32 html.
33
34 *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
35
6d0526d @spastorino escape select_tag :prompt values
spastorino authored
36 * When a "prompt" value is supplied to the `select_tag` helper, the "prompt" value is not escaped.
37 If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
38 Vulnerable code will look something like this:
39 select_tag("name", options, :prompt => UNTRUSTED_INPUT)
40
41 *Santiago Pastorino*
2e98e0f @rafaelfranca Fix CHANGELOG [ci skip]
rafaelfranca authored
42
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
43 * Reverted the deprecation of `:confirm`. *Rafael Mendonça França*
44
45 * Reverted the deprecation of `:disable_with`. *Rafael Mendonça França*
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
46
e826a5c @rafaelfranca Revert "Deprecate `:mouseover` options for `image_tag` helper."
rafaelfranca authored
47 * Reverted the deprecation of `:mouseover` option to `image_tag`. *Rafael Mendonça França*
48
f50a5d2 @rafaelfranca Revert "Deprecate link_to_function and button_to_function helpers"
rafaelfranca authored
49 * Reverted the deprecation of `button_to_function` and `link_to_function` helpers.
50
51 *Rafael Mendonça França*
52
6764b7b @spastorino Add missing CHANGELOG entries
spastorino authored
53
d1b9cf2 @tenderlove updating release date
tenderlove authored
54 ## Rails 3.2.7 (Jul 26, 2012) ##
125dfdf @tenderlove updating changelogs
tenderlove authored
55
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
56 * Do not convert digest auth strings to symbols. CVE-2012-3424
57
58 * Bump Journey requirements to 1.0.4
59
60 * Add support for optional root segments containing slashes
125dfdf @tenderlove updating changelogs
tenderlove authored
61
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
62 * Fixed bug creating invalid HTML in select options
125dfdf @tenderlove updating changelogs
tenderlove authored
63
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
64 * Show in log correct wrapped keys
125dfdf @tenderlove updating changelogs
tenderlove authored
65
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
66 * Fix NumberHelper options wrapping to prevent verbatim blocks being rendered instead of line continuations.
125dfdf @tenderlove updating changelogs
tenderlove authored
67
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
68 * ActionController::Metal doesn't have logger method, check it and then delegate
125dfdf @tenderlove updating changelogs
tenderlove authored
69
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
70 * ActionController::Caching depends on RackDelegation and AbstractController::Callbacks
125dfdf @tenderlove updating changelogs
tenderlove authored
71
72
8381d39 @tenderlove updating changelogs
tenderlove authored
73 ## Rails 3.2.6 (Jun 12, 2012) ##
8d4f63a @drogus Include routes.mounted_helpers into integration tests
drogus authored
74
ceb8ec3 @tenderlove updating changelogs with security fixes
tenderlove authored
75 * nil is removed from array parameter values
76
8381d39 @tenderlove updating changelogs
tenderlove authored
77 CVE-2012-2694
78
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
79 * Deprecate `:confirm` in favor of `':data => { :confirm => "Text" }'` option for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and `submit_tag` helpers.
80
81 *Carlos Galdino*
82
f550d4d @drogus Allow to use mounted helpers in ActionView::TestCase
drogus authored
83 * Allow to use mounted_helpers (helpers for accessing mounted engines) in ActionView::TestCase. *Piotr Sarnacki*
84
8d4f63a @drogus Include routes.mounted_helpers into integration tests
drogus authored
85 * Include mounted_helpers (helpers for accessing mounted engines) in ActionDispatch::IntegrationTest by default. *Piotr Sarnacki*
86
b13d89e @rafaelfranca Add release date of 3.2.5 on the CHANGELOG
rafaelfranca authored
87
88 ## Rails 3.2.5 (Jun 1, 2012) ##
89
90 * No changes.
91
92
d3e5d1c @tenderlove updating changelogs
tenderlove authored
93 ## Rails 3.2.4 (May 31, 2012) ##
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
94
616c91d @iHiD Deprecate old APIs for highlight, excerpt and word_wrap
iHiD authored
95 * Deprecate old APIs for highlight, excerpt and word_wrap *Jeremy Walker*
96
857697b @rafaelfranca Fix CHANGELOGS
rafaelfranca authored
97 * Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to`, `button_tag` and `submit_tag` helpers.
98
99 *Carlos Galdino + Rafael Mendonça França*
100
101 * Deprecate `:mouseover` option for `image_tag` helper. *Rafael Mendonça França*
1aff772 @rafaelfranca Deprecate `:mouseover` options for `image_tag` helper.
rafaelfranca authored
102
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
103 * Deprecate `button_to_function` and `link_to_function` helpers. *Rafael Mendonça França*
104
d3e5d1c @tenderlove updating changelogs
tenderlove authored
105 * Don't break Haml with textarea newline fix. GH #393, #4000, #5190, #5191
106
107 * Fix options handling on labels. GH #2492, #5614
108
109 * Added config.action_view.embed_authenticity_token_in_remote_forms to deal
110 with regression from 16ee611fa
111
112 * Set rendered_format when doing render :inline. GH #5632
113
114 * Fix the redirect when it receive blocks with arity of 1. Closes #5677
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
115
44aca7b @tenderlove adding security notifications to CHANGELOGs
tenderlove authored
116 * Strip [nil] from parameters hash. Thanks to Ben Murphy for
117 reporting this! CVE-2012-2660
118
b13d89e @rafaelfranca Add release date of 3.2.5 on the CHANGELOG
rafaelfranca authored
119
342b54a @rafaelfranca Add CHANGELOG entry.
rafaelfranca authored
120 ## Rails 3.2.3 (March 30, 2012) ##
8674823 @spastorino Add CHANGELOG entry
spastorino authored
121
beba826 @drogus Lazy load `default_form_builder` if it's passed as a string
drogus authored
122 * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
123
dd69076 @spastorino Add missing CHANGELOG entry
spastorino authored
124 * Fix #5632, render :inline set the proper rendered format. *Santiago Pastorino*
125
b395ca1 @spastorino Add missing CHANGELOG entry
spastorino authored
126 * Fix textarea rendering when using plugins like HAML. Such plugins encode the first newline character in the content. This issue was introduced in https://github.com/rails/rails/pull/5191 *James Coleman*
127
13fe190 @spastorino Remove the leading \n added by textarea on assert_select
spastorino authored
128 * Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
129
d646d9d @drogus Added config.action_view.embed_authenticity_token_in_remote_forms
drogus authored
130 * Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
131
16ee611 @dhh Do not include the authenticity token in forms where remote: true as …
dhh authored
132 * Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
133
520571a @spastorino Turn off verbose mode of rack-cache, we still have X-Rack-Cache to ch…
spastorino authored
134 * Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
135 check that info. Closes #5245. *Santiago Pastorino*
136
8674823 @spastorino Add CHANGELOG entry
spastorino authored
137 * Fix #5238, rendered_format is not set when template is not rendered. *Piotr Sarnacki*
138
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
139 * Upgrade rack-cache to 1.2. *José Valim*
140
141 * ActionController::SessionManagement is deprecated. *Santiago Pastorino*
142
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
143 * Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
144
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
145 * Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*
3bfd651 @vijaydev changelog updates [ci skip]
vijaydev authored
146
147 * Always pass a respond block from to responder. We should let the responder to decide what to do with the given overridden response block, and not short circuit it. *sikachu*
148
149 * Fixes layout rendering regression from 3.2.2. *José Valim*
8674823 @spastorino Add CHANGELOG entry
spastorino authored
150
db743ff @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
151
152 ## Rails 3.2.2 (March 1, 2012) ##
2e5ec3b @josevalim Merge check box fixes from remote-tracking branch 'cantonio/checkbox-…
josevalim authored
153
82d6ded @spastorino Fix CHANGELOG
spastorino authored
154 * Format lookup for partials is derived from the format in which the template is being rendered. Closes #5025 part 2 *Santiago Pastorino*
110b43c @spastorino Add CHANGELOG entry
spastorino authored
155
82d6ded @spastorino Fix CHANGELOG
spastorino authored
156 * Use the right format when a partial is missing. Closes #5025. *Santiago Pastorino*
b122968 @spastorino Add CHANGELOG entry
spastorino authored
157
567ac65 @sikachu Fix override API response bug in respond_with
sikachu authored
158 * Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
159
2e5ec3b @josevalim Merge check box fixes from remote-tracking branch 'cantonio/checkbox-…
josevalim authored
160 * check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
161 This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
162 *Tadas Tamosauskas*
163
8674823 @spastorino Add CHANGELOG entry
spastorino authored
164
97e8d1d @fxn CHANGELOG revision for v3.2.1
fxn authored
165 ## Rails 3.2.1 (January 26, 2012) ##
166
167 * Documentation improvements.
168
169 * Allow `form.select` to accept ranges (regression). *Jeremy Walker*
170
171 * `datetime_select` works with -/+ infinity dates. *Joe Van Dyk*
172
173
f36dcaf @dhh Preparing for 3.2.0 release
dhh authored
174 ## Rails 3.2.0 (January 20, 2012) ##
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
175
ae7037e @guilleiguaran Update CHANGELOG and docs for config.assets.logger
guilleiguaran authored
176 * Setting config.assets.logger to false turn off Sprockets logger *Guillermo Iguaran*
177
ed0f0ad @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
178 * Add `config.action_dispatch.default_charset` to configure default charset for ActionDispatch::Response. *Carlos Antonio da Silva*
179
180 * Deprecate setting default charset at controller level, use the new `config.action_dispatch.default_charset` instead. *Carlos Antonio da Silva*
181
182 * Deprecate ActionController::UnknownAction in favour of AbstractController::ActionNotFound. *Carlos Antonio da Silva*
183
184 * Deprecate ActionController::DoubleRenderError in favour of AbstractController::DoubleRenderError. *Carlos Antonio da Silva*
185
186 * Deprecate method_missing handling for not found actions, use action_missing instead. *Carlos Antonio da Silva*
187
188 * Deprecate ActionController#rescue_action, ActionController#initialize_template_class, and ActionController#assign_shortcuts.
189 These methods were not being used internally anymore and are going to be removed in Rails 4. *Carlos Antonio da Silva*
190
c4c6beb @rafaelfranca Add option to configure Sprockets logger
rafaelfranca authored
191 * Add config.assets.logger to configure Sprockets logger *Rafael França*
192
c159b01 @spastorino Use a BodyProxy instead of including a Module that responds to close.
spastorino authored
193 * Use a BodyProxy instead of including a Module that responds to
194 close. Closes #4441 if Active Record is disabled assets are delivered
195 correctly *Santiago Pastorino*
196
6f48fb3 @spastorino Add CHANGELOG entry
spastorino authored
197 * Rails initialization with initialize_on_precompile = false should set assets_dir *Santiago Pastorino*
198
0d7d3a6 @spastorino Add font_path helper method
spastorino authored
199 * Add font_path helper method *Santiago Pastorino*
200
a0fd9fb @spastorino Add CHANGELOG entry
spastorino authored
201 * Depends on rack ~> 1.4.0 *Santiago Pastorino*
202
fc42998 @josevalim Update CHANGELOGs.
josevalim authored
203 * Add :gzip option to `caches_page`. The default option can be configured globally using `page_cache_compression` *Andrey Sitnik*
204
6481bc5 @josevalim Update CHANGELOGs and guides.
josevalim authored
205 * The ShowExceptions middleware now accepts a exceptions application that is responsible to render an exception when the application fails. The application is invoked with a copy of the exception in `env["action_dispatch.exception"]` and with the PATH_INFO rewritten to the status code. *José Valim*
206
3f65e7f @wfarr Add button_tag support to ActionView::Helpers::FormBuilder.
wfarr authored
207 * Add `button_tag` support to ActionView::Helpers::FormBuilder.
208
209 This support mimics the default behavior of `submit_tag`.
210
211 Example:
212
213 <%= form_for @post do |f| %>
214 <%= f.button %>
215 <% end %>
216
ed0f0ad @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
217 * Date helpers accept a new option, `:use_two_digit_numbers = true`, that renders select boxes for months and days with a leading zero without changing the respective values.
dc43e40 @DevL Added :use_two_digit_numbers option [Lennart Fridén & Kim Persson]
DevL authored
218 For example, this is useful for displaying ISO8601-style dates such as '2011-08-01'. *Lennart Fridén and Kim Persson*
219
22a6079 @dhh Make ActiveSupport::Benchmarkable a default module for ActionControll…
dhh authored
220 * Make ActiveSupport::Benchmarkable a default module for ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be *DHH*
221
5ad5215 @josevalim Deprecate implicit layout lookup in favor of inheriting the _layout c…
josevalim authored
222 * Deprecated implied layout lookup in controllers whose parent had a explicit layout set:
223
224 class ApplicationController
225 layout "application"
226 end
227
228 class PostsController < ApplicationController
229 end
230
231 In the example above, Posts controller will no longer automatically look up for a posts layout.
232
233 If you need this functionality you could either remove `layout "application"` from ApplicationController or explicitly set it to nil in PostsController. *José Valim*
234
18ceed2 @sikachu Allow layout fallback when using `layout` method
sikachu authored
235 * Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. *Prem Sichanugrist*
236
237 For example, consider this snippet:
238
239 class CarsController
240 layout 'single_car', :only => :show
241 end
242
243 Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
244
e29773f @nashby form_for with +:as+ option uses "action_as" as css class and id
nashby authored
245 * form_for with +:as+ option uses "#{action}_#{as}" as css class and id:
246
247 Before:
248
249 form_for(@user, :as => 'client') # => "<form class="client_new">..."
250
251 Now:
252
253 form_for(@user, :as => 'client') # => "<form class="new_client">..."
254
255 *Vasiliy Ermolovich*
256
07f90f6 @josevalim Merge branch 'exceptions' with the following features:
josevalim authored
257 * Allow rescue responses to be configured through a railtie as in `config.action_dispatch.rescue_responses`. Please look at ActiveRecord::Railtie for an example *José Valim*
258
218c272 @dhh Allow fresh_when/stale? to take a record instead of an options hash […
dhh authored
259 * Allow fresh_when/stale? to take a record instead of an options hash *DHH*
260
1e51cd9 @josevalim Update CHANGELOG.
josevalim authored
261 * Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
262
263 * Log "Filter chain halted as CALLBACKNAME rendered or redirected" every time a before callback halts *José Valim*
38ab982 @josevalim Log 'Filter chain halted as CALLBACKNAME rendered or redirected' ever…
josevalim authored
264
2559256 @nashby update CHANGELOG
nashby authored
265 * You can provide a namespace for your form to ensure uniqueness of id attributes on form elements.
266 The namespace attribute will be prefixed with underscore on the generate HTML id. *Vasiliy Ermolovich*
267
268 Example:
269
270 <%= form_for(@offer, :namespace => 'namespace') do |f| %>
271 <%= f.label :version, 'Version' %>:
272 <%= f.text_field :version %>
273 <% end %>
274
654df86 @josevalim Show detailed exceptions no longer returns true if the request is loc…
josevalim authored
275 * Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
3a1d519 @lest deprecation warning, changelog entry
lest authored
276
654df86 @josevalim Show detailed exceptions no longer returns true if the request is loc…
josevalim authored
277 It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
3a1d519 @lest deprecation warning, changelog entry
lest authored
278
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
279 * Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
280
281 * Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog *DHH*
282
283 * Limit the number of options for select_year to 1000.
284
285 Pass the :max_years_allowed option to set your own limit.
286
287 *Libo Cannici*
288
289 * Passing formats or handlers to render :template and friends is deprecated. For example: *Nick Sutterer & José Valim*
290
291 render :template => "foo.html.erb"
292
293 Instead, you can provide :handlers and :formats directly as option:
294 render :template => "foo", :formats => [:html, :js], :handlers => :erb
295
296 * Changed log level of warning for missing CSRF token from :debug to :warn. *Mike Dillon*
297
298 * content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block *Prem Sichanugrist*
299
300 So instead of having to do this:
301
302 @items.each do |item|
303 content_tag_for(:li, item) do
304 Title: <%= item.title %>
305 end
306 end
307
308 You can now do this:
309
310 content_tag_for(:li, @items) do |item|
311 Title: <%= item.title %>
312 end
313
314 * send_file now guess the mime type *Esad Hajdarevic*
315
316 * Mime type entries for PDF, ZIP and other formats were added *Esad Hajdarevic*
317
318 * Generate hidden input before select with :multiple option set to true.
319 This is useful when you rely on the fact that when no options is set,
320 the state of select will be sent to rails application. Without hidden field
321 nothing is sent according to HTML spec *Bogdan Gusiev*
322
323 * Refactor ActionController::TestCase cookies *Andrew White*
324
325 Assigning cookies for test cases should now use cookies[], e.g:
326
327 cookies[:email] = 'user@example.com'
328 get :index
329 assert_equal 'user@example.com', cookies[:email]
330
331 To clear the cookies, use clear, e.g:
332
333 cookies.clear
334 get :index
335 assert_nil cookies[:email]
336
337 We now no longer write out HTTP_COOKIE and the cookie jar is
338 persistent between requests so if you need to manipulate the environment
339 for your test you need to do it before the cookie jar is created.
340
677f968 Add information to the changelog about the changes to ActionControlle…
Jean-Francois Turcot authored
341 * ActionController::ParamsWrapper on ActiveRecord models now only wrap
342 attr_accessible attributes if they were set, if not, only the attributes
343 returned by the class method attribute_names will be wrapped. This fixes
344 the wrapping of nested attributes by adding them to attr_accessible.
345
9be2353 @spastorino Sync AP CHANGELOG with 3-1-stable
spastorino authored
346 ## Rails 3.1.4 (unreleased) ##
347
348 * Allow to use asset_path on named_routes aliasing RailsHelper's
349 asset_path to path_to_asset *Adrian Pike*
350
351 * Assets should use the request protocol by default or default to
352 relative if no request is available *Jonathan del Strother*
353
603a679 @jonleighton Don't html-escape the :count option to translate if it's a Numeric. F…
jonleighton authored
354 ## Rails 3.1.3 (unreleased) ##
355
356 * Fix using `tranlate` helper with a html translation which uses the `:count` option for
357 pluralization.
358
359 *Jon Leighton*
360
fc98811 @jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
jonleighton authored
361 ## Rails 3.1.2 (unreleased) ##
362
e8d57f3 @lest _html translation should escape interpolated arguments
lest authored
363 * Fix XSS security vulnerability in the `translate` helper method. When using interpolation
364 in combination with HTML-safe translations, the interpolated input would not get HTML
365 escaped. *GH 3664*
366
367 Before:
368
369 translate('foo_html', :something => '<script>') # => "...<script>..."
370
371 After:
372
373 translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
374
375 *Sergey Nartimov*
376
ca3b468 @jonleighton Sync changelog entry
jonleighton authored
377 * Upgrade sprockets dependency to ~> 2.1.0
378
da02f79 @jonleighton Sync CHANGELOGs from 3-1-stable
jonleighton authored
379 * Ensure that the format isn't applied twice to the cache key, else it becomes impossible
380 to target with expire_action.
381
382 *Christopher Meiklejohn*
383
384 * Swallow error when can't unmarshall object from session.
385
386 *Bruno Zanchet*
387
fc98811 @jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
jonleighton authored
388 * Implement a workaround for a bug in ruby-1.9.3p0 where an error would be raised
389 while attempting to convert a template from one encoding to another.
390
391 Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
392
393 The workaround is to load all conversions into memory ahead of time, and will
394 only happen if the ruby version is *exactly* 1.9.3p0. The hope is obviously that
395 the underlying problem will be resolved in the next patchlevel release of
396 1.9.3.
397
398 *Jon Leighton*
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
399
da02f79 @jonleighton Sync CHANGELOGs from 3-1-stable
jonleighton authored
400 * Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)
401
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
402 ## Rails 3.1.1 (unreleased) ##
403
404 * javascript_path and stylesheet_path now refer to /assets if asset pipelining
405 is on. [Santiago Pastorino]
406 * button_to support form option. Now you're able to pass for example
407 'data-type' => 'json'. [ihower]
408 * image_path and image_tag should use /assets if asset pipelining is turned
409 on. Closes #3126 [Santiago Pastorino and christos]
410 * Avoid use of existing precompiled assets during rake assets:precompile run.
411 Closes #3119 [Guillermo Iguaran]
412 * Copy assets to nondigested filenames too *Santiago Pastorino*
413
414 * Give precedence to `config.digest = false` over the existence of
415 manifest.yml asset digests [christos]
416 * escape options for the stylesheet_link_tag method *Alexey Vakhov*
417
418 * Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so
419 it works on Windows [cablegram]
420 * env var passed to process shouldn't be modified in process method. [Santiago
421 Pastorino]
422 * `rake assets:precompile` loads the application but does not initialize
423 it.
424 To the app developer, this means configuration add in
425 config/initializers/* will not be executed.
426 Plugins developers need to special case their initializers that are
427 meant to be run in the assets group by adding :group => :assets. *José Valim*
428
429 * Sprockets uses config.assets.prefix for asset_path *asee*
430
431 * FileStore key_file_path properly limit filenames to 255 characters. *phuibonhoa*
432
433 * Fix Hash#to_query edge case with html_safe strings. *brainopia*
434
435 * Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
436 Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. [Santiago Pastorino]
437 * Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. *Mark J. Titorenko*
438
439 * Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 *Guillermo Iguaran*
440
441 * Fix basic auth credential generation to not make newlines. GH #2882
442
443 * Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
444 Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. *Guillermo Iguaran*
445
446 * CookieJar is now Enumerable. Fixes #2795
447
448 * Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 *Guillermo Iguaran*
449
450 * Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 *Guillermo Iguaran*
451
452 * Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. *Guillermo Iguaran*
453
454
455 ## Rails 3.1.0 (August 30, 2011) ##
456
457 * Param values are `paramified` in controller tests. *David Chelimsky*
458
459 * x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. *Santiago Pastorino*
460
461 * The submit form helper does not generate an id "object_name_id" anymore. *fbrusatti*
462
463 * Make sure respond_with with :js tries to render a template in all cases *José Valim*
464
465 * json_escape will now return a SafeBuffer string if it receives SafeBuffer string *tenderlove*
466
467 * Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string *Prem Sichanugrist*
468
469 * Fix escape_js to work correctly with the new SafeBuffer restriction *Paul Gallagher*
470
471 * Brought back alternative convention for namespaced models in i18n *thoefer*
472
473 Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
474
475 * It is prohibited to perform a in-place SafeBuffer mutation *tenderlove*
476
477 The old behavior of SafeBuffer allowed you to mutate string in place via
478 method like `sub!`. These methods can add unsafe strings to a safe buffer,
479 and the safe buffer will continue to be marked as safe.
480
481 An example problem would be something like this:
482
483 <%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
484
485 In the above example, an untrusted string (`params[:xss]`) is added to the
486 safe buffer returned by `link_to`, and the untrusted content is successfully
487 sent to the client without being escaped. To prevent this from happening
488 `sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
489
490 In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
491
492 <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
493
494 The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
495
496 You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
497
498 * Warn if we cannot verify CSRF token authenticity *José Valim*
499
500 * Allow AM/PM format in datetime selectors *Aditya Sanghi*
501
502 * Only show dump of regular env methods on exception screen (not all the rack crap) *DHH*
503
504 * auto_link has been removed with no replacement. If you still use auto_link
505 please install the rails_autolink gem:
506 http://github.com/tenderlove/rails_autolink
507
508 *tenderlove*
509
510 * Added streaming support, you can enable it with: *José Valim*
511
512 class PostsController < ActionController::Base
513 stream :only => :index
514 end
515
516 Please read the docs at `ActionController::Streaming` for more information.
517
518 * Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter *José Valim*
519
520 * Created `ActionView::Renderer` and specified an API for `ActionView::Context`, check those objects for more information *José Valim*
521
522 * Added `ActionController::ParamsWrapper` to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default *Prem Sichanugrist*
523
524 This can be customized by setting `ActionController::Base.wrap_parameters` in `config/initializer/wrap_parameters.rb`
525
526 * RJS has been extracted out to a gem. *fxn*
527
528 * Implicit actions named not_implemented can be rendered. *Santiago Pastorino*
529
530 * Wildcard route will always match the optional format segment by default. *Prem Sichanugrist*
531
532 For example if you have this route:
533
534 match '*pages' => 'pages#show'
535
536 by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
537
538 match '*pages' => 'pages#show', :format => false
539
540 * Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call *DHH*
541
542 class PostsController < ApplicationController
543 USER_NAME, PASSWORD = "dhh", "secret"
544
545 before_filter :authenticate, :except => [ :index ]
546
547 def index
548 render :text => "Everyone can see me!"
549 end
550
551 def edit
552 render :text => "I'm only accessible if you know the password"
553 end
554
555 private
556 def authenticate
557 authenticate_or_request_with_http_basic do |user_name, password|
558 user_name == USER_NAME && password == PASSWORD
559 end
560 end
561 end
562
563 ..can now be written as
564
565 class PostsController < ApplicationController
566 http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
567
568 def index
569 render :text => "Everyone can see me!"
570 end
571
572 def edit
573 render :text => "I'm only accessible if you know the password"
574 end
575 end
576
577 * Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. *DHH and Prem Sichanugrist*
578
579 * Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash *DHH*
580
581 form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })
582
583 * Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper *DHH*
584
585 * Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
586
587 * URL parameters which return false for to_param now appear in the query string (previously they were removed) *Andrew White*
588
589 * URL parameters which return nil for to_param are now removed from the query string *Andrew White*
590
591 * ActionDispatch::MiddlewareStack now uses composition over inheritance. It is
592 no longer an array which means there may be methods missing that were not tested.
593 * Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). *Jakub Kuźma, Igor Wiedler*
594
595 * HTML5 button_tag helper. *Rizwan Reza*
596
597 * Template lookup now searches further up in the inheritance chain. *Artemave*
598
599 * Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. *Piotr Sarnacki*
600
601 * url_for and named url helpers now accept :subdomain and :domain as options, *Josh Kalderimis*
602
603 * The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). *Josh Kalderimis*
604
605 * Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). *Piotr Sarnacki*
606
607 * Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
608
609 tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
610 # => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
611
612 Keys are dasherized. Values are JSON-encoded, except for strings and symbols. *Stephen Celis*
613
614 * Deprecate old template handler API. The new API simply requires a template handler to respond to call. *José Valim*
615
616 * :rhtml and :rxml were finally removed as template handlers. *José Valim*
617
618 * Moved etag responsibility from ActionDispatch::Response to the middleware stack. *José Valim*
619
620 * Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. *José Valim*
621
622 * file_field automatically adds :multipart => true to the enclosing form. *Santiago Pastorino*
623
624 * Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. *fxn*
625
626 * Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. *Yehuda Katz, Carl Lerche*
627
628
629 ## Rails 3.0.7 (April 18, 2011) ##
630
631 * No changes.
632
633
634 * Rails 3.0.6 (April 5, 2011)
635
636 * Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
637 html safe. Please make sure that calls to auto_link() are wrapped in a
638 sanitize(), or a raw() depending on the type of input passed to auto_link().
639 For example:
640
641 <%= sanitize(auto_link(some_user_input)) %>
642
643 Thanks to Torben Schulz for reporting this. The fix can be found here:
644 61ee3449674c591747db95f9b3472c5c3bd9e84d
645
646 * Fixes the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default *Prem Sichanugrist*
647
648 * Fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 *Josh Kalderimis*
649
650 * Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
651
652 * URL parameters which return nil for to_param are now removed from the query string *Andrew White*
653
654 * Don't allow i18n to change the minor version, version now set to ~> 0.5.0 *Santiago Pastorino*
655
656 * Make TranslationHelper#translate use the :rescue_format option in I18n 0.5.0 *Sven Fuchs*
657
658 * Fix regression: javascript_include_tag shouldn't raise if you register an expansion key with nil or [] value *Santiago Pastorino*
659
660 * Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body. *Cheah Chu Yeow*
661
662
663 ## Rails 3.0.5 (February 26, 2011) ##
664
665 * No changes.
666
667
668 ## Rails 3.0.4 (February 8, 2011) ##
669
670 * No changes.
671
672
673 ## Rails 3.0.3 (November 16, 2010) ##
674
675 * When ActiveRecord::Base objects are sent to predicate methods, the id of the object should be sent to ARel, not the ActiveRecord::Base object.
676
677 * :constraints routing should only do sanity checks against regular expressions. String arguments are OK.
678
679
680 ## Rails 3.0.2 (November 15, 2010) ##
681
682 * The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. *Don Wilson*
683
684
685 ## Rails 3.0.1 (October 15, 2010) ##
686
687 * No Changes, just a version bump.
688
689
690 ## Rails 3.0.0 (August 29, 2010) ##
691
692 * password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) *Santiago Pastorino*
693
694 * Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. *José Valim*
695
696 * Add clear_helpers as a way to clean up all helpers added to this controller, maintaining just the helper with the same name as the controller. *José Valim*
697
698 * Support routing constraints in functional tests. *Andrew White*
699
700 * Add a header that tells Internet Explorer (all versions) to use the best available standards support. *Yehuda Katz*
701
702 * Allow stylesheet/javascript extensions to be changed through railties. *Josh Kalderimis*
703
704 * link_to, button_to, and tag/tag_options now rely on html_escape instead of escape_once. *fxn*
705
706 * url_for returns always unescaped strings, and the :escape option is gone. *fxn*
707
708 * Added accept-charset parameter and _snowman hidden field to force the contents
709 of Rails POSTed forms to be in UTF-8 *Yehuda Katz*
710
711 * Upgrade to Rack 1.2.1 *Jeremy Kemper*
712
713 * Allow :path to be given to match/get/post/put/delete instead of :path_names in the new router *Carlos Antônio da Silva*
714
715 * Added resources_path_names to the new router DSL *José Valim*
716
717 * Allow options to be given to the namespace method in the new router *Carlos Antônio da Silva*
718
719 * Deprecate :name_prefix in the new router DSL *José Valim*
720
721 * Add shallow routes back to the new router *Diego Carrion, Andrew White*
722
723 resources :posts do
724 shallow do
725 resources :comments
726 end
727 end
728
729 You can now use comment_path for /comments/1 instead of post_comment_path for /posts/1/comments/1.
730
731 * Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 *Guillermo Álvarez*
732
733 * Removed textilize, textilize_without_paragraph and markdown helpers. *Santiago Pastorino*
734
735 * Remove middleware laziness *José Valim*
736
737 * Make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean. *José Valim*
738
739 * OAuth 2: HTTP Token Authorization support to complement Basic and Digest Authorization. *Rick Olson*
740
741 * Fixed inconsistencies in form builder and view helpers #4432 *Neeraj Singh*
742
743 * Both :xml and :json renderers now forwards the given options to the model, allowing you to invoke them as render :xml => @projects, :include => :tasks *José Valim, Yehuda Katz*
744
745 * Renamed the field error CSS class from fieldWithErrors to field_with_errors for consistency. *Jeremy Kemper*
746
747 * Add support for shorthand routes like /projects/status(.:format) #4423 *Diego Carrion*
748
749 * Changed translate helper so that it doesn’t mark every translation as safe HTML. Only keys with a "_html" suffix and keys named "html" are considered to be safe HTML. All other translations are left untouched. *Craig Davey*
750
751 * New option :as added to form_for allows to change the object name. The old <% form_for :client, @post %> becomes <% form_for @post, :as => :client %> *spastorino*
752
753 * Removed verify method in controllers. *JV*
754 It's now available as a plugin at http://github.com/rails/verification
755
756 * Removed input, form, error_messages_for and error_message_on from views. *JV*
757 It's now available as a plugin at http://github.com/rails/dynamic_form
758
759 * Routes can be scoped by controller module. *Jeremy Kemper*
760
761 # /session => Auth::SessionsController
762 scope :module => 'auth' do
763 resource :session
764 end
765
766 * Added #favicon_link_tag, it uses #image_path so in particular the favicon gets an asset ID *fxn*
767
768 * Fixed that default locale templates should be used if the current locale template is missing *DHH*
769
770 * Added all the new HTML5 form types as individual form tag methods (search, url, number, etc) #3646 *Stephen Celis*
771
772 * Changed the object used in routing constraints to be an instance of
773 ActionDispatch::Request rather than Rack::Request *YK*
774
775 * Changed ActionDispatch::Request#method to return a String, to be compatible
776 with Rack::Request. Added ActionDispatch::Request#method_symbol to
777 return a symbol form of the request method. *YK*
778
779 * Changed ActionDispatch::Request#method to return the original
780 method and #request_method to return the overridden method in the
781 case of methodoverride being used (this means that #method returns
782 "HEAD" and #request_method returns "GET" in HEAD requests). This
783 is for compatibility with Rack::Request *YK*
784
785 * #concat is now deprecated in favor of using <%= %> helpers *YK*
786
787 * Block helpers now return Strings, so you can use <%= form_for @foo do |f| %>.
788 <% form_for do |f| %> still works with deprecation notices *YK*
789
790 * Add a new #mount method on the router that does not anchor the PATH_INFO
791 at the end *YK & CL*
792
793 * Create a new LookupContext object that is responsible for performantly
794 finding a template for a given pattern *JV*
795
796 * Removed relative_url_for in favor of respecting SCRIPT_NAME *YK & CL*
797
798 * Changed file streaming to use Rack::Sendfile middleware *YK*
799
800 * ActionDispatch::Request#content_type returns a String to be compatible with
801 Rack::Request. Use #content_mime_type for the Mime::Type instance *YK*
802
803 * Updated Prototype to 1.6.1 and Scriptaculous to 1.8.3 *ML*
804
805 * Change the preferred way that URL helpers are included into a class*YK & CL*
806
807 # for all helpers including named routes
808 include Rails.application.router.url_helpers
809
810 # for just url_for
811 include Rails.application.router.url_for
812
813 * Fixed that PrototypeHelper#update_page should return html_safe *DHH*
814
815 * Fixed that much of DateHelper wouldn't return html_safe? strings *DHH*
816
817 * Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) *DHH*
818
819 * Added that ActionController::Base now does helper :all instead of relying on the default ApplicationController in Rails to do it *DHH*
820
821 * Added ActionDispatch::Request#authorization to access the http authentication header regardless of its proxy hiding *DHH*
822
823 * Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that'll automatically set the proper flash before the redirection [DHH]. Examples:
824
825 flash[:notice] = 'Post was created'
826 redirect_to(@post)
827
828 ...becomes:
829
830 redirect_to(@post, :notice => 'Post was created')
831
832 * Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= *DHH*
833
834
835 * Introduce grouped_collection_select helper. #1249 *Dan Codeape, Erik Ostrom*
836
837 * Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls. #1664 *Matthew Rudy Jacobs*
838
839 * Ruby 1.9: fix Content-Length for multibyte send_data streaming. #2661 *Sava Chankov*
840
841 * Ruby 1.9: ERB template encoding using a magic comment at the top of the file. *Jeremy Kemper*
842 <%# encoding: utf-8 %>
843
844 * Change integration test helpers to accept Rack environment instead of just HTTP Headers *Pratik Naik*
845
846 Before : get '/path', {}, 'Accept' => 'text/javascript'
847 After : get '/path', {}, 'HTTP_ACCEPT' => 'text/javascript'
848
849 * Instead of checking Rails.env.test? in Failsafe middleware, check env["rails.raise_exceptions"] *Bryan Helmkamp*
850
851 * Fixed that TestResponse.cookies was returning cookies unescaped #1867 *Doug McInnes*
852
853
854 ## 2.3.2 Final (March 15, 2009) ##
855
856 * Fixed that redirection would just log the options, not the final url (which lead to "Redirected to #<Post:0x23150b8>") *DHH*
857
858 * Don't check authenticity tokens for any AJAX requests *Ross Kaffenberger/Bryan Helmkamp*
859
860 * Added ability to pass in :public => true to fresh_when, stale?, and expires_in to make the request proxy cachable #2095 *Gregg Pollack*
861
862 * Fixed that passing a custom form builder would be forwarded to nested fields_for calls #2023 *Eloy Duran/Nate Wiger*
863
864 * Form option helpers now support disabled option tags and the use of lambdas for selecting/disabling option tags from collections #837 *Tekin*
865
866 * Added partial scoping to TranslationHelper#translate, so if you call translate(".foo") from the people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo") *DHH*
867
868 * Fix a syntax error in current_page?() that was prevent matches against URL's with multiple query parameters #1385, #1868 *chris finne/Andrew White*
869
870 * Added localized rescue template when I18n.locale is set (ex: public/404.da.html) #1835 *José Valim*
871
872 * Make the form_for and fields_for helpers support the new Active Record nested update options. #1202 *Eloy Duran*
873
874 <% form_for @person do |person_form| %>
875 ...
876 <% person_form.fields_for :projects do |project_fields| %>
877 <% if project_fields.object.active? %>
878 Name: <%= project_fields.text_field :name %>
879 <% end %>
880 <% end %>
881 <% end %>
882
883
884 * Added grouped_options_for_select helper method for wrapping option tags in optgroups. #977 *Jon Crawford*
885
886 * Implement HTTP Digest authentication. #1230 [Gregg Kellogg, Pratik Naik] Example :
887
888 class DummyDigestController < ActionController::Base
889 USERS = { "lifo" => 'world' }
890
891 before_filter :authenticate
892
893 def index
894 render :text => "Hello Secret"
895 end
896
897 private
898
899 def authenticate
900 authenticate_or_request_with_http_digest("Super Secret") do |username|
901 # Return the user's password
902 USERS[username]
903 end
904 end
905 end
906
907 * Improved i18n support for the number_to_human_size helper. Changes the storage_units translation data; update your translations accordingly. #1634 *Yaroslav Markin*
908 storage_units:
909 # %u is the storage unit, %n is the number (default: 2 MB)
910 format: "%n %u"
911 units:
912 byte:
913 one: "Byte"
914 other: "Bytes"
915 kb: "KB"
916 mb: "MB"
917 gb: "GB"
918 tb: "TB"
919
920 * Added :silence option to BenchmarkHelper#benchmark and turned log_level into a hash parameter and deprecated the old use *DHH*
921
922 * Fixed the AssetTagHelper cache to use the computed asset host as part of the cache key instead of just assuming the its a string #1299 *DHH*
923
924 * Make ActionController#render(string) work as a shortcut for render :file/:template/:action => string. [#1435] [Pratik Naik] Examples:
925
926 \# Instead of render(:action => 'other_action')
927 render('other_action') # argument has no '/'
928 render(:other_action)
929
930 \# Instead of render(:template => 'controller/action')
931 render('controller/action') # argument must not begin with a '/', but contain a '/'
932
933 \# Instead of render(:file => '/Users/lifo/home.html.erb')
934 render('/Users/lifo/home.html.erb') # argument must begin with a '/'
935
936 * Add :prompt option to date/time select helpers. #561 *Sam Oliver*
937
938 * Fixed that send_file shouldn't set an etag #1578 *Hongli Lai*
939
940 * Allow users to opt out of the spoofing checks in Request#remote_ip. Useful for sites whose traffic regularly triggers false positives. *Darren Boyd*
941
942 * Deprecated formatted_polymorphic_url. *Jeremy Kemper*
943
944 * Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) *David Heinemeier Hansson*
945
946 * Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) *David Heinemeier Hansson*
947
948 * Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 *aaronbatalion*
949
950 * Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. *Michael Koziarski*
951
952 * Allow helpers directory to be overridden via ActionController::Base.helpers_dir #1424 *Sam Pohlenz*
953
954 * Remove deprecated ActionController::Base#assign_default_content_type_and_charset
955
956 * Changed the default of ActionView#render to assume partials instead of files when not given an options hash [David Heinemeier Hansson]. Examples:
957
958 # Instead of <%= render :partial => "account" %>
959 <%= render "account" %>
960
961 # Instead of <%= render :partial => "account", :locals => { :account => @buyer } %>
962 <%= render "account", :account => @buyer %>
963
964 # @account is an Account instance, so it uses the RecordIdentifier to replace
965 # <%= render :partial => "accounts/account", :locals => { :account => @account } %>
966 <%= render(@account) %>
967
968 # @posts is an array of Post instances, so it uses the RecordIdentifier to replace
969 # <%= render :partial => "posts/post", :collection => @posts %>
970 <%= render(@posts) %>
971
972 * Remove deprecated render_component. Please use the plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
973
974 * Fixed RedCloth and BlueCloth shouldn't preload. Instead just assume that they're available if you want to use textilize and markdown and let autoload require them *David Heinemeier Hansson*
975
976
977 ## 2.2.2 (November 21st, 2008) ##
978
979 * I18n: translate number_to_human_size. Add storage_units: [Bytes, KB, MB, GB, TB] to your translations. #1448 *Yaroslav Markin*
980
981 * Restore backwards compatible functionality for setting relative_url_root. Include deprecation
982
983 * Switched the CSRF module to use the request content type to decide if the request is forgeable. #1145 *Jeff Cohen*
984
985 * Added :only and :except to map.resources to let people cut down on the number of redundant routes in an application. Typically only useful for huge routesets. #1215 *Tom Stuart*
986
987 map.resources :products, :only => :show do |product|
988 product.resources :images, :except => :destroy
989 end
990
991 * Added render :js for people who want to render inline JavaScript replies without using RJS *David Heinemeier Hansson*
992
993 * Fixed that polymorphic_url should compact given array #1317 *hiroshi*
994
995 * Fixed the sanitize helper to avoid double escaping already properly escaped entities #683 *antonmos/Ryan McGeary*
996
997 * Fixed that FormTagHelper generated illegal html if name contained square brackets #1238 *Vladimir Dobriakov*
998
999 * Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 *Bernardo Padua/Tor Erik*
1000
1001 * Simplified the logging format for parameters (don't include controller, action, and format as duplicates) *David Heinemeier Hansson*
1002
1003 * Remove the logging of the Session ID when the session store is CookieStore *David Heinemeier Hansson*
1004
1005 * Fixed regex in redirect_to to fully support URI schemes #1247 *Seth Fitzsimmons*
1006
1007 * Fixed bug with asset timestamping when using relative_url_root #1265 *Joe Goldwasser*
1008
1009
1010 ## 2.2.0 RC1 (October 24th, 2008) ##
1011
1012 * Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections *packagethief*
1013
1014 * Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [David Heinemeier Hansson]. Example:
1015
1016 class ArticlesController < ApplicationController
1017 def show_with_respond_to_block
1018 @article = Article.find(params[:id])
1019
1020
1021 # If the request sends headers that differs from the options provided to stale?, then
1022 # the request is indeed stale and the respond_to block is triggered (and the options
1023 # to the stale? call is set on the response).
1024 #
1025 # If the request headers match, then the request is fresh and the respond_to block is
1026 # not triggered. Instead the default render will occur, which will check the last-modified
1027 # and etag headers and conclude that it only needs to send a "304 Not Modified" instead
1028 # of rendering the template.
1029 if stale?(:last_modified => @article.published_at.utc, :etag => @article)
1030 respond_to do |wants|
1031 # normal response processing
1032 end
1033 end
1034 end
1035
1036 def show_with_implied_render
1037 @article = Article.find(params[:id])
1038
1039 # Sets the response headers and checks them against the request, if the request is stale
1040 # (i.e. no match of either etag or last-modified), then the default render of the template happens.
1041 # If the request is fresh, then the default render will return a "304 Not Modified"
1042 # instead of rendering the template.
1043 fresh_when(:last_modified => @article.published_at.utc, :etag => @article)
1044 end
1045 end
1046
1047
1048 * Added inline builder yield to atom_feed_helper tags where appropriate [Sam Ruby]. Example:
1049
1050 entry.summary :type => 'xhtml' do |xhtml|
1051 xhtml.p pluralize(order.line_items.count, "line item")
1052 xhtml.p "Shipped to #{order.address}"
1053 xhtml.p "Paid by #{order.pay_type}"
1054 end
1055
1056 * Make PrototypeHelper#submit_to_remote a wrapper around PrototypeHelper#button_to_remote. *Tarmo Tänav*
1057
1058 * Set HttpOnly for the cookie session store's cookie. #1046
1059
1060 * Added FormTagHelper#image_submit_tag confirm option #784 *Alastair Brunton*
1061
1062 * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 *Jose Fernandez*
1063
1064 * Stopped logging template compiles as it only clogs up the log *David Heinemeier Hansson*
1065
1066 * Changed the X-Runtime header to report in milliseconds *David Heinemeier Hansson*
1067
1068 * Changed BenchmarkHelper#benchmark to report in milliseconds *David Heinemeier Hansson*
1069
1070 * Changed logging format to be millisecond based and skip misleading stats [David Heinemeier Hansson]. Went from:
1071
1072 Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com]
1073
1074 ...to:
1075
1076 Completed in 100ms (View: 40, DB: 4) | 200 OK [http://example.com]
1077
1078 * Add support for shallow nesting of routes. #838 *S. Brent Faulkner*
1079
1080 Example :
1081
1082 map.resources :users, :shallow => true do |user|
1083 user.resources :posts
1084 end
1085
1086 - GET /users/1/posts (maps to PostsController#index action as usual)
1087 named route "user_posts" is added as usual.
1088
1089 - GET /posts/2 (maps to PostsController#show action as if it were not nested)
1090 Additionally, named route "post" is added too.
1091
1092 * Added button_to_remote helper. #3641 *Donald Piret, Tarmo Tänav*
1093
1094 * Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
1095
1096 * Routes may be restricted to lists of HTTP methods instead of a single method or :any. #407 *Brennan Dunn, Gaius Centus Novus*
1097 map.resource :posts, :collection => { :search => [:get, :post] }
1098 map.session 'session', :requirements => { :method => [:get, :post, :delete] }
1099
1100 * Deprecated implicit local assignments when rendering partials *Josh Peek*
1101
1102 * Introduce current_cycle helper method to return the current value without bumping the cycle. #417 *Ken Collins*
1103
1104 * Allow polymorphic_url helper to take url options. #880 *Tarmo Tänav*
1105
1106 * Switched integration test runner to use Rack processor instead of CGI *Josh Peek*
1107
1108 * Made AbstractRequest.if_modified_sense return nil if the header could not be parsed *Jamis Buck*
1109
1110 * Added back ActionController::Base.allow_concurrency flag *Josh Peek*
1111
1112 * AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root *Josh Peek*
1113
1114 * Update Prototype to 1.6.0.2 #599 *Patrick Joyce*
1115
1116 * Conditional GET utility methods. *Jeremy Kemper*
1117 response.last_modified = @post.updated_at
1118 response.etag = [:admin, @post, current_user]
1119
1120 if request.fresh?(response)
1121 head :not_modified
1122 else
1123 # render ...
1124 end
1125
1126 * All 2xx requests are considered successful *Josh Peek*
1127
1128 * Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run *David Heinemeier Hansson*
1129
1130 * Removed config.action_view.cache_template_loading, use config.cache_classes instead *Josh Peek*
1131
1132 * Get buffer for fragment cache from template's @output_buffer *Josh Peek*
1133
1134 * Set config.action_view.warn_cache_misses = true to receive a warning if you perform an action that results in an expensive disk operation that could be cached *Josh Peek*
1135
1136 * Refactor template preloading. New abstractions include Renderable mixins and a refactored Template class *Josh Peek*
1137
1138 * Changed ActionView::TemplateHandler#render API method signature to render(template, local_assigns = {}) *Josh Peek*
1139
1140 * Changed PrototypeHelper#submit_to_remote to PrototypeHelper#button_to_remote to stay consistent with link_to_remote (submit_to_remote still works as an alias) #8994 *clemens*
1141
1142 * Add :recursive option to javascript_include_tag and stylesheet_link_tag to be used along with :all. #480 *Damian Janowski*
1143
1144 * Allow users to disable the use of the Accept header *Michael Koziarski*
1145
1146 The accept header is poorly implemented by browsers and causes strange
1147 errors when used on public sites where crawlers make requests too. You can use formatted urls (e.g. /people/1.xml) to support API clients in a much simpler way.
1148 To disable the header you need to set:
1149 config.action_controller.use_accept_header = false
1150 * Do not stat template files in production mode before rendering. You will no longer be able to modify templates in production mode without restarting the server *Josh Peek*
1151
1152 * Deprecated TemplateHandler line offset *Josh Peek*
1153
1154 * Allow caches_action to accept cache store options. #416. [José Valim]. Example:
1155
1156 caches_action :index, :redirected, :if => Proc.new { |c| !c.request.format.json? }, :expires_in => 1.hour
1157
1158 * Remove define_javascript_functions, javascript_include_tag and friends are far superior. *Michael Koziarski*
1159
1160 * Deprecate :use_full_path render option. The supplying the option no longer has an effect *Josh Peek*
1161
1162 * Add :as option to render a collection of partials with a custom local variable name. #509 *Simon Jefford, Pratik Naik*
1163
1164 render :partial => 'other_people', :collection => @people, :as => :person
1165
1166 This will let you access objects of @people as 'person' local variable inside 'other_people' partial template.
1167
1168 * time_zone_select: support for regexp matching of priority zones. Resolves #195 *Ernie Miller*
1169
1170 * Made ActionView::Base#render_file private *Josh Peek*
1171
1172 * Refactor and simplify the implementation of assert_redirected_to. Arguments are now normalised relative to the controller being tested, not the root of the application. *Michael Koziarski*
1173
1174 This could cause some erroneous test failures if you were redirecting between controllers
1175 in different namespaces and wrote your assertions relative to the root of the application.
1176
1177 * Remove follow_redirect from controller functional tests.
1178
1179 If you want to follow redirects you can use integration tests. The functional test version was only useful if you were using redirect_to :id=>...
1180 * Fix polymorphic_url with singleton resources. #461 *Tammer Saleh*
1181
1182 * Replaced TemplateFinder abstraction with ViewLoadPaths *Josh Peek*
1183
1184 * Added block-call style to link_to [Sam Stephenson/David Heinemeier Hansson]. Example:
1185
1186 <% link_to(@profile) do %>
1187 <strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
1188 <% end %>
1189
1190 * Performance: integration test benchmarking and profiling. *Jeremy Kemper*
1191
1192 * Make caching more aware of mime types. Ensure request format is not considered while expiring cache. *Jonathan del Strother*
1193
1194 * Drop ActionController::Base.allow_concurrency flag *Josh Peek*
1195
1196 * More efficient concat and capture helpers. Remove ActionView::Base.erb_variable. *Jeremy Kemper*
1197
1198 * Added page.reload functionality. Resolves #277. *Sean Huber*
1199
1200 * Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) *Mark Imbriaco, Bradford Folkens*
1201
1202 * Allow caches_action to accept a layout option *José Valim*
1203
1204 * Added Rack processor *Ezra Zygmuntowicz, Josh Peek*
1205
1206
1207 ## 2.1.0 (May 31st, 2008) ##
1208
1209 * InstanceTag#default_time_from_options overflows to DateTime *Geoff Buesing*
1210
1211 * Fixed that forgery protection can be used without session tracking (Peter Jones) *#139*
1212
1213 * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) *#136*
1214
1215 * Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" *Rick Olson*
1216 * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap *Geoff Buesing*
1217
1218 * select_date defaults to Time.zone.today when config.time_zone is set *Geoff Buesing*
1219
1220 * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) *#80*
1221
1222 * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) *David Heinemeier Hansson*
1223
1224 * Reduce number of instance variables being copied from controller to view. *Pratik Naik*
1225
1226 * select_datetime and select_time default to Time.zone.now when config.time_zone is set *Geoff Buesing*
1227
1228 * datetime_select defaults to Time.zone.now when config.time_zone is set *Geoff Buesing*
1229
1230 * Remove ActionController::Base#view_controller_internals flag. *Pratik Naik*
1231
1232 * Add conditional options to caches_page method. *Paul Horsfall*
1233
1234 * Move missing template logic to ActionView. *Pratik Naik*
1235
1236 * Introduce ActionView::InlineTemplate class. *Pratik Naik*
1237
1238 * Automatically parse posted JSON content for Mime::JSON requests. *Rick Olson*
1239
1240 POST /posts
1241 {"post": {"title": "Breaking News"}}
1242
1243 def create
1244 @post = Post.create params[:post]
1245 # ...
1246 end
1247
1248 * add json_escape ERB util to escape html entities in json strings that are output in HTML pages. *Rick Olson*
1249
1250 * Provide a helper proxy to access helper methods from outside views. Closes #10839 *Josh Peek*
1251 e.g. ApplicationController.helpers.simple_format(text)
1252
1253 * Improve documentation. *Xavier Noria, leethal, jerome*
1254
1255 * Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 *Josh Peek, eventualbuddha, Pratik Naik*
1256
1257 * Support render :partial => collection of heterogeneous elements. #11491 *Zach Dennis*
1258
1259 * Avoid remote_ip spoofing. *Brian Candler*
1260
1261 * Added support for regexp flags like ignoring case in the :requirements part of routes declarations #11421 *NeilW*
1262
1263 * Fixed that ActionController::Base#read_multipart would fail if boundary was exactly 10240 bytes #10886 *ariejan*
1264
1265 * Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 *esad, packagethief*
1266
1267 * Improve documentation. *Ryan Bigg, Jan De Poorter, Cheah Chu Yeow, Xavier Shay, Jack Danger Canty, Emilio Tagua, Xavier Noria, Sunny Ripert*
1268
1269 * Fixed that FormHelper#radio_button would produce invalid ids #11298 *harlancrystal*
1270
1271 * Added :confirm option to submit_tag #11415 *Emilio Tagua*
1272
1273 * Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) *zhangyuanyi*
1274
1275 * Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 *François Beausoleil, Chris O'Sullivan*
1276
1277 * Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. *Rick Olson*
1278
1279 * Refactor filters to use Active Support callbacks. #11235 *Josh Peek*
1280
1281 * Fixed that polymorphic routes would modify the input array #11363 *thomas.lee*
1282
1283 * Added :format option to NumberHelper#number_to_currency to enable better localization support #11149 *lylo*
1284
1285 * Fixed that TextHelper#excerpt would include one character too many #11268 *Irfy*
1286
1287 * Fix more obscure nested parameter hash parsing bug. #10797 *thomas.lee*
1288
1289 * Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets. #10350 *lotswholetime*
1290
1291 * Fix nested parameter hash parsing bug. #10797 *thomas.lee*
1292
1293 * Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 *Eloy Duran*
1294
1295 * Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off *David Heinemeier Hansson*
1296
1297 * Make MimeResponds::Responder#any work without explicit types. Closes #11140 *jaw6*
1298
1299 * Better error message for type conflicts when parsing params. Closes #7962 *spicycode, matt*
1300
1301 * Remove unused ActionController::Base.template_class. Closes #10787 *Pratik Naik*
1302
1303 * Moved template handlers related code from ActionView::Base to ActionView::Template. *Pratik Naik*
1304
1305 * Tests for div_for and content_tag_for helpers. Closes #11223 *Chris O'Sullivan*
1306
1307 * Allow file uploads in Integration Tests. Closes #11091 *RubyRedRick*
1308
1309 * Refactor partial rendering into a PartialTemplate class. *Pratik Naik*
1310
1311 * Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block *David Heinemeier Hansson*
1312
1313 * Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 *Ernesto Jimenez*
1314
1315 * Remove support for multivalued (e.g., '&'-delimited) cookies. *Jamis Buck*
1316
1317 * Fix problem with render :partial collections, records, and locals. #11057 *lotswholetime*
1318
1319 * Added support for naming concrete classes in sweeper declarations *David Heinemeier Hansson*
1320
1321 * Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 *Tim Pope, Chris Kampmeier*
1322
1323 * Fix typo in form_helper documentation. #10650 *Xavier Shay, Chris Kampmeier*
1324
1325 * Fix bug with setting Request#format= after the getter has cached the value. #10889 *cch1*
1326
1327 * Correct inconsistencies in RequestForgeryProtection docs. #11032 *Mislav Marohnić*
1328
1329 * Introduce a Template class to ActionView. #11024 *Pratik Naik*
1330
1331 * Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). #9883 *rmm5t*
1332
1333 * Introduce map.resources :cards, :as => 'tarjetas' to use a custom resource name in the URL: cards_path == '/tarjetas'. #10578 *blj*
1334
1335 * TestSession supports indifferent access. #7372 *tamc, Arsen7, mhackett, julik, jean.helou*
1336
1337 * Make assert_routing aware of the HTTP method used. #8039 *mpalmer*
1338 e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
1339
1340 * Make map.root accept a single symbol as an argument to declare an alias. #10818 *bscofield*
1341
1342 e.g. map.dashboard '/dashboard', :controller=>'dashboard'
1343 map.root :dashboard
1344
1345 * Handle corner case with image_tag when passed 'messed up' image names. #9018 *Duncan Beevers, mpalmer*
1346
1347 * Add label_tag helper for generating elements. #10802 *DefV*
1348
1349 * Introduce TemplateFinder to handle view paths and lookups. #10800 *Pratik Naik*
1350
1351 * Performance: optimize route recognition. Large speedup for apps with many resource routes. #10835 *oleganza*
1352
1353 * Make render :partial recognise form builders and use the _form partial. #10814 *Damian Janowski*
1354
1355 * Allow users to declare other namespaces when using the atom feed helpers. #10304 *david.calavera*
1356
1357 * Introduce send_file :x_sendfile => true to send an X-Sendfile response header. *Jeremy Kemper*
1358
1359 * Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 *Jeremy Evans*
1360
1361 * Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. *Michael Koziarski*
1362
1363 * UrlWriter respects relative_url_root. #10748 *Cheah Chu Yeow*
1364
1365 * The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. #10549 *Cheah Chu Yeow, Peter B, Tom Taylor*
1366
1367 * Support render :text => nil. #6684 *tjennings, PotatoSalad, Cheah Chu Yeow*
1368
1369 * assert_response failures include the exception message. #10688 *Seth Rasmussen*
1370
1371 * All fragment cache keys are now by default prefixed with the "views/" namespace *David Heinemeier Hansson*
1372
1373 * Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore *David Heinemeier Hansson*
1374
1375 * Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store *David Heinemeier Hansson*
1376
1377 * Made fragment caching in views work for rjs and builder as well #6642 *Dee Zsombor*
1378
1379 * Fixed rendering of partials with layout when done from site layout #9209 *antramm*
1380
1381 * Fix atom_feed_helper to comply with the atom spec. Closes #10672 *Xavier Shay*
1382
1383 * The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html)
1384 * IDs are not guaranteed unique
1385 * A default self link was not provided, contrary to the documentation
1386 * NOTE: This changes tags for existing atom entries, but at least they validate now.
1387
1388 * Correct indentation in tests. Closes #10671 *Luca Guidi*
1389
1390 * Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 *Brad Greenlee*
1391
1392 * Ensure that test case setup is run even if overridden. #10382 *Josh Peek*
1393
1394 * Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes #10566 *wesley.moxam*
1395
1396 * Add :default option to time_zone_select. #10590 *Matt Aimonetti*
1397
1398
1399 ## 2.0.2 (December 16th, 2007) ##
1400
1401 * Added delete_via_redirect and put_via_redirect to integration testing #10497 *philodespotos*
1402
1403 * Allow headers['Accept'] to be set by hand when calling xml_http_request #10461 *BMorearty*
1404
1405 * Added OPTIONS to list of default accepted HTTP methods #10449 *holoway*
1406
1407 * Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 [Cheah Chu Yeow]. Example:
1408
1409 ActionController::Base.asset_host = Proc.new { |source|
1410 if source.starts_with?('/images')
1411 "http://images.example.com"
1412 else
1413 "http://assets.example.com"
1414 end
1415 }
1416
1417 * Fixed that ActionView#file_exists? would be incorrect if @first_render is set #10569 *dbussink*
1418
1419 * Added that Array#to_param calls to_param on all it's elements #10473 *brandon*
1420
1421 * Ensure asset cache directories are automatically created. #10337 *Josh Peek, Cheah Chu Yeow*
1422
1423 * render :xml and :json preserve custom content types. #10388 *jmettraux, Cheah Chu Yeow*
1424
1425 * Refactor Action View template handlers. #10437, #10455 *Josh Peek*
1426
1427 * Fix DoubleRenderError message and leave out mention of returning false from filters. Closes #10380 *Frederick Cheung*
1428
1429 * Clean up some cruft around ActionController::Base#head. Closes #10417 *ssoroka*
1430
1431
1432 ## 2.0.1 (December 7th, 2007) ##
1433
1434 * Fixed send_file/binary_content for testing #8044 *tolsen*
1435
1436 * When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 *Jack Danger Canty*
1437
1438 * Update Prototype to 1.6.0.1. *sam*
1439
1440 * Update script.aculo.us to 1.8.0.1. *madrobby*
1441
1442 * Add 'disabled' attribute to <OPTION> separators used in time zone and country selects. Closes #10354 *Josh Susser*
1443
1444 * Added the same record identification guessing rules to fields_for as form_for has *David Heinemeier Hansson*
1445
1446 * Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) *David Heinemeier Hansson*
1447
1448 * Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 *Tarmo Tänav*
1449
1450 * Update to Prototype -r8232. *sam*
1451
1452 * Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. [pager, Michael Koziarski] #10292
1453
1454 * Added protection from trailing slashes on page caching #10229 *devrieda*
1455
1456 * Asset timestamps are appended, not prepended. Closes #10276 *Mike Naberezny*
1457
1458 * Minor inconsistency in description of render example. Closes #10029 *ScottSchram*
1459
1460 * Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods. *Rick Olson*
1461
1462 * Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. *Rick Olson*
1463
1464 * Add deprecation for old subtemplate syntax for ActionMailer templates, use render :partial *Rick Olson*
1465
1466 * Fix TemplateError so it doesn't bomb on exceptions while running tests *Rick Olson*
1467
1468 * Fixed that named routes living under resources shouldn't have double slashes #10198 *Isaac Feliu*
1469
1470 * Make sure that cookie sessions use a secret that is at least 30 chars in length. *Michael Koziarski*
1471
1472 * Fixed that partial rendering should look at the type of the first render to determine its own type if no other clues are available (like when using text.plain.erb as the extension in AM) #10130 *java*
1473
1474 * Fixed that has_many :through associations should render as collections too #9051 *mathie/Jack Danger Canty*
1475
1476 * Added :mouseover short-cut to AssetTagHelper#image_tag for doing easy image swaps #6893 *joost*
1477
1478 * Fixed handling of non-domain hosts #9479 *purp*
1479
1480 * Fix syntax error in documentation example for cycle method. Closes #8735 *foca*
1481
1482 * Document :with option for link_to_remote. Closes #8765 *Ryan Bates*
1483
1484 * Document :minute_step option for time_select. Closes #8814 *brupm*
1485
1486 * Explain how to use the :href option for link_to_remote to degrade gracefully in the absence of JavaScript. Closes #8911 *vlad*
1487
1488 * Disambiguate :size option for text area tag. Closes #8955 *redbeard*
1489
1490 * Fix broken tag in assert_tag documentation. Closes #9037 *mfazekas*
1491
1492 * Add documentation for route conditions. Closes #9041 *innu, Manfred Stienstra*
1493
1494 * Fix typo left over from previous typo fix in url helper. Closes #9414 *Henrik N*
1495
1496 * Fixed that ActionController::CgiRequest#host_with_port() should handle standard port #10082 *moro*
1497
1498 * Update Prototype to 1.6.0 and script.aculo.us to 1.8.0. *sam, madrobby*
1499
1500 * Expose the cookie jar as a helper method (before the view would just get the raw cookie hash) *David Heinemeier Hansson*
1501
1502 * Integration tests: get_ and post_via_redirect take a headers hash. #9130 *simonjefford*
1503
1504 * Simplfy #view_paths implementation. ActionView templates get the exact object, not a dup. *Rick Olson*
1505
1506 * Update tests for ActiveSupport's JSON escaping change. *Rick Olson*
1507
1508 * FormHelper's auto_index should use #to_param instead of #id_before_type_cast. Closes #9994 *mattly*
1509
1510 * Doc typo fixes for ActiveRecordHelper. Closes #9973 *mikong*
1511
1512 * Make example parameters in restful routing docs idiomatic. Closes #9993 *Jack Danger Canty*
1513
1514 * Make documentation comment for mime responders match documentation example. Closes #9357 *yon*
1515
1516 * Introduce a new test case class for functional tests. ActionController::TestCase. *Michael Koziarski*
1517
1518 * Fix incorrect path in helper rdoc. Closes #9926 *viktor tron*
1519
1520 * Partials also set 'object' to the default partial variable. #8823 *Nick Retallack, Jeremy Kemper*
1521
1522 * Request profiler. *Jeremy Kemper*
1523 $ cat login_session.rb
1524 get_with_redirect '/'
1525 say "GET / => #{path}"
1526 post_with_redirect '/sessions', :username => 'john', :password => 'doe'
1527 say "POST /sessions => #{path}"
1528 $ ./script/performance/request -n 10 login_session.rb
1529
1530 * Disabled checkboxes don't submit a form value. #9301 *vladr, robinjfisher*
1531
1532 * Added tests for options to ActiveRecordHelper#form. Closes #7213 *richcollins, mikong, Mislav Marohnić*
1533
1534 * Changed before_filter halting to happen automatically on render or redirect but no longer on simply returning false *David Heinemeier Hansson*
1535
1536 * Ensure that cookies handle array values correctly. Closes #9937 *queso*
1537
1538 * Make sure resource routes don't clash with internal helpers like javascript_path, image_path etc. #9928 *Geoff Buesing*
1539
1540 * caches_page uses a single after_filter instead of one per action. #9891 *Pratik Naik*
1541
1542 * Update Prototype to 1.6.0_rc1 and script.aculo.us to 1.8.0 preview 0. *sam, madrobby*
1543
1544 * Dispatcher: fix that to_prepare should only run once in production. #9889 *Nathaniel Talbott*
1545
1546 * Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. #9823 *kamk*
1547
1548 * error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and "<count> errors prohibited this <object_name> from being saved". #8270 *rmm5t, zach-inglis-lt3*
1549
1550 * Make sure that custom inflections are picked up by map.resources. #9815 *Mislav Marohnić*
1551
1552 * Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call *David Heinemeier Hansson*
1553
1554 * Extracted sanitization methods from TextHelper to SanitizeHelper *David Heinemeier Hansson*
1555
1556 * rescue_from accepts :with => lambda { |exception| ... } or a normal block. #9827 *Pratik Naik*
1557
1558 * Add :status to redirect_to allowing users to choose their own response code without manually setting headers. #8297 *Coda Hale, chasgrundy*
1559
1560 * Add link_to :back which uses your referrer with a fallback to a javascript link. #7366 *eventualbuddha, Tarmo Tänav*
1561
1562 * error_messages_for and friends also work with local variables. #9699 *Frederick Cheung*
1563
1564 * Fix url_for, redirect_to, etc. with :controller => :symbol instead of 'string'. #8562, #9525 *Justin Lynn, Tarmo Tänav, shoe*
1565
1566 * Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. *Rick Olson*
1567
1568 * Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config. *Rick Olson*
1569
1570 config.action_controller.optimise_named_routes = false
1571
1572 * ActionController::Routing::DynamicSegment#interpolation_chunk should call #to_s on all values before calling URI.escape. *Rick Olson*
1573
1574 * Only accept session ids from cookies, prevents session fixation attacks. *bradediger*
1575
1576
1577 ## 2.0.0 Preview Release (September 29th, 2007) Includes duplicates of changes from 1.12.2 - 1.13.3 ##
1578
1579 * Fixed that render template did not honor exempt_from_layout #9698 *pezra*
1580
1581 * Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 *Rick Olson*
1582
1583 * Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 *Pratik Naik*
1584
1585 * Avoid calling is_missing on LoadErrors. Closes #7460. *ntalbott*
1586
1587 * Move Railties' Dispatcher to ActionController::Dispatcher, introduce before_ and after_dispatch callbacks, and warm up to non-CGI requests. *Jeremy Kemper*
1588
1589 * The tag helper may bypass escaping. *Jeremy Kemper*
1590
1591 * Cache asset ids. *Jeremy Kemper*
1592
1593 * Optimized named routes respect AbstractRequest.relative_url_root. #9612 *Daniel Morrison, Jeremy Kemper*
1594
1595 * Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public. #9449 *Norbert Crombach*
1596
1597 * Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. *Rick Olson*
1598
1599 * Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. *Rick Olson*
1600
1601 * Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. *Rick Olson, Pratik Naik, Jacques Distler*
1602
1603 This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
1604 Also applied updated versions of #strip_tags and #strip_links from #8877.
1605
1606 * Remove use of & logic operator. Closes #8114. *watson*
1607
1608 * Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 *Ruy Asan*
1609
1610 * Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 *seth*
1611
1612 * Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 *Bounga*
1613
1614 * Added FormHelper#label. #8641, #9850 *jcoglan, Jarkko Laine*
1615
1616 * Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) *David Heinemeier Hansson*
1617
1618 * Prevent errors when generating routes for uncountable resources, (i.e. sheep where plural == singluar). map.resources :sheep now creates sheep_index_url for the collection and sheep_url for the specific item. *Michael Koziarski*
1619
1620 * Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks #8895 *Pratik Naik, Mark Somerville*
1621
1622 * Don't warn when a path segment precedes a required segment. Closes #9615. *Nicholas Seckar*
1623
1624 * Fixed CaptureHelper#content_for to work with the optional content parameter instead of just the block #9434 [sandofsky/wildchild].
1625
1626 * Added Mime::Type.register_alias for dealing with different formats using the same mime type [David Heinemeier Hansson]. Example:
1627
1628 class PostsController < ApplicationController
1629 before_filter :adjust_format_for_iphone
1630
1631 def index
1632 @posts = Post.find(:all)
1633
1634 respond_to do |format|
1635 format.html # => renders index.html.erb and uses "text/html" as the content type
1636 format.iphone # => renders index.iphone.erb and uses "text/html" as the content type
1637 end
1638 end
1639
1640
1641 private
1642 def adjust_format_for_iphone
1643 if request.env["HTTP_USER_AGENT"] && request.env["HTTP_USER_AGENT"][/iPhone/]
1644 request.format = :iphone
1645 end
1646 end
1647 end
1648
1649 * Added that render :json will automatically call .to_json unless it's being passed a string [David Heinemeier Hansson].
1650
1651 * Autolink behaves well with emails embedded in URLs. #7313 *Jeremy McAnally, Tarmo Tänav*
1652
1653 * Fixed that default layouts did not take the format into account #9564 *Pratik Naik*
1654
1655 * Fixed optimized route segment escaping. #9562 *wildchild, Jeremy Kemper*
1656
1657 * Added block acceptance to JavaScriptHelper#javascript_tag. #7527 *Bob Silva, Tarmo Tänav, rmm5t*
1658
1659 * root_path returns '/' not ''. #9563 *Pratik Naik*
1660
1661 * Fixed that setting request.format should also affect respond_to blocks *David Heinemeier Hansson*
1662
1663 * Add option to force binary mode on tempfile used for fixture_file_upload. #6380 *Jonathan Viney*
1664
1665 * Fixed that resource namespaces wouldn't stick to all nested resources #9399 *pixeltrix*
1666
1667 * Moved ActionController::Macros::AutoComplete into the auto_complete plugin on the official Rails svn. #9512 *Pratik Naik*
1668
1669 * Moved ActionController::Macros::InPlaceEditing into the in_place_editor plugin on the official Rails svn. #9513 *Pratik Naik*
1670
1671 * Removed deprecated form of calling xml_http_request/xhr without the first argument being the http verb *David Heinemeier Hansson*
1672
1673 * Removed deprecated methods [David Heinemeier Hansson]:
1674
1675 - ActionController::Base#keep_flash (use flash.keep instead)
1676 - ActionController::Base#expire_matched_fragments (just call expire_fragment with a regular expression)
1677 - ActionController::Base.template_root/= methods (use ActionController#Base.view_paths/= instead)
1678 - ActionController::Base.cookie (use ActionController#Base.cookies[]= instead)
1679
1680 * Removed the deprecated behavior of appending ".png" to image_tag/image_path calls without an existing extension *David Heinemeier Hansson*
1681
1682 * Removed ActionController::Base.scaffold -- it went through the whole idea of scaffolding (card board walls you remove and tweak one by one). Use the scaffold generator instead (it does resources too now!) *David Heinemeier Hansson*
1683
1684 * Optimise named route generation when using positional arguments. *Michael Koziarski*
1685
1686 This change delivers significant performance benefits for the most
1687 common usage scenarios for modern rails applications by avoiding the
1688 costly trip through url_for. Initial benchmarks indicate this is
1689 between 6 and 20 times as fast.
1690
1691 * Explicitly require active_record/query_cache before using it. *Jeremy Kemper*
1692
1693 * Fix layout overriding response status. #9476 *lotswholetime*
1694
1695 * Add field_set_tag for generating field_sets, closes #9477. *Damian Janowski*
1696
1697 * Allow additional parameters to be passed to named route helpers when using positional arguments. Closes #8930 *Ian White*
1698
1699 * Make render :partial work with a :collection of Hashes, previously this wasn't possible due to backwards compatibility restrictions. *Pratik Naik*
1700
1701 * request.host works with IPv6 addresses. #9458 *yuya*
1702
1703 * Fix bug where action caching sets the content type to the ActionCachePath object. Closes #9282 *mindforge*
1704
1705 * Find layouts even if they're not in the first view_paths directory. Closes #9258 *caio*
1706
1707 * Major improvement to the documentation for the options / select form helpers. Closes #9038 *Chris Kampmeier, jardeon, wesg*
1708
1709 * Fix number_to_human_size when using different precisions. Closes #7536. *RichardStrand, mpalmer*
1710
1711 * Added partial layouts (see example in action_view/lib/partials.rb) *David Heinemeier Hansson*
1712
1713 * Allow you to set custom :conditions on resource routes. *Rick Olson*
1714
1715 * Fixed that file.content_type for uploaded files would include a trailing \r #9053 *Brad Greenlee*
1716
1717 * url_for now accepts a series of symbols representing the namespace of the record *Josh Knowles*
1718
1719 * Make :trailing_slash work with query parameters for url_for. Closes #4004 *nov*
1720
1721 * Make sure missing template exceptions actually say which template they were looking for. Closes #8683 *dasil003*
1722
1723 * Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 *Stefan Kaes*
1724
1725 After filters will *no longer* be run if an around_filter fails to yield, users relying on
1726 this behaviour are advised to put the code in question after a yield statement in an around filter.
1727
1728
1729 * Allow you to delete cookies with options. Closes #3685 *Josh Peek, Chris Wanstrath*
1730
1731 * Allow you to render views with periods in the name. Closes #8076 *Norbert Crombach*
1732
1733 render :partial => 'show.html.erb'
1734
1735 * Improve capture helper documentation. #8796 *Chris Kampmeier*
1736
1737 * Prefix nested resource named routes with their action name, e.g. new_group_user_path(@group) instead of group_new_user_path(@group). The old nested action named route is deprecated in Rails 1.2.4. #8558 *David Chelimsky*
1738
1739 * Allow sweepers to be created solely for expiring after controller actions, not model changes *David Heinemeier Hansson*
1740
1741 * Added assigns method to ActionController::Caching::Sweeper to easily access instance variables on the controller *David Heinemeier Hansson*
1742
1743 * Give the legacy X-POST_DATA_FORMAT header greater precedence during params parsing for backward compatibility. *Jeremy Kemper*
1744
1745 * Fixed that link_to with an href of # when using :method will not allow for click-through without JavaScript #7037 *Steven Bristol, Josh Peek*
1746
1747 * Fixed that radio_button_tag should generate unique ids #3353 *Bob Silva, Rebecca, Josh Peek*
1748
1749 * Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 *Mislav Marohnić*
1750
1751 * Don't mistakenly interpret the request uri as the query string. #8731 *Pratik Naik, Jeremy Kemper*
1752
1753 * Make ActionView#view_paths an attr_accessor for real this time. Also, don't perform an unnecessary #compact on the @view_paths array in #initialize. Closes #8582 *dasil003, julik, Rick Olson*
1754
1755 * Tolerate missing content type on multipart file uploads. Fix for Safari 3. *Jeremy Kemper*
1756
1757 * Deprecation: remove pagination. Install the classic_pagination plugin for forward compatibility, or move to the superior will_paginate plugin. #8157 *Josh Peek*
1758
1759 * Action caching is limited to GET requests returning 200 OK status. #3335 *tom@craz8.com, halfbyte, Dan Kubb, Josh Peek*
1760
1761 * Improve Text Helper test coverage. #7274 *Rob Sanheim, Josh Peek*
1762
1763 * Improve helper test coverage. #7208, #7212, #7215, #7233, #7234, #7235, #7236, #7237, #7238, #7241, #7243, #7244 *Rich Collins, Josh Peek*
1764
1765 * Improve UrlRewriter tests. #7207 *Rich Collins*
1766
1767 * Resources: url_for([parent, child]) generates /parents/1/children/2 for the nested resource. Likewise with the other simply helpful methods like form_for and link_to. #6432 *mhw, Jonathan Vaught, lotswholetime*
1768
1769 * Assume html format when rendering partials in RJS. #8076 *Rick Olson*
1770
1771 * Don't double-escape url_for in views. #8144 *Rich Collins, Josh Peek*
1772
1773 * Allow JSON-style values for the :with option of observe_field. Closes #8557 *kommen*
1774
1775 * Remove RAILS_ROOT from backtrace paths. #8540 *Tim Pope*
1776
1777 * Routing: map.resource :logo routes to LogosController so the controller may be reused for multiple nestings or namespaces. *Jeremy Kemper*
1778
1779 * render :partial recognizes Active Record associations as Arrays. #8538 *Kamal Fariz Mahyuddin*
1780
1781 * Routing: drop semicolon and comma as route separators. *Jeremy Kemper*
1782
1783 * request.remote_ip understands X-Forwarded-For addresses with nonstandard whitespace. #7386 *moses*
1784
1785 * Don't prepare response when rendering a component. #8493 *jsierles*
1786
1787 * Reduce file stat calls when checking for template changes. #7736 *alex*
1788
1789 * Added custom path cache_page/expire_page parameters in addition to the options hashes [David Heinemeier Hansson]. Example:
1790
1791 def index
1792 caches_page(response.body, "/index.html")
1793 end
1794
1795 * Action Caching speedup. #8231 *Stefan Kaes*
1796
1797 * Wordsmith resources documentation. #8484 *marclove*
1798
1799 * Fix syntax error in code example for routing documentation. #8377. *Norbert Crombach*
1800
1801 * Routing: respond with 405 Method Not Allowed status when the route path matches but the HTTP method does not. #6953 *Josh Peek, defeated, Dan Kubb, Coda Hale*
1802
1803 * Add support for assert_select_rjs with :show and :hide. #7780 *dchelimsky*
1804
1805 * Make assert_select's failure messages clearer about what failed. #7779 *dchelimsky*
1806
1807 * Introduce a default respond_to block for custom types. #8174 *Josh Peek*
1808
1809 * auto_complete_field takes a :method option so you can GET or POST. #8120 *zapnap*
1810
1811 * Added option to suppress :size when using :maxlength for FormTagHelper#text_field #3112 *Tim Pope*
1812
1813 * catch possible WSOD when trying to render a missing partial. Closes #8454 *Jonathan del Strother*
1814
1815 * Rewind request body after reading it, if possible. #8438 *s450r1*
1816
1817 * Resource namespaces are inherited by their has_many subresources. #8280 *marclove, Geoff Garside*
1818
1819 * Fix filtered parameter logging with nil parameter values. #8422 *choonkeat*
1820
1821 * Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 *Nik Wakelin, François Beausoleil, Wizard*
1822
1823 * Document caches_action. #5419 *Jarkko Laine*
1824
1825 * Update to Prototype 1.5.1. *Sam Stephenson*
1826
1827 * Allow routes to be decalred under namespaces [Tobias Lütke]:
1828
1829 map.namespace :admin do |admin|
1830 admin.root :controller => "products"
1831 admin.feed 'feed.xml', :controller => 'products', :action => 'feed', :format => 'xml'
1832 end
1833
1834 * Update to script.aculo.us 1.7.1_beta3. *Thomas Fuchs*
1835
1836 * observe_form always sends the serialized form. #5271 *Manfred Stienstra, normelton@gmail.com*
1837
1838 * Parse url-encoded and multipart requests ourselves instead of delegating to CGI. *Jeremy Kemper*
1839
1840 * select :include_blank option can be set to a string instead of true, which just uses an empty string. #7664 *Wizard*
1841
1842 * Added url_for usage on render :location, which allows for record identification [David Heinemeier Hansson]. Example:
1843
1844 render :xml => person, :status => :created, :location => person
1845
1846 ...expands the location to person_url(person).
1847
1848 * Introduce the request.body stream. Lazy-read to parse parameters rather than always setting RAW_POST_DATA. Reduces the memory footprint of large binary PUT requests. *Jeremy Kemper*
1849
1850 * Add some performance enhancements to ActionView.
1851
1852 * Cache base_paths in @@cached_base_paths
1853 * Cache template extensions in @@cached_template_extension
1854 * Remove unnecessary rescues
1855
1856 * Assume that rendered partials go by the HTML format by default
1857
1858 def my_partial
1859 render :update do |page|
1860 # in this order
1861 # _foo.html.erb
1862 # _foo.erb
1863 # _foo.rhtml
1864 page.replace :foo, :partial => 'foo'
1865 end
1866 end
1867
1868 * Added record identifications to FormHelper#form_for and PrototypeHelper#remote_form_for [David Heinemeier Hansson]. Examples:
1869
1870 <% form_for(@post) do |f| %>
1871 ...
1872 <% end %>
1873
1874 This will expand to be the same as:
1875
1876 <% form_for :post, @post, :url => post_path(@post), :html => { :method => :put, :class => "edit_post", :id => "edit_post_45" } do |f| %>
1877 ...
1878 <% end %>
1879
1880 And for new records:
1881
1882 <% form_for(Post.new) do |f| %>
1883 ...
1884 <% end %>
1885
1886 This will expand to be the same as:
1887
1888 <% form_for :post, @post, :url => posts_path, :html => { :class => "new_post", :id => "new_post" } do |f| %>
1889 ...
1890 <% end %>
1891
1892 * Rationalize route path escaping according to RFC 2396 section 3.3. #7544, #8307. *Jeremy Kemper, Chris Roos, begemot, jugend*
1893
1894 * Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for [David Heinemeier Hansson]. Examples:
1895
1896 redirect_to(post) # => redirect_to(posts_url(post)) => Location: http://example.com/posts/1
1897 link_to(post.title, post) # => link_to(post.title, posts_url(post)) => <a href="/posts/1">Hello world</a>
1898
1899 Any method that calls url_for on its parameters will automatically benefit from this.
1900
1901 * Removed deprecated parameters_for_method_reference concept (legacy from before named routes) *David Heinemeier Hansson*
1902
1903 * Add ActionController::Routing::Helpers, a module to contain common URL helpers such as polymorphic_url. *Nicholas Seckar*
1904
1905 * Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) *David Heinemeier Hansson*
1906
1907 * Modernize documentation for form helpers. *Jeremy McAnally*
1908
1909 * Add brief introduction to REST to the resources documentation. *fearoffish*
1910
1911 * Fix various documentation typos throughout ActionPack. *Henrik N*
1912
1913 * Enhance documentation and add examples for url_for. *Jeremy McAnally*
1914
1915 * Fix documentation typo in routes. *Norbert Crombach, pam*
1916
1917 * Sweep flash when filter chain is halted. *Caio Chassot <lists@v2studio.com>*
1918
1919 * Fixed that content_tag with a block will just return the result instead of concate it if not used in a ERb view #7857, #7432 *michael.niessner*
1920
1921 * Replace the current block/continuation filter chain handling by an implementation based on a simple loop. #8226 *Stefan Kaes*
1922
1923 * Update UrlWriter to accept :anchor parameter. Closes #6771. *Chris McGrath*
1924
1925 * Added RecordTagHelper for using RecordIdentifier conventions on divs and other container elements [David Heinemeier Hansson]. Example:
1926
1927 <% div_for(post) do %> <div id="post_45" class="post">
1928 <%= post.body %> What a wonderful world!
1929 <% end %> </div>
1930
1931 * Added page[record] accessor to JavaScriptGenerator that relies on RecordIdentifier to find the right dom id [David Heinemeier Hansson]. Example:
1932
1933 format.js do
1934 # Calls: new Effect.fade('post_45');
1935 render(:update) { |page| page[post].visual_effect(:fade) }
1936 end
1937
1938 * Added RecordIdentifier to enforce view conventions on records for dom ids, classes, and partial paths *David Heinemeier Hansson*
1939
1940 * Added map.namespace to deal with the common situation of admin sections and the like *David Heinemeier Hansson*
1941
1942 Before:
1943
1944 map.resources :products, :path_prefix => "admin", :controller => "admin/products", :collection => { :inventory => :get }, :member => { :duplicate => :post }
1945 map.resources :tags, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_tags"
1946 map.resources :images, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_images"
1947 map.resources :variants, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_variants"
1948
1949 After:
1950
1951 map.namespace(:admin) do |admin|
1952 admin.resources :products,
1953 :collection => { :inventory => :get },
1954 :member => { :duplicate => :post },
1955 :has_many => [ :tags, :images, :variants ]
1956 end
1957
1958 * Added :name_prefix as standard for nested resources [David Heinemeier Hansson]. WARNING: May be backwards incompatible with your app
1959
1960 Before:
1961
1962 map.resources :emails do |emails|
1963 emails.resources :comments, :name_prefix => "email_"
1964 emails.resources :attachments, :name_prefix => "email_"
1965 end
1966
1967 After:
1968
1969 map.resources :emails do |emails|
1970 emails.resources :comments
1971 emails.resources :attachments
1972 end
1973
1974 This does mean that if you intended to have comments_url go to /emails/5/comments, then you'll have to set :name_prefix to nil explicitly.
1975
1976 * Added :has_many and :has_one for declaring plural and singular resources beneath the current *David Heinemeier Hansson*
1977
1978 Before:
1979
1980 map.resources :notes do |notes|
1981 notes.resources :comments
1982 notes.resources :attachments
1983 notes.resource :author
1984 end
1985
1986 After:
1987
1988 map.resources :notes, :has_many => [ :comments, :attachments ], :has_one => :author
1989
1990 * Added that render :xml will try to call to_xml if it can [David Heinemeier Hansson]. Makes these work:
1991
1992 render :xml => post
1993 render :xml => comments
1994
1995 * Added :location option to render so that the common pattern of rendering a response after creating a new resource is now a 1-liner *David Heinemeier Hansson*
1996
1997 render :xml => post.to_xml, :status => :created, :location => post_url(post)
1998
1999 * Ensure that render_text only adds string content to the body of the response *David Heinemeier Hansson*
2000
2001 * Return the string representation from an Xml Builder when rendering a partial. Closes #5044 *Tim Pope*
2002
2003 * Fixed that parameters from XML should also be presented in a hash with indifferent access *David Heinemeier Hansson*
2004
2005 * Tweak template format rules so that the ACCEPT header is only used if it's text/javascript. This is so ajax actions without a :format param get recognized as Mime::JS. *Rick Olson*
2006
2007 * The default respond_to blocks don't set a specific extension anymore, so that both 'show.rjs' and 'show.js.rjs' will work. *Rick Olson*
2008
2009 * Allow layouts with extension of .html.erb. Closes #8032 *Josh Knowles*
2010
2011 * Change default respond_to templates for xml and rjs formats. *Rick Olson*
2012
2013 * Default xml template goes from #{action_name}.rxml => #{action_name}.xml.builder.
2014 * Default rjs template goes from #{action_name}.rjs => #{action_name}.js.rjs.
2015
2016 You can still specify your old templates:
2017
2018 respond_to do |format|
2019 format.xml do
2020 render :action => "#{action_name}.rxml"
2021 end
2022 end
2023
2024 * Fix WSOD due to modification of a formatted template extension so that requests to templates like 'foo.html.erb' fail on the second hit. *Rick Olson*
2025
2026 * Fix WSOD when template compilation fails *Rick Olson*
2027
2028 * Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder" *Rick Olson*
2029
2030 * Highlight helper highlights one or many terms in a single pass. *Jeremy Kemper*
2031
2032 * Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash. It was a neat idea, but lots of the non-crud actions turned out not to be RPC (as the ; was primarily intended to discourage), but legitimate sub-resources, like /parties/recent, which didn't deserve the uglification of /parties;recent. Further more, the semicolon caused issues with caching and HTTP authentication in Safari. Just Not Worth It *David Heinemeier Hansson*
2033
2034 * Added that FormTagHelper#submit_tag will return to its original state if the submit fails and you're using :disable_with *David Heinemeier Hansson*
2035
2036 * Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 *Jeremy McAnally*
2037
2038 * Small collection of ActionController documentation cleanups. Closes #7319 *Jeremy McAnally*
2039
2040 * Make sure the route expiry hash is constructed by comparing the to_param-ized values of each hash. *Jamis Buck*
2041
2042 * Allow configuration of the default action cache path for #caches_action calls. *Rick Olson*
2043
2044 class ListsController < ApplicationController
2045 caches_action :index, :cache_path => Proc.new { |controller|
2046 controller.params[:user_id] ?
2047 controller.send(:user_lists_url, c.params[:user_id]) :
2048 controller.send(:lists_url) }
2049 end
2050
2051 * Performance: patch cgi/session/pstore to require digest/md5 once rather than per #initialize. #7583 *Stefan Kaes*
2052
2053 * Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. *Jeremy Kemper*
2054
2055 * Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 *Justin French*
2056
2057 * Cookie session store: raise ArgumentError when :session_key is blank. *Jeremy Kemper*
2058
2059 * Deprecation: remove deprecated request, redirect, and dependency methods. Remove deprecated instance variables. Remove deprecated url_for(:symbol, *args) and redirect_to(:symbol, *args) in favor of named routes. Remove uses_component_template_root for toplevel components directory. Privatize deprecated render_partial and render_partial_collection view methods. Remove deprecated link_to_image, link_image_to, update_element_function, start_form_tag, and end_form_tag helper methods. Remove deprecated human_size helper alias. *Jeremy Kemper*
2060
2061 * Consistent public/protected/private visibility for chained methods. #7813 *Dan Manges*
2062
2063 * Prefer MIME constants to strings. #7707 *Dan Kubb*
2064
2065 * Allow array and hash query parameters. Array route parameters are converted/to/a/path as before. #6765, #7047, #7462 *bgipsy, Jeremy McAnally, Dan Kubb, brendan*
2066
2067 \# Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests using the cookie store's secret. [Rick Olson]
2068 * Added Request#url that returns the complete URL used for the request *David Heinemeier Hansson*
2069
2070 * Extract dynamic scaffolding into a plugin. #7700 *Josh Peek*
2071
2072 * Added user/password options for url_for to add http authentication in a URL *David Heinemeier Hansson*
2073
2074 * Fixed that FormTagHelper#text_area_tag should disregard :size option if it's not a string *Brendon Davidson*
2075
2076 * Set the original button value in an attribute of the button when using the :disable_with key with submit_tag, so that the original can be restored later. *Jamis Buck*
2077
2078 * session_enabled? works with session :off. #6680 *Jonathan del Strother*
2079
2080 * Added :port and :host handling to UrlRewriter (which unified url_for usage, regardless of whether it's called in view or controller) #7616 *alancfrancis*
2081
2082 * Allow send_file/send_data to use a registered mime type as the :type parameter #7620 *jonathan*
2083
2084 * Allow routing requirements on map.resource(s) #7633 [quixoten]. Example:
2085
2086 map.resources :network_interfaces, :requirements => { :id => /^\d+\.\d+\.\d+\.\d+$/ }
2087
2088 * Cookie session store: empty and unchanged sessions don't write a cookie. *Jeremy Kemper*
2089
2090 * Added helper(:all) as a way to include all helpers from app/helpers/**/*.rb in ApplicationController *David Heinemeier Hansson*
2091
2092 * Integration tests: introduce methods for other HTTP methods. #6353 *caboose*
2093
2094 * Routing: better support for escaped values in route segments. #7544 [Chris
2095 Roos]
2096 * Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure message digest is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the digest). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. *Jeremy Kemper*
2097
2098 Example config/environment.rb:
2099 # Use an application-wide secret key and the default SHA1 message digest.
2100 config.action_controller.session = { :secret => "can't touch this" }
2101
2102 # Store a secret key per user and employ a stronger message digest.
2103 config.action_controller.session = {
2104 :digest => 'SHA512',
2105 :secret => Proc.new { User.current.secret_key }
2106 }
2107
2108 * Added .erb and .builder as preferred aliases to the now deprecated .rhtml and .rxml extensions [Chad Fowler]. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to Atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though.
2109
2110 * Added caching option to AssetTagHelper#stylesheet_link_tag and AssetTagHelper#javascript_include_tag [David Heinemeier Hansson]. Examples:
2111
2112 stylesheet_link_tag :all, :cache => true # when ActionController::Base.perform_caching is false =>
2113 <link href="/stylesheets/style1.css" media="screen" rel="Stylesheet" type="text/css" />
2114 <link href="/stylesheets/styleB.css" media="screen" rel="Stylesheet" type="text/css" />
2115 <link href="/stylesheets/styleX2.css" media="screen" rel="Stylesheet" type="text/css" />
2116
2117 stylesheet_link_tag :all, :cache => true # when ActionController::Base.perform_caching is true =>
2118 <link href="/stylesheets/all.css" media="screen" rel="Stylesheet" type="text/css" />
2119
2120 ...when caching is on, all.css is the concatenation of style1.css, styleB.css, and styleX2.css.
2121 Same deal for JavaScripts.
2122
2123 * Work around the two connection per host browser limit: use asset%d.myapp.com to distribute asset requests among asset[0123].myapp.com. Use a DNS wildcard or CNAMEs to map these hosts to your asset server. See http://www.die.net/musings/page_load_time/ for background. *Jeremy Kemper*
2124
2125 * Added default mime type for CSS (Mime::CSS) *David Heinemeier Hansson*
2126
2127 * Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string. *David Heinemeier Hansson*
2128
2129 * Added X-Runtime to all responses with the request run time *David Heinemeier Hansson*
2130
2131 * Add Mime::Type convenience methods to check the current mime type. *Rick Olson*
2132
2133 request.format.html? # => true if Mime::HTML
2134 request.format.jpg? # => true if Mime::JPG
2135
2136 \# ActionController sample usage:
2137 \# the session will be disabled for non html/ajax requests
2138 session :off, :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
2139
2140 * Performance: patch cgi/session to require digest/md5 once rather than per #create_new_id. *Stefan Kaes*
2141
2142 * Add a :url_based_filename => true option to ActionController::Streaming::send_file, which allows URL-based filenames. *Thomas Fuchs*
2143
2144 * Fix that FormTagHelper#submit_tag using :disable_with should trigger the onsubmit handler of its form if available *David Heinemeier Hansson*
2145
2146 * Fix #render_file so that TemplateError is called with the correct params and you don't get the WSOD. *Rick Olson*
2147
2148 * Fix issue with deprecation messing up #template_root= usage. Add #prepend_view_path and #append_view_path to allow modification of a copy of the
2149 superclass' view_paths. [Rick Olson]
2150 * Allow Controllers to have multiple view_paths instead of a single template_root. Closes #2754 *John Long*
2151
2152 * Add much-needed html-scanner tests. Fixed CDATA parsing bug. *Rick Olson*
2153
2154 * improve error message for Routing for named routes. Closes #7346 *Rob Sanheim*
2155
2156 * Added enhanced docs to routing assertions. Closes #7359 *Rob Sanheim*
2157
2158 * fix form_for example in ActionController::Resources documentation. Closes #7362 *gnarg*
2159
2160 * Make sure that the string returned by TextHelper#truncate is actually a string, not a char proxy -- that should only be used internally while working on a multibyte-safe way of truncating *David Heinemeier Hansson*
2161
2162 * Added FormBuilder#submit as a delegate for FormTagHelper#submit_tag *David Heinemeier Hansson*
2163
2164 * Allow Routes to generate all urls for a set of options by specifying :generate_all => true. Allows caching to properly set or expire all paths for a resource. References #1739. *Nicholas Seckar*
2165
2166 * Change the query parser to map empty GET params to "" rather than nil. Closes #5694. *Nicholas Seckar*
2167
2168 * date_select and datetime_select take a :default option. #7052 *Nik Wakelin*
2169 date_select "post", "written_on", :default => 3.days.from_now
2170 date_select "credit_card", "bill_due", :default => { :day => 20 }
2171
2172 * select :multiple => true suffixes the attribute name with [] unless already suffixed. #6977 *nik.kakelin, ben, julik*
2173
2174 * Improve routes documentation. #7095 *zackchandler*
2175
2176 * mail_to :encode => 'hex' also encodes the mailto: part of the href attribute as well as the linked email when no name is given. #2061 *Jarkko Laine, pfc.pille@gmx.net*
2177
2178 * Resource member routes require :id, eliminating the ambiguous overlap with collection routes. #7229 *dkubb*
2179
2180 * Remove deprecated assertions. *Jeremy Kemper*
2181
2182 * Change session restoration to allow namespaced models to be autoloaded. Closes #6348. *Nicholas Seckar*
2183
2184 * Fix doubly appearing parameters due to string and symbol mixups. Closes #2551. *Anthony Eden*
2185
2186 * Fix overly greedy rescues when loading helpers. Fixes #6268. *Nicholas Seckar*
2187
2188 * Fixed NumberHelper#number_with_delimiter to use "." always for splitting the original number, not the delimiter parameter #7389 *ceefour*
2189
2190 * Autolinking recognizes trailing and embedded . , : ; #7354 *Jarkko Laine*
2191
2192 * Make TextHelper::auto_link recognize URLs with colons in path correctly, fixes #7268. *imajes*
2193
2194 * Update to script.aculo.us 1.7.0. *Thomas Fuchs*
2195
2196 * Modernize cookie testing code, and increase coverage (Heckle++) #7101 *Kevin Clark*
2197
2198 * Improve Test Coverage for ActionController::Routing::Route#matches_controller_and_action? (Heckle++) #7115 *Kevin Clark*
2199
2200 * Heckling ActionController::Resources::Resource revealed that set_prefixes didn't break when :name_prefix was munged. #7081 *Kevin Clark*
2201
2202 * Fix #distance_of_time_in_words to report accurately against the Duration class. #7114 *eventualbuddha*
2203
2204 * Refactor #form_tag to allow easy extending. *Rick Olson*
2205
2206 * Update to Prototype 1.5.0. *Sam Stephenson*
2207
2208 * RecordInvalid, RecordNotSaved => 422 Unprocessable Entity, StaleObjectError => 409 Conflict. #7097 *dkubb*
2209
2210 * Allow fields_for to be nested inside form_for, so that the name and id get properly constructed *Jamis Buck*
2211
2212 * Allow inGroupsOf and eachSlice to be called through rjs. #7046 *Cody Fauser*
2213
2214 * Allow exempt_from_layout :rhtml. #6742, #7026 *Dan Manges, Squeegy*
2215
2216 * Recognize the .txt extension as Mime::TEXT *Rick Olson*
2217
2218 * Fix parsing of array[] CGI parameters so extra empty values aren't included. #6252 *Nicholas Seckar, aiwilliams, brentrowland*
2219
2220 * link_to_unless_current works with full URLs as well as paths. #6891 *Jarkko Laine, Manfred Stienstra, idrifter*
2221
2222 * Lookup the mime type for #auto_discovery_link_tag in the Mime::Type class. Closes #6941 *Josh Peek*
2223
2224 * Fix bug where nested resources ignore a parent singleton parent's path prefix. Closes #6940 *Dan Kubb*
2225
2226 * Fix no method error with error_messages_on. Closes #6935 *nik.wakelin Koz*
2227
2228 * Slight doc tweak to the ActionView::Helpers::PrototypeHelper#replace docs. Closes #6922 *Steven Bristol*
2229
2230 * Slight doc tweak to #prepend_filter. Closes #6493 *Jeremy Voorhis*
2231
2232 * Add more extensive documentation to the AssetTagHelper. Closes #6452 *Bob Silva*
2233
2234 * Clean up multiple calls to #stringify_keys in TagHelper, add better documentation and testing for TagHelper. Closes #6394 *Bob Silva*
2235
2236 * [DOCS] fix reference to ActionController::Macros::AutoComplete for #text_field_with_auto_complete. Closes #2578 *Jan Prill*
2237
2238 * Make sure html_document is reset between integration test requests. *ctm*
2239
2240 * Set session to an empty hash if :new_session => false and no session cookie or param is present. CGI::Session was raising an unrescued ArgumentError. *Josh Susser*
2241
2242 * Routing uses URI escaping for path components and CGI escaping for query parameters. *darix, Jeremy Kemper*
2243
2244 * Fix assert_redirected_to bug where redirecting from a nested to to a top-level controller incorrectly added the current controller's nesting. Closes #6128. *Rick Olson*
2245
2246 * Singleton resources: POST /singleton => create, GET /singleton/new => new. *Jeremy Kemper*
2247
2248 * Use 400 Bad Request status for unrescued ActiveRecord::RecordInvalid exceptions. *Jeremy Kemper*
2249
2250 * Silence log_error deprecation warnings from inspecting deprecated instance variables. *Nate Wiger*
2251
2252 * Only cache GET requests with a 200 OK response. #6514, #6743 *RSL, anamba*
2253
2254 * Add a 'referer' attribute to TestRequest. *Jamis Buck*
2255
2256 * Ensure render :json => ... skips the layout. Closes #6808 *Josh Peek*
2257
2258 * Fix HTML::Node to output double quotes instead of single quotes. Closes #6845 *mitreandy*
2259
2260 * Correctly report which filter halted the chain. #6699 *Martin Emde*
2261
2262 * Fix a bug in Routing where a parameter taken from the path of the current request could not be used as a query parameter for the next. Closes #6752. *Nicholas Seckar*
2263
2264 * Unrescued ActiveRecord::RecordNotFound responds with 404 instead of 500. *Jeremy Kemper*
2265
2266 * Improved auto_link to match more valid urls correctly *Tobias Lütke*
2267
2268 * Add singleton resources. *Rick Olson*
2269
2270 map.resource :account
2271
2272 GET /account
2273 GET /account;edit
2274 UPDATE /account
2275 DELETE /account
2276
2277 * respond_to recognizes JSON. render :json => @person.to_json automatically sets the content type and takes a :callback option to specify a client-side function to call using the rendered JSON as an argument. #4185 *Scott Raymond, eventualbuddha*
2278 # application/json response with body 'Element.show({:name: "David"})'
2279 respond_to do |format|
2280 format.json { render :json => { :name => "David" }.to_json, :callback => 'Element.show' }
2281 end
2282
2283 * Makes :discard_year work without breaking multi-attribute parsing in AR. #1260, #3800 *sean@ardismg.com, jmartin@desertflood.com, stephen@touset.org, Bob Silva*
2284
2285 * Adds html id attribute to date helper elements. #1050, #1382 *mortonda@dgrmm.net, David North, Bob Silva*
2286
2287 * Add :index and @auto_index capability to model driven date/time selects. #847, #2655 *moriq, Doug Fales, Bob Silva*
2288
2289 * Add :order to datetime_select, select_datetime, and select_date. #1427 *Timothee Peignier, Patrick Lenz, Bob Silva*
2290
2291 * Added time_select to work with time values in models. Update scaffolding. #2489, #2833 *Justin Palmer, Andre Caum, Bob Silva*
2292
2293 * Added :include_seconds to select_datetime, datetime_select and time_select. #2998 *csn, Bob Silva*
2294
2295 * All date/datetime selects can now accept an array of month names with :use_month_names. Allows for localization. #363 *tomasj, Bob Silva*
2296
2297 * Adds :time_separator to select_time and :date_separator to select_datetime. Preserves BC. #3811 *Bob Silva*
2298
2299 * Added map.root as an alias for map.connect '' *David Heinemeier Hansson*
2300
2301 * Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used. This means you can stop using respond_to for anything else than responses [David Heinemeier Hansson]. Examples:
2302
2303 GET /posts/5.xml | request.format => Mime::XML
2304 GET /posts/5.xhtml | request.format => Mime::HTML
2305 GET /posts/5 | request.format => request.accepts.first (usually Mime::HTML for browsers)
2306
2307 * Added the option for extension aliases to mime type registration [David Heinemeier Hansson]. Example (already in the default routes):
2308
2309 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
2310
2311 ...will respond on both .html and .xhtml.
2312
2313 * @response.redirect_url works with 201 Created responses: just return headers['Location'] rather than checking the response status. *Jeremy Kemper*
2314
2315 * Added CSV to Mime::SET so that respond_to csv will work *Cody Fauser*
2316
2317 * Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) *David Heinemeier Hansson*
2318
2319 * Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 *David Heinemeier Hansson*
2320
2321 * Update Routing to complain when :controller is not specified by a route. Closes #6669. *Nicholas Seckar*
2322
2323 * Ensure render_to_string cleans up after itself when an exception is raised. #6658 *Rob Sanheim*
2324
2325 * Extract template_changed_since? from compile_template? so plugins may override its behavior for non-file-based templates. #6651 *Jeff Barczewski*
2326
2327 * Update to Prototype and script.aculo.us [5579]. *Thomas Fuchs*
2328
2329 * simple_format helper doesn't choke on nil. #6644 *jerry426*
2330
2331 * Update to Prototype 1.5.0_rc2 [5550] which makes it work in Opera again *Thomas Fuchs*
2332
2333 * Reuse named route helper module between Routing reloads. Use remove_method to delete named route methods after each load. Since the module is never collected, this fixes a significant memory leak. *Nicholas Seckar*
2334
2335 * ActionView::Base.erb_variable accessor names the buffer variable used to render templates. Defaults to _erbout; use _buf for erubis. *Rick Olson*
2336
2337 * assert_select_rjs :remove. *Dylan Egan*
2338
2339 * Always clear model associations from session. #4795 *sd@notso.net, andylien@gmail.com*
2340
2341 * Update to Prototype 1.5.0_rc2. *Sam Stephenson*
2342
2343 * Remove JavaScriptLiteral in favor of ActiveSupport::JSON::Variable. *Sam Stephenson*
2344
2345 * Sync ActionController::StatusCodes::STATUS_CODES with http://www.iana.org/assignments/http-status-codes. #6586 *dkubb*
2346
2347 * Multipart form values may have a content type without being treated as uploaded files if they do not provide a filename. #6401 *Andreas Schwarz, Jeremy Kemper*
2348
2349 * assert_response supports symbolic status codes. #6569 *Kevin Clark*
2350 assert_response :ok
2351 assert_response :not_found
2352 assert_response :forbidden
2353
2354 * Cache parsed query parameters. #6559 *Stefan Kaes*
2355
2356 * Deprecate JavaScriptHelper#update_element_function, which is superseeded by RJS *Thomas Fuchs*
2357
2358 * pluralize helper interprets nil as zero. #6474 *Tim Pope*
2359
2360 * Fix invalid test fixture exposed by stricter Ruby 1.8.5 multipart parsing. #6524 *Bob Silva*
2361
2362 * Set ActionView::Base.default_form_builder once rather than passing the :builder option to every form or overriding the form helper methods. *Jeremy Kemper*
2363
2364 * Deprecate expire_matched_fragments. Use expire_fragment instead. #6535 *Bob Silva*
2365
2366 * Update to latest Prototype, which doesn't serialize disabled form elements, adds clone() to arrays, empty/non-string Element.update() and adds a fixes excessive error reporting in WebKit beta versions *Thomas Fuchs*
2367
2368 * Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. *Rick Olson*
2369
2370 * Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag *Rick Olson*
2371
2372 * Add a 0 margin/padding div around the hidden _method input tag that form_tag outputs. *Rick Olson*
2373
2374 * Added block-usage to TagHelper#content_tag [David Heinemeier Hansson]. Example:
2375
2376 <% content_tag :div, :class => "strong" %>
2377 Hello world!
2378 <% end %>
2379
2380 Will output:
2381 <div class="strong">Hello world!</div>
2382
2383 * Deprecated UrlHelper#link_to_image and UrlHelper#link_to :post => true #6409 *Bob Silva*
2384
2385 * Upgraded NumberHelper with number_to_phone support international formats to comply with ITU E.123 by supporting area codes with less than 3 digits, added precision argument to number_to_human_size (defaults to 1) #6421 *Bob Silva*
2386
2387 * Fixed that setting RAILS_ASSET_ID to "" should not add a trailing slash after assets #6454 *Bob Silva/chrismear*
2388
2389 * Force *_url named routes to show the host in ActionView *Rick Olson*
2390
2391 <%= url_for ... %> # no host
2392 <%= foo_path %> # no host
2393 <%= foo_url %> # host!
2394
2395 * Add support for converting blocks into function arguments to JavaScriptGenerator#call and JavaScriptProxy#call. *Sam Stephenson*
2396
2397 * Add JavaScriptGenerator#literal for wrapping a string in an object whose #to_json is the string itself. *Sam Stephenson*
2398
2399 * Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. *Rick Olson*
2400
2401 * Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc. *Rick Olson*
2402
2403 * Fix deprecation warnings when rendering the template error template. *Nicholas Seckar*
2404
2405 * Fix routing to correctly determine when generation fails. Closes #6300. [psross].
2406
2407 * Fix broken assert_generates when extra keys are being checked. *Jamis Buck*
2408
2409 * Replace KCODE checks with String#chars for truncate. Closes #6385 *Manfred Stienstra*
2410
2411 * Make page caching respect the format of the resource that is being requested even if the current route is the default route so that, e.g. posts.rss is not transformed by url_for to '/' and subsequently cached as '/index.html' when it should be cached as '/posts.rss'. *Marcel Molina Jr.*
2412
2413 * Use String#chars in TextHelper::excerpt. Closes #6386 *Manfred Stienstra*
2414
2415 * Install named routes into ActionView::Base instead of proxying them to the view via helper_method. Closes #5932. *Nicholas Seckar*
2416
2417 * Update to latest Prototype and script.aculo.us trunk versions *Thomas Fuchs*
2418
2419 * Fix relative URL root matching problems. *Mark Imbriaco*
2420
2421 * Fix filter skipping in controller subclasses. #5949, #6297, #6299 *Martin Emde*
2422
2423 * render_text may optionally append to the response body. render_javascript appends by default. This allows you to chain multiple render :update calls by setting @performed_render = false between them (awaiting a better public API). *Jeremy Kemper*
2424
2425 * Rename test assertion to prevent shadowing. Closes #6306. *psross*
2426
2427 * Fixed that NumberHelper#number_to_delimiter should respect precision of higher than two digits #6231 *Philip Hallstrom*
2428
2429 * Fixed that FormHelper#radio_button didn't respect an :id being passed in #6266 *evansj*
2430
2431 * Added an html_options hash parameter to javascript_tag() and update_page_tag() helpers #6311 [tzaharia]. Example:
2432
2433 update_page_tag :defer => 'true' { |page| ... }
2434
2435 Gives:
2436
2437 <script defer="true" type="text/javascript">...</script>
2438
2439 Which is needed for dealing with the IE6 DOM when it's not yet fully loaded.
2440
2441 * Fixed that rescue template path shouldn't be hardcoded, then it's easier to hook in your own #6295 *Mike Naberezny*
2442
2443 * Fixed escaping of backslashes in JavaScriptHelper#escape_javascript #6302 *sven@c3d2.de*
2444
2445 * Fixed that some 500 rescues would cause 500's themselves because the response had not yet been generated #6329 *cmselmer*
2446
2447 * respond_to :html doesn't assume .rhtml. #6281 *Hampton Catlin*
2448
2449 * Fixed some deprecation warnings in ActionPack *Rick Olson*
2450
2451 * assert_select_rjs decodes escaped unicode chars since the Javascript generators encode them. #6240 *japgolly*
2452
2453 * Deprecation: @cookies, @headers, @request, @response will be removed after 1.2. Use the corresponding method instead. *Jeremy Kemper*
2454
2455 * Make the :status parameter expand to the default message for that status code if it is an integer. Also support symbol statuses. [Jamis Buck]. Examples:
2456
2457 head :status => 404 # expands to "404 Not Found"
2458 head :status => :not_found # expands to "404 Not Found"
2459 head :status => :created # expands to "201 Created"
2460
2461 * Add head(options = {}) for responses that have no body. [Jamis Buck]. Examples:
2462
2463 head :status => 404 # return an empty response with a 404 status
2464 head :location => person_path(@person), :status => 201
2465
2466 * Fix bug that kept any before_filter except the first one from being able to halt the before_filter chain. *Rick Olson*
2467
2468 * strip_links is case-insensitive. #6285 *tagoh, Bob Silva*
2469
2470 * Clear the cache of possible controllers whenever Routes are reloaded. *Nicholas Seckar*
2471
2472 * Filters overhaul including meantime filter support using around filters + blocks. #5949 *Martin Emde, Roman Le Negrate, Stefan Kaes, Jeremy Kemper*
2473
2474 * Update RJS render tests. *sam*
2475
2476 * Update CGI process to allow sessions to contain namespaced models. Closes #4638. *dfelstead@site5.com*
2477
2478 * Fix routing to respect user provided requirements and defaults when assigning default routing options (such as :action => 'index'). Closes #5950. *Nicholas Seckar*
2479
2480 * Rescue Errno::ECONNRESET to handle an unexpectedly closed socket connection. Improves SCGI reliability. #3368, #6226 *sdsykes, fhanshaw@vesaria.com*
2481
2482 * Added that respond_to blocks will automatically set the content type to be the same as is requested [David Heinemeier Hansson]. Examples:
2483
2484 respond_to do |format|
2485 format.html { render :text => "I'm being sent as text/html" }
2486 format.rss { render :text => "I'm being sent as application/rss+xml" }
2487 format.atom { render :text => "I'm being sent as application/xml", :content_type => Mime::XML }
2488 end
2489
2490 * Added utf-8 as the default charset for all renders. You can change this default using ActionController::Base.default_charset=(encoding) *David Heinemeier Hansson*
2491
2492 * Added proper getters and setters for content type and charset [David Heinemeier Hansson]. Example of what we used to do:
2493
2494 response.headers["Content-Type"] = "application/atom+xml; charset=utf-8"
2495
2496 ...now:
2497
2498 response.content_type = Mime::ATOM
2499 response.charset = "utf-8"
2500
2501 * Updated prototype.js to 1.5.0_rc1 with latest fixes. *Rick Olson*
2502
2503 - XPATH support
2504 - Make Form.getElements() return elements in the correct order
2505 - fix broken Form.serialize return
2506
2507 * Declare file extensions exempt from layouts. #6219 *brandon*
2508 Example: ActionController::Base.exempt_from_layout 'rpdf'
2509
2510 * Add chained replace/update support for assert_select_rjs *Rick Olson*
2511
2512 Given RJS like...
2513
2514 page['test1'].replace "<div id=\"1\">foo</div>"
2515 page['test2'].replace_html "<div id=\"2\">foo</div>"
2516
2517 Test it with...
2518
2519 assert_select_rjs :chained_replace
2520 assert_select_rjs :chained_replace, "test1"
2521
2522 assert_select_rjs :chained_replace_html
2523 assert_select_rjs :chained_replace_html, "test2"
2524
2525 * Load helpers in alphabetical order for consistency. Resolve cyclic javascript_helper dependency. #6132, #6178 *choonkeat@gmail.com*
2526
2527 * Skip params with empty names, such as the &=Save query string from <input type="submit"/>. #2569 *Manfred Stienstra, raphinou@yahoo.com*
2528
2529 * Fix assert_tag so that :content => "foo" does not match substrings, but only exact strings. Use :content => /foo/ to match substrings. #2799 *Eric Hodel*
2530
2531 * Add descriptive messages to the exceptions thrown by cgi_methods. #6091, #6103 *Nicholas Seckar, Bob Silva*
2532
2533 * Update JavaScriptGenerator#show/hide/toggle/remove to new Prototype syntax for multiple ids, #6068 *petermichaux@gmail.com*
2534
2535 * Update UrlWriter to support :only_path. *Nicholas Seckar, Dave Thomas*
2536
2537 * Fixed JavaScriptHelper#link_to_function and JavaScriptHelper#button_to_function to have the script argument be optional [David Heinemeier Hansson]. So what used to require a nil, like this:
2538
2539 link_to("Hider", nil, :class => "hider_link") { |p| p[:something].hide }
2540
2541 ...can be written like this:
2542
2543 link_to("Hider", :class => "hider_link") { |p| p[:something].hide }
2544
2545 * Update to script.aculo.us 1.6.3 *Thomas Fuchs*
2546
2547 * Update to Prototype 1.5.0_rc1 *sam*
2548
2549 * Added access to nested attributes in RJS #4548 [richcollins@gmail.com]. Examples:
2550
2551 page['foo']['style'] # => $('foo').style;
2552 page['foo']['style']['color'] # => $('blank_slate').style.color;
2553 page['foo']['style']['color'] = 'red' # => $('blank_slate').style.color = 'red';
2554 page['foo']['style'].color = 'red' # => $('blank_slate').style.color = 'red';
2555
2556 * Fixed that AssetTagHelper#image_tag and others using compute_public_path should not modify the incoming source argument (closes #5102) *eule@space.ch*
2557
2558 * Deprecated the auto-appending of .png to AssetTagHelper#image_tag calls that doesn't have an extension *David Heinemeier Hansson*
2559
2560 * Fixed FormOptionsHelper#select to respect :selected value #5813
2561
2562 * Fixed TextHelper#simple_format to deal with multiple single returns within a single paragraph #5835 *moriq@moriq.com*
2563
2564 * Fixed TextHelper#pluralize to handle 1 as a string #5909 *rails@bencurtis.com*
2565
2566 * Improved resolution of DateHelper#distance_of_time_in_words for better precision #5994 *Bob Silva*
2567
2568 * Changed that uncaught exceptions raised any where in the application will cause RAILS_ROOT/public/500.html to be read and shown instead of just the static "Application error (Rails)" *David Heinemeier Hansson*
2569
2570 * Integration tests: thoroughly test ActionController::Integration::Session. #6022 *Kevin Clark*
2571 (tests skipped unless you `gem install mocha`)
2572
2573 * Added deprecation language for pagination which will become a plugin by Rails 2.0 *David Heinemeier Hansson*
2574
2575 * Added deprecation language for in_place_editor and auto_complete_field that both pieces will become plugins by Rails 2.0 *David Heinemeier Hansson*
2576
2577 * Deprecated all of ActionController::Dependencies. All dependency loading is now handled from Active Support *David Heinemeier Hansson*
2578
2579 * Added assert_select* for CSS selector-based testing (deprecates assert_tag) #5936 *assaf.arkin@gmail.com*
2580
2581 * radio_button_tag generates unique id attributes. #3353 *Bob Silva, somekool@gmail.com*
2582
2583 * strip_tags passes through blank args such as nil or "". #2229, #6702 *duncan@whomwah.com, dharana*
2584
2585 * Cleanup assert_tag :children counting. #2181 *jamie@bravenet.com*
2586
2587 * button_to accepts :method so you can PUT and DELETE with it. #6005 *Dan Webb*
2588
2589 * Update sanitize text helper to strip plaintext tags, and <img src="javascript:bang">. *Rick Olson*
2590
2591 * Update routing documentation. Closes #6017 *Nathan Witmer*
2592
2593 * Add routing tests to assert that RoutingError is raised when conditions aren't met. Closes #6016 *Nathan Witmer*
2594
2595 * Deprecation: update docs. #5998 *Jakob Skjerning, Kevin Clark*
2596
2597 * Make auto_link parse a greater subset of valid url formats. *Jamis Buck*
2598
2599 * Integration tests: headers beginning with X aren't excluded from the HTTP_ prefix, so X-Requested-With becomes HTTP_X_REQUESTED_WITH as expected. *Mike Clark*
2600
2601 * Tighten rescue clauses. #5985 *james@grayproductions.net*
2602
2603 * Fix send_data documentation typo. #5982 *brad@madriska.com*
2604
2605 * Switch to using FormEncodedPairParser for parsing request parameters. *Nicholas Seckar, David Heinemeier Hansson*
2606
2607 * respond_to .html now always renders #{action_name}.rhtml so that registered custom template handlers do not override it in priority. Custom mime types require a block and throw proper error now. *Tobias Lütke*
2608
2609 * Deprecation: test deprecated instance vars in partials. *Jeremy Kemper*
2610
2611 * Add UrlWriter to allow writing urls from Mailers and scripts. *Nicholas Seckar*
2612
2613 * Clean up and run the Active Record integration tests by default. #5854 *Kevin Clark, Jeremy Kemper*
2614
2615 * Correct example in cookies docs. #5832 *jessemerriman@warpmail.net*
2616
2617 * Updated to script.aculo.us 1.6.2 *Thomas Fuchs*
2618
2619 * Relax Routing's anchor pattern warning; it was preventing use of [^/] inside restrictions. *Nicholas Seckar*
2620
2621 * Add controller_paths variable to Routing. *Nicholas Seckar*
2622
2623 * Fix assert_redirected_to issue with named routes for module controllers. *Rick Olson*
2624
2625 * Tweak RoutingError message to show option diffs, not just missing named route significant keys. *Rick Olson*
2626
2627 * Invoke method_missing directly on hidden actions. Closes #3030. *Nicholas Seckar*
2628
2629 * Require Tempfile explicitly for TestUploadedFile due to changes in class auto loading. *Rick Olson*
2630
2631 * Add RoutingError exception when RouteSet fails to generate a path from a Named Route. *Rick Olson*
2632
2633 * Replace Reloadable with Reloadable::Deprecated. *Nicholas Seckar*
2634
2635 * Deprecation: check whether instance variables have been monkeyed with before assigning them to deprecation proxies. Raises a RuntimeError if so. *Jeremy Kemper*
2636
2637 * Add support for the param_name parameter to the auto_complete_field helper. #5026 *david.a.williams@gmail.com*
2638
2639 * Deprecation! @params, @session, @flash will be removed after 1.2. Use the corresponding instance methods instead. You'll get printed warnings during tests and logged warnings in dev mode when you access either instance variable directly. *Jeremy Kemper*
2640
2641 * Make Routing noisy when an anchor regexp is assigned to a segment. #5674 *François Beausoleil*
2642
2643 * Added months and years to the resolution of DateHelper#distance_of_time_in_words, such that "60 days ago" becomes "2 months ago" #5611 *pjhyett@gmail.com*
2644
2645 * Short documentation to mention use of Mime::Type.register. #5710 *choonkeat@gmail.com*
2646
2647 * Make controller_path available as an instance method. #5724 *jmckible@gmail.com*
2648
2649 * Update query parser to support adjacent hashes. *Nicholas Seckar*