Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 6172 lines (3547 sloc) 312.868 kb
34ad69a @vatrai changelog entry for deprecated ActionController::Integration, ActionCont...
vatrai authored
1 ## Rails 4.0.0 (unreleased) ##
e2cc653 @josevalim Do not deprecate performed.
josevalim authored
2
a78ee05 @rafaelfranca Fix CHANGELOG order and add a brief description of the changes in the
rafaelfranca authored
3 * `assert_generates`, `assert_recognizes`, and `assert_routing` all raise
4 `Assertion` instead of `RoutingError` *David Chelimsky*
5
3fc561a @pixeltrix Return 400 Bad Request for URL paths with invalid encoding.
pixeltrix authored
6 * URL path parameters with invalid encoding now raise ActionController::BadRequest. *Andrew White*
7
66eb3f0 @pixeltrix Raise ActionController::BadRequest for malformed parameter hashes.
pixeltrix authored
8 * Malformed query and request parameter hashes now raise ActionController::BadRequest. *Andrew White*
9
0e207a4 @carlosantoniodasilva Clarify grouped_options_for_select method API, add changelog entry
carlosantoniodasilva authored
10 * Add `divider` option to `grouped_options_for_select` to generate a separator
11 `optgroup` automatically, and deprecate `prompt` as third argument, in favor
12 of using an options hash. *Nicholas Greenfield*
13
446940c @soulim Add HTML5 input[type="time"] helper
soulim authored
14 * Add `time_field` and `time_field_tag` helpers which render an `input[type="time"]` tag. *Alex Soulim*
15
90ec863 @iHiD Removed old text_helper apis for highlight, excerpt and word_wrap
iHiD authored
16 * Removed old text_helper apis for highlight, excerpt and word_wrap *Jeremy Walker*
17
de29c30 @josevalim Update actionpack/CHANGELOG.md
josevalim authored
18 * Templates without a handler extension now raises a deprecation warning but still
19 defaults to ERb. In future releases, it will simply return the template contents. *Steve Klabnik*
20
dd42e89 @josevalim Revert "Revert "Remove `:disable_with` in favor of `'data-disable-with'`...
josevalim authored
21 * Remove `:disable_with` in favor of `'data-disable-with'` option from `submit_tag`, `button_tag` and `button_to` helpers.
22
23 *Carlos Galdino + Rafael Mendonça França*
24
71931e2 @rafaelfranca Remove `:mouseover` option from `image_tag` helper.
rafaelfranca authored
25 * Remove `:mouseover` option from `image_tag` helper. *Rafael Mendonça França*
26
27 * The `select` method (select tag) forces :include_blank if `required` is true and
2e9c7cd Changed the changelog and documentation about
Angelo Capilleri authored
28 `display size` is one and `multiple` is not true. *Angelo Capilleri*
29
9b4514c @pixeltrix Copy literal route constraints to defaults - fixes #3571 and #6224.
pixeltrix authored
30 * Copy literal route constraints to defaults so that url generation know about them.
31 The copied constraints are `:protocol`, `:subdomain`, `:domain`, `:host` and `:port`.
32
33 *Andrew White*
34
c02846f @josevalim Update actionpack/CHANGELOG.md
josevalim authored
35 * `respond_to` and `respond_with` now raise ActionController::UnknownFormat instead
36 of directly returning head 406. The exception is rescued and converted to 406
37 in the exception handling middleware. *Steven Soroka*
38
a544e00 @alindeman Allows assert_redirected_to to accept a regular expression
alindeman authored
39 * Allows `assert_redirected_to` to match against a regular expression. *Andy Lindeman*
40
36720af @spastorino Add CHANGELOG entry
spastorino authored
41 * Add backtrace to development routing error page. *Richard Schneeman*
42
4a2d53a @dmitriy-kiriyenko Replace boolean argument with an options hash.
dmitriy-kiriyenko authored
43 * Replace `include_seconds` boolean argument with `:include_seconds => true` option
44 in `distance_of_time_in_words` and `time_ago_in_words` signature. *Dmitriy Kiriyenko*
45
3acdd65 @rafaelfranca Remove `button_to_function` and `link_to_function` helpers
rafaelfranca authored
46 * Remove `button_to_function` and `link_to_function` helpers. *Rafael Mendonça França*
47
ab318d2 @carlosantoniodasilva Add changelog entry and some docs for collection + layout
carlosantoniodasilva authored
48 * Make current object and counter (when it applies) variables accessible when
49 rendering templates with :object / :collection. *Carlos Antonio da Silva*
50
c02846f @josevalim Update actionpack/CHANGELOG.md
josevalim authored
51 * JSONP now uses mimetype application/javascript instead of application/json. *omjokine*
65df4c5 @carlosantoniodasilva Add changelog entry for jsonp mimetype change, fix failing test
carlosantoniodasilva authored
52
e6ab0d5 @drogus Lazy load `default_form_builder` if it's passed as a string
drogus authored
53 * Allow to lazy load `default_form_builder` by passing a `String` instead of a constant. *Piotr Sarnacki*
54
5c18bdc @pixeltrix Merge session arg with existing session instead of overwriting
pixeltrix authored
55 * Session arguments passed to `process` calls in functional tests are now merged into
56 the existing session, whereas previously they would replace the existing session.
57 This change may break some existing tests if they are asserting the exact contents of
58 the session but should not break existing tests that only assert individual keys.
59
60 *Andrew White*
61
47cbfbb @jmbejar Add index method to FormBuilder. Useful when you use field_for and need ...
jmbejar authored
62 * Add `index` method to FormBuilder class. *Jorge Bejar*
63
1141f71 @spastorino Remove the leading \n added by textarea on assert_select
spastorino authored
64 * Remove the leading \n added by textarea on assert_select. *Santiago Pastorino*
65
128cfbd @drogus config.action_view.embed_authenticity_token_in_remote_forms is true by d...
drogus authored
66 * Changed default value for `config.action_view.embed_authenticity_token_in_remote_forms`
67 to `false`. This change breaks remote forms that need to work also without javascript,
68 so if you need such behavior, you can either set it to `true` or explicitly pass
69 `:authenticity_token => true` in form options
70
da5a47e @rafaelfranca Update the guides and CHANGELOG
rafaelfranca authored
71 * Added ActionDispatch::SSL middleware that when included force all the requests to be under HTTPS protocol. *Rafael Mendonça França*
72
2731ffa @nashby fix typo in AP CHANGELOG [ci skip]
nashby authored
73 * Add `include_hidden` option to select tag. With `:include_hidden => false` select with `multiple` attribute doesn't generate hidden input with blank value. *Vasiliy Ermolovich*
54a75e1 @nashby add 'include_hidden' option to select tag, closes #5402
nashby authored
74
f12f071 @parndt Documented the removal of size from text_field based helpers and cols, r...
parndt authored
75 * Removed default `size` option from the `text_field`, `search_field`, `telephone_field`, `url_field`, `email_field` helpers. *Philip Arndt*
76
77 * Removed default `cols` and `rows` options from the `text_area` helper. *Philip Arndt*
78
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
79 * Adds support for layouts when rendering a partial with a given collection. *serabe*
6e0a763 @Serabe Adds line to change log and update documentation.
Serabe authored
80
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
81 * Allows the route helper `root` to take a string argument. For example, `root 'pages#main'`. *bcardarella*
cf75417 @vijaydev document the shortcut to the root route helper [ci skip]
vijaydev authored
82
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
83 * Forms of persisted records use always PATCH (via the `_method` hack). *fxn*
b7a0945 @fxn uses PATCH for the forms of persisted records, and routes PATCH and PUT ...
fxn authored
84
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
85 * For resources, both PATCH and PUT are routed to the `update` action. *fxn*
b7a0945 @fxn uses PATCH for the forms of persisted records, and routes PATCH and PUT ...
fxn authored
86
c04a084 @pixeltrix Update documentation for force_ssl - closes #5023.
pixeltrix authored
87 * Don't ignore `force_ssl` in development. This is a change of behavior - use a `:if` condition to recreate the old behavior.
88
89 class AccountsController < ApplicationController
90 force_ssl :if => :ssl_configured?
91
92 def ssl_configured?
93 !Rails.env.development?
94 end
95 end
96
97 *Pat Allan*
98
5497432 @fxn updates CHANGELOGs to register changes in 002713c
fxn authored
99 * Adds support for the PATCH verb:
100 * Request objects respond to `patch?`.
101 * Routes have a new `patch` method, and understand `:patch` in the
102 existing places where a verb is configured, like `:via`.
103 * New method `patch` available in functional tests.
104 * If `:patch` is the default verb for updates, edits are
105 tunneled as PATCH rather than as PUT, and routing acts accordingly.
106 * New method `patch_via_redirect` available in integration tests.
107
108 *dlee*
109
ad46884 @jeremy Integration tests support the OPTIONS http method
jeremy authored
110 * Integration tests support the `OPTIONS` method. *Jeremy Kemper*
111
ce51edb @fxn let expires_in accept a must_revalidate flag
fxn authored
112 * `expires_in` accepts a `must_revalidate` flag. If true, "must-revalidate"
113 is added to the Cache-Control header. *fxn*
114
d6b26a6 @exviva Add HTML5 input[type="date"] helper
exviva authored
115 * Add `date_field` and `date_field_tag` helpers which render an `input[type="date"]` tag *Olek Janiszewski*
116
bcd3b87 @sikachu Add *_url helpers to get the full assets URL
sikachu authored
117 * Adds `image_url`, `javascript_url`, `stylesheet_url`, `audio_url`, `video_url`, and `font_url`
118 to assets tag helper. These URL helpers will return the full path to your assets. This is useful
119 when you are going to reference this asset from external host. *Prem Sichanugrist*
120
3def1c8 @sikachu Fix override API response bug in respond_with
sikachu authored
121 * Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
122
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
123 * Allow `value_method` and `text_method` arguments from `collection_select` and
124 `options_from_collection_for_select` to receive an object that responds to `:call`,
125 such as a `proc`, to evaluate the option in the current element context. This works
126 the same way with `collection_radio_buttons` and `collection_check_boxes`.
127
128 *Carlos Antonio da Silva + Rafael Mendonça França*
129
130 * Add `collection_check_boxes` form helper, similar to `collection_select`:
131 Example:
132
133 collection_check_boxes :post, :author_ids, Author.all, :id, :name
134 # Outputs something like:
135 <input id="post_author_ids_1" name="post[author_ids][]" type="checkbox" value="1" />
5d8191a @rafaelfranca Remove default class to collection_check_boxes and
rafaelfranca authored
136 <label for="post_author_ids_1">D. Heinemeier Hansson</label>
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
137 <input id="post_author_ids_2" name="post[author_ids][]" type="checkbox" value="2" />
5d8191a @rafaelfranca Remove default class to collection_check_boxes and
rafaelfranca authored
138 <label for="post_author_ids_2">D. Thomas</label>
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
139 <input name="post[author_ids][]" type="hidden" value="" />
140
141 The label/check_box pairs can be customized with a block.
142
143 *Carlos Antonio da Silva + Rafael Mendonça França*
144
145 * Add `collection_radio_buttons` form helper, similar to `collection_select`:
146 Example:
147
148 collection_radio_buttons :post, :author_id, Author.all, :id, :name
149 # Outputs something like:
150 <input id="post_author_id_1" name="post[author_id]" type="radio" value="1" />
5d8191a @rafaelfranca Remove default class to collection_check_boxes and
rafaelfranca authored
151 <label for="post_author_id_1">D. Heinemeier Hansson</label>
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
152 <input id="post_author_id_2" name="post[author_id]" type="radio" value="2" />
5d8191a @rafaelfranca Remove default class to collection_check_boxes and
rafaelfranca authored
153 <label for="post_author_id_2">D. Thomas</label>
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
154
155 The label/radio_button pairs can be customized with a block.
156
157 *Carlos Antonio da Silva + Rafael Mendonça França*
158
3d10955 @carlosantoniodasilva Replicate :form html5 attribute to hidden field for check_box
carlosantoniodasilva authored
159 * check_box with `:form` html5 attribute will now replicate the `:form`
160 attribute to the hidden field as well. *Carlos Antonio da Silva*
161
a4c120f @dhh Do not include the authenticity token in forms where remote: true as aja...
dhh authored
162 * Turn off verbose mode of rack-cache, we still have X-Rack-Cache to
163 check that info. Closes #5245. *Santiago Pastorino*
164
b03e55d @carlosantoniodasilva Do not generate label for attribute when giving nil
carlosantoniodasilva authored
165 * `label` form helper accepts :for => nil to not generate the attribute. *Carlos Antonio da Silva*
166
01b4a7c @rafaelfranca No need to check html_safe? twice
rafaelfranca authored
167 * Add `:format` option to number_to_percentage *Rodrigo Flores*
168
f506c80 @carlosantoniodasilva Add changelog, docs and guides entries
carlosantoniodasilva authored
169 * Add `config.action_view.logger` to configure logger for ActionView. *Rafael Mendonça França*
5a6ea53 @rafaelfranca ActionView now has its own logger
rafaelfranca authored
170
34ad69a @vatrai changelog entry for deprecated ActionController::Integration, ActionCont...
vatrai authored
171 * Deprecated ActionController::Integration in favour of ActionDispatch::Integration
172
173 * Deprecated ActionController::IntegrationTest in favour of ActionDispatch::IntegrationTest
174
175 * Deprecated ActionController::PerformanceTest in favour of ActionDispatch::PerformanceTest
176
177 * Deprecated ActionController::AbstractRequest in favour of ActionDispatch::Request
178
179 * Deprecated ActionController::Request in favour of ActionDispatch::Request
180
181 * Deprecated ActionController::AbstractResponse in favour of ActionDispatch::Response
182
183 * Deprecated ActionController::Response in favour of ActionDispatch::Response
184
185 * Deprecated ActionController::Routing in favour of ActionDispatch::Routing
186
9bd38f3 check_box helper with :disabled => true generates disabled hidden field....
Tadas Tamošauskas authored
187 * check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
188 This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
189 *Tadas Tamosauskas*
190
a5976cc @lucascaton Remove slash from favicon_link_tag method attribute
lucascaton authored
191 * `favicon_link_tag` helper will now use the favicon in app/assets by default. *Lucas Caton*
192
da5a47e @rafaelfranca Update the guides and CHANGELOG
rafaelfranca authored
193 * `ActionView::Helpers::TextHelper#highlight` now defaults to the
194 HTML5 `mark` element. *Brian Cardarella*
e4915e1 @bcardarella Highlight defaults to HTML5 `mark` element
bcardarella authored
195
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
196
3638881 @bsodmike Update Rails 3.2.3 release date in changelogs as March 30, 2012
bsodmike authored
197 ## Rails 3.2.3 (March 30, 2012) ##
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
198
805b15f @drogus Added config.action_view.embed_authenticity_token_in_remote_forms
drogus authored
199 * Add `config.action_view.embed_authenticity_token_in_remote_forms` (defaults to true) which allows to set if authenticity token will be included by default in remote forms. If you change it to false, you can still force authenticity token by passing `:authenticity_token => true` in form options *Piotr Sarnacki*
200
a4c120f @dhh Do not include the authenticity token in forms where remote: true as aja...
dhh authored
201 * Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH*
202
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
203 * Upgrade rack-cache to 1.2. *José Valim*
204
205 * ActionController::SessionManagement is removed. *Santiago Pastorino*
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
206
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
207 * Since the router holds references to many parts of the system like engines, controllers and the application itself, inspecting the route set can actually be really slow, therefore we default alias inspect to to_s. *José Valim*
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
208
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
209 * Add a new line after the textarea opening tag. Closes #393 *Rafael Mendonça França*
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
210
ba35527 @vijaydev Minor changelog fixes [ci skip]
vijaydev authored
211 * Always pass a respond block from to responder. We should let the responder decide what to do with the given overridden response block, and not short circuit it. *Prem Sichanugrist*
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
212
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
213 * Fixes layout rendering regression from 3.2.2. *José Valim*
8a714c4 @vijaydev fix incorrect changelog headings [ci skip].
vijaydev authored
214
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
215
05c6caf @claudiob Add release dates to documentation
claudiob authored
216 ## Rails 3.2.2 (March 1, 2012) ##
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
217
218 * Format lookup for partials is derived from the format in which the template is being rendered. Closes #5025 part 2 *Santiago Pastorino*
219
220 * Use the right format when a partial is missing. Closes #5025. *Santiago Pastorino*
221
222 * Default responder will now always use your overridden block in `respond_with` to render your response. *Prem Sichanugrist*
223
224 * check_box helper with :disabled => true will generate a disabled hidden field to conform with the HTML convention where disabled fields are not submitted with the form.
225 This is a behavior change, previously the hidden tag had a value of the disabled checkbox.
226 *Tadas Tamosauskas*
227
228
229 ## Rails 3.2.1 (January 26, 2012) ##
230
231 * Documentation improvements.
232
233 * Allow `form.select` to accept ranges (regression). *Jeremy Walker*
234
235 * `datetime_select` works with -/+ infinity dates. *Joe Van Dyk*
236
237
6d426b1 @claudiob Add release date of Rails 3.2.0 to documentation
claudiob authored
238 ## Rails 3.2.0 (January 20, 2012) ##
c0d1f5f @josevalim Update actionpack/CHANGELOG.md
josevalim authored
239
96a817f @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
240 * Add `config.action_dispatch.default_charset` to configure default charset for ActionDispatch::Response. *Carlos Antonio da Silva*
241
242 * Deprecate setting default charset at controller level, use the new `config.action_dispatch.default_charset` instead. *Carlos Antonio da Silva*
243
244 * Deprecate ActionController::UnknownAction in favour of AbstractController::ActionNotFound. *Carlos Antonio da Silva*
245
246 * Deprecate ActionController::DoubleRenderError in favour of AbstractController::DoubleRenderError. *Carlos Antonio da Silva*
247
248 * Deprecate method_missing handling for not found actions, use action_missing instead. *Carlos Antonio da Silva*
249
250 * Deprecate ActionController#rescue_action, ActionController#initialize_template_class, and ActionController#assign_shortcuts.
251 These methods were not being used internally anymore and are going to be removed in Rails 4. *Carlos Antonio da Silva*
252
29fdd8c @spastorino Use a BodyProxy instead of including a Module that responds to close.
spastorino authored
253 * Use a BodyProxy instead of including a Module that responds to
254 close. Closes #4441 if Active Record is disabled assets are delivered
255 correctly *Santiago Pastorino*
256
ad44952 @spastorino Add CHANGELOG entry
spastorino authored
257 * Rails initialization with initialize_on_precompile = false should set assets_dir *Santiago Pastorino*
258
439d340 @spastorino Add font_path helper method
spastorino authored
259 * Add font_path helper method *Santiago Pastorino*
260
c8dcc19 @spastorino Add CHANGELOG entry
spastorino authored
261 * Depends on rack ~> 1.4.0 *Santiago Pastorino*
262
f32247c @josevalim Update CHANGELOGs
josevalim authored
263 * Add :gzip option to `caches_page`. The default option can be configured globally using `page_cache_compression` *Andrey Sitnik*
264
6481bc5 @josevalim Update CHANGELOGs and guides.
josevalim authored
265 * The ShowExceptions middleware now accepts a exceptions application that is responsible to render an exception when the application fails. The application is invoked with a copy of the exception in `env["action_dispatch.exception"]` and with the PATH_INFO rewritten to the status code. *José Valim*
266
3f65e7f @wfarr Add button_tag support to ActionView::Helpers::FormBuilder.
wfarr authored
267 * Add `button_tag` support to ActionView::Helpers::FormBuilder.
268
269 This support mimics the default behavior of `submit_tag`.
270
271 Example:
272
273 <%= form_for @post do |f| %>
274 <%= f.button %>
275 <% end %>
276
96a817f @carlosantoniodasilva Update changelog
carlosantoniodasilva authored
277 * Date helpers accept a new option, `:use_two_digit_numbers = true`, that renders select boxes for months and days with a leading zero without changing the respective values.
dc43e40 @DevL Added :use_two_digit_numbers option [Lennart Fridén & Kim Persson]
DevL authored
278 For example, this is useful for displaying ISO8601-style dates such as '2011-08-01'. *Lennart Fridén and Kim Persson*
279
22a6079 @dhh Make ActiveSupport::Benchmarkable a default module for ActionController:...
dhh authored
280 * Make ActiveSupport::Benchmarkable a default module for ActionController::Base, so the #benchmark method is once again available in the controller context like it used to be *DHH*
281
5ad5215 @josevalim Deprecate implicit layout lookup in favor of inheriting the _layout conf...
josevalim authored
282 * Deprecated implied layout lookup in controllers whose parent had a explicit layout set:
283
284 class ApplicationController
285 layout "application"
286 end
287
288 class PostsController < ApplicationController
289 end
290
291 In the example above, Posts controller will no longer automatically look up for a posts layout.
292
293 If you need this functionality you could either remove `layout "application"` from ApplicationController or explicitly set it to nil in PostsController. *José Valim*
294
18ceed2 @sikachu Allow layout fallback when using `layout` method
sikachu authored
295 * Rails will now use your default layout (such as "layouts/application") when you specify a layout with `:only` and `:except` condition, and those conditions fail. *Prem Sichanugrist*
296
297 For example, consider this snippet:
298
299 class CarsController
300 layout 'single_car', :only => :show
301 end
302
303 Rails will use 'layouts/single_car' when a request comes in `:show` action, and use 'layouts/application' (or 'layouts/cars', if exists) when a request comes in for any other actions.
304
e29773f @nashby form_for with +:as+ option uses "action_as" as css class and id
nashby authored
305 * form_for with +:as+ option uses "#{action}_#{as}" as css class and id:
306
307 Before:
308
309 form_for(@user, :as => 'client') # => "<form class="client_new">..."
310
311 Now:
312
313 form_for(@user, :as => 'client') # => "<form class="new_client">..."
314
315 *Vasiliy Ermolovich*
316
07f90f6 @josevalim Merge branch 'exceptions' with the following features:
josevalim authored
317 * Allow rescue responses to be configured through a railtie as in `config.action_dispatch.rescue_responses`. Please look at ActiveRecord::Railtie for an example *José Valim*
318
218c272 @dhh Allow fresh_when/stale? to take a record instead of an options hash [DHH...
dhh authored
319 * Allow fresh_when/stale? to take a record instead of an options hash *DHH*
320
1e51cd9 @josevalim Update CHANGELOG.
josevalim authored
321 * Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
322
323 * Log "Filter chain halted as CALLBACKNAME rendered or redirected" every time a before callback halts *José Valim*
38ab982 @josevalim Log 'Filter chain halted as CALLBACKNAME rendered or redirected' every t...
josevalim authored
324
2559256 @nashby update CHANGELOG
nashby authored
325 * You can provide a namespace for your form to ensure uniqueness of id attributes on form elements.
326 The namespace attribute will be prefixed with underscore on the generate HTML id. *Vasiliy Ermolovich*
327
328 Example:
329
330 <%= form_for(@offer, :namespace => 'namespace') do |f| %>
331 <%= f.label :version, 'Version' %>:
332 <%= f.text_field :version %>
333 <% end %>
334
654df86 @josevalim Show detailed exceptions no longer returns true if the request is local ...
josevalim authored
335 * Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
3a1d519 @lest deprecation warning, changelog entry
lest authored
336
654df86 @josevalim Show detailed exceptions no longer returns true if the request is local ...
josevalim authored
337 It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
3a1d519 @lest deprecation warning, changelog entry
lest authored
338
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
339 * Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
340
341 * Added ActionDispatch::RequestId middleware that'll make a unique X-Request-Id header available to the response and enables the ActionDispatch::Request#uuid method. This makes it easy to trace requests from end-to-end in the stack and to identify individual requests in mixed logs like Syslog *DHH*
342
343 * Limit the number of options for select_year to 1000.
344
345 Pass the :max_years_allowed option to set your own limit.
346
347 *Libo Cannici*
348
349 * Passing formats or handlers to render :template and friends is deprecated. For example: *Nick Sutterer & José Valim*
350
351 render :template => "foo.html.erb"
352
353 Instead, you can provide :handlers and :formats directly as option:
354 render :template => "foo", :formats => [:html, :js], :handlers => :erb
355
356 * Changed log level of warning for missing CSRF token from :debug to :warn. *Mike Dillon*
357
358 * content_tag_for and div_for can now take the collection of records. It will also yield the record as the first argument if you set a receiving argument in your block *Prem Sichanugrist*
359
360 So instead of having to do this:
361
362 @items.each do |item|
363 content_tag_for(:li, item) do
364 Title: <%= item.title %>
365 end
366 end
367
368 You can now do this:
369
370 content_tag_for(:li, @items) do |item|
371 Title: <%= item.title %>
372 end
373
374 * send_file now guess the mime type *Esad Hajdarevic*
375
376 * Mime type entries for PDF, ZIP and other formats were added *Esad Hajdarevic*
377
378 * Generate hidden input before select with :multiple option set to true.
379 This is useful when you rely on the fact that when no options is set,
380 the state of select will be sent to rails application. Without hidden field
381 nothing is sent according to HTML spec *Bogdan Gusiev*
382
383 * Refactor ActionController::TestCase cookies *Andrew White*
384
385 Assigning cookies for test cases should now use cookies[], e.g:
386
387 cookies[:email] = 'user@example.com'
388 get :index
389 assert_equal 'user@example.com', cookies[:email]
390
391 To clear the cookies, use clear, e.g:
392
393 cookies.clear
394 get :index
395 assert_nil cookies[:email]
396
397 We now no longer write out HTTP_COOKIE and the cookie jar is
398 persistent between requests so if you need to manipulate the environment
399 for your test you need to do it before the cookie jar is created.
400
677f968 Add information to the changelog about the changes to ActionController::...
Jean-Francois Turcot authored
401 * ActionController::ParamsWrapper on ActiveRecord models now only wrap
402 attr_accessible attributes if they were set, if not, only the attributes
403 returned by the class method attribute_names will be wrapped. This fixes
404 the wrapping of nested attributes by adding them to attr_accessible.
405
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
406
05c6caf @claudiob Add release dates to documentation
claudiob authored
407 ## Rails 3.1.4 (March 1, 2012) ##
9be2353 @spastorino Sync AP CHANGELOG with 3-1-stable
spastorino authored
408
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
409 * Skip assets group in Gemfile and all assets configurations options
410 when the application is generated with --skip-sprockets option.
411
412 *Guillermo Iguaran*
413
414 * Use ProcessedAsset#pathname in Sprockets helpers when debugging is on. Closes #3333 #3348 #3361.
415
416 *Guillermo Iguaran*
417
9be2353 @spastorino Sync AP CHANGELOG with 3-1-stable
spastorino authored
418 * Allow to use asset_path on named_routes aliasing RailsHelper's
419 asset_path to path_to_asset *Adrian Pike*
420
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
421 * Assets should use the request protocol by default or default to relative if no request is available *Jonathan del Strother*
9be2353 @spastorino Sync AP CHANGELOG with 3-1-stable
spastorino authored
422
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
423
e634d25 @Karunakar Added the release dates for rails 3.1.1, rails 3.1.2, rails 3.1.3
Karunakar authored
424 ## Rails 3.1.3 (November 20, 2011) ##
603a679 @jonleighton Don't html-escape the :count option to translate if it's a Numeric. Fixe...
jonleighton authored
425
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
426 * Downgrade sprockets to ~> 2.0.3. Using 2.1.0 caused regressions.
427
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
428 * Fix using `translate` helper with a html translation which uses the `:count` option for
603a679 @jonleighton Don't html-escape the :count option to translate if it's a Numeric. Fixe...
jonleighton authored
429 pluralization.
430
431 *Jon Leighton*
432
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
433
e634d25 @Karunakar Added the release dates for rails 3.1.1, rails 3.1.2, rails 3.1.3
Karunakar authored
434 ## Rails 3.1.2 (November 18, 2011) ##
fc98811 @jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
jonleighton authored
435
e8d57f3 @lest _html translation should escape interpolated arguments
lest authored
436 * Fix XSS security vulnerability in the `translate` helper method. When using interpolation
437 in combination with HTML-safe translations, the interpolated input would not get HTML
438 escaped. *GH 3664*
439
440 Before:
441
442 translate('foo_html', :something => '<script>') # => "...<script>..."
443
444 After:
445
446 translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
447
448 *Sergey Nartimov*
449
ca3b468 @jonleighton Sync changelog entry
jonleighton authored
450 * Upgrade sprockets dependency to ~> 2.1.0
451
da02f79 @jonleighton Sync CHANGELOGs from 3-1-stable
jonleighton authored
452 * Ensure that the format isn't applied twice to the cache key, else it becomes impossible
453 to target with expire_action.
454
455 *Christopher Meiklejohn*
456
457 * Swallow error when can't unmarshall object from session.
458
459 *Bruno Zanchet*
460
fc98811 @jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
jonleighton authored
461 * Implement a workaround for a bug in ruby-1.9.3p0 where an error would be raised
462 while attempting to convert a template from one encoding to another.
463
464 Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
465
466 The workaround is to load all conversions into memory ahead of time, and will
467 only happen if the ruby version is *exactly* 1.9.3p0. The hope is obviously that
468 the underlying problem will be resolved in the next patchlevel release of
469 1.9.3.
470
471 *Jon Leighton*
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
472
da02f79 @jonleighton Sync CHANGELOGs from 3-1-stable
jonleighton authored
473 * Ensure users upgrading from 3.0.x to 3.1.x will properly upgrade their flash object in session (issues #3298 and #2509)
474
d804790 @rafaelfranca Fix my name in the CHANGELOG to follow the convention
rafaelfranca authored
475
e634d25 @Karunakar Added the release dates for rails 3.1.1, rails 3.1.2, rails 3.1.3
Karunakar authored
476 ## Rails 3.1.1 (October 07, 2011) ##
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
477
478 * javascript_path and stylesheet_path now refer to /assets if asset pipelining
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
479 is on. *Santiago Pastorino*
480
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
481 * button_to support form option. Now you're able to pass for example
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
482 'data-type' => 'json'. *ihower*
483
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
484 * image_path and image_tag should use /assets if asset pipelining is turned
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
485 on. Closes #3126 *Santiago Pastorino and christos*
486
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
487 * Avoid use of existing precompiled assets during rake assets:precompile run.
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
488 Closes #3119 *Guillermo Iguaran*
489
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
490 * Copy assets to nondigested filenames too *Santiago Pastorino*
491
492 * Give precedence to `config.digest = false` over the existence of
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
493 manifest.yml asset digests *christos*
494
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
495 * escape options for the stylesheet_link_tag method *Alexey Vakhov*
496
497 * Re-launch assets:precompile task using (Rake.)ruby instead of Kernel.exec so
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
498 it works on Windows *cablegram*
499
500 * env var passed to process shouldn't be modified in process method. *Santiago
501 Pastorino*
502
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
503 * `rake assets:precompile` loads the application but does not initialize
504 it.
505 To the app developer, this means configuration add in
506 config/initializers/* will not be executed.
507 Plugins developers need to special case their initializers that are
508 meant to be run in the assets group by adding :group => :assets. *José Valim*
509
510 * Sprockets uses config.assets.prefix for asset_path *asee*
511
512 * FileStore key_file_path properly limit filenames to 255 characters. *phuibonhoa*
513
514 * Fix Hash#to_query edge case with html_safe strings. *brainopia*
515
516 * Allow asset tag helper methods to accept :digest => false option in order to completely avoid the digest generation.
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
517 Useful for linking assets from static html files or from emails when the user could probably look at an older html email with an older asset. *Santiago Pastorino*
518
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
519 * Don't mount Sprockets server at config.assets.prefix if config.assets.compile is false. *Mark J. Titorenko*
520
521 * Set relative url root in assets when controller isn't available for Sprockets (eg. Sass files using asset_path). Fixes #2435 *Guillermo Iguaran*
522
523 * Fix basic auth credential generation to not make newlines. GH #2882
524
525 * Fixed the behavior of asset pipeline when config.assets.digest and config.assets.compile are false and requested asset isn't precompiled.
526 Before the requested asset were compiled anyway ignoring that the config.assets.compile flag is false. *Guillermo Iguaran*
527
528 * CookieJar is now Enumerable. Fixes #2795
529
530 * Fixed AssetNotPrecompiled error raised when rake assets:precompile is compiling certain .erb files. See GH #2763 #2765 #2805 *Guillermo Iguaran*
531
532 * Manifest is correctly placed in assets path when default assets prefix is changed. Fixes #2776 *Guillermo Iguaran*
533
534 * Fixed stylesheet_link_tag and javascript_include_tag to respect additional options passed by the users when debug is on. *Guillermo Iguaran*
535
536
537 ## Rails 3.1.0 (August 30, 2011) ##
538
539 * Param values are `paramified` in controller tests. *David Chelimsky*
540
541 * x_sendfile_header now defaults to nil and config/environments/production.rb doesn't set a particular value for it. This allows servers to set it through X-Sendfile-Type. *Santiago Pastorino*
542
543 * The submit form helper does not generate an id "object_name_id" anymore. *fbrusatti*
544
545 * Make sure respond_with with :js tries to render a template in all cases *José Valim*
546
547 * json_escape will now return a SafeBuffer string if it receives SafeBuffer string *tenderlove*
548
549 * Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string *Prem Sichanugrist*
550
551 * Fix escape_js to work correctly with the new SafeBuffer restriction *Paul Gallagher*
552
553 * Brought back alternative convention for namespaced models in i18n *thoefer*
554
555 Now the key can be either "namespace.model" or "namespace/model" until further deprecation.
556
557 * It is prohibited to perform a in-place SafeBuffer mutation *tenderlove*
558
559 The old behavior of SafeBuffer allowed you to mutate string in place via
560 method like `sub!`. These methods can add unsafe strings to a safe buffer,
561 and the safe buffer will continue to be marked as safe.
562
563 An example problem would be something like this:
564
565 <%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
566
567 In the above example, an untrusted string (`params[:xss]`) is added to the
568 safe buffer returned by `link_to`, and the untrusted content is successfully
569 sent to the client without being escaped. To prevent this from happening
570 `sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
571
572 In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
573
574 <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
575
576 The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
577
578 You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
579
580 * Warn if we cannot verify CSRF token authenticity *José Valim*
581
582 * Allow AM/PM format in datetime selectors *Aditya Sanghi*
583
584 * Only show dump of regular env methods on exception screen (not all the rack crap) *DHH*
585
586 * auto_link has been removed with no replacement. If you still use auto_link
587 please install the rails_autolink gem:
588 http://github.com/tenderlove/rails_autolink
589
590 *tenderlove*
591
592 * Added streaming support, you can enable it with: *José Valim*
593
594 class PostsController < ActionController::Base
595 stream :only => :index
596 end
597
598 Please read the docs at `ActionController::Streaming` for more information.
599
600 * Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter *José Valim*
601
602 * Created `ActionView::Renderer` and specified an API for `ActionView::Context`, check those objects for more information *José Valim*
603
604 * Added `ActionController::ParamsWrapper` to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default *Prem Sichanugrist*
605
606 This can be customized by setting `ActionController::Base.wrap_parameters` in `config/initializer/wrap_parameters.rb`
607
608 * RJS has been extracted out to a gem. *fxn*
609
610 * Implicit actions named not_implemented can be rendered. *Santiago Pastorino*
611
612 * Wildcard route will always match the optional format segment by default. *Prem Sichanugrist*
613
614 For example if you have this route:
615
616 match '*pages' => 'pages#show'
617
618 by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
619
620 match '*pages' => 'pages#show', :format => false
621
622 * Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call *DHH*
623
624 class PostsController < ApplicationController
625 USER_NAME, PASSWORD = "dhh", "secret"
626
627 before_filter :authenticate, :except => [ :index ]
628
629 def index
630 render :text => "Everyone can see me!"
631 end
632
633 def edit
634 render :text => "I'm only accessible if you know the password"
635 end
636
637 private
638 def authenticate
639 authenticate_or_request_with_http_basic do |user_name, password|
640 user_name == USER_NAME && password == PASSWORD
641 end
642 end
643 end
644
645 ..can now be written as
646
647 class PostsController < ApplicationController
648 http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
649
650 def index
651 render :text => "Everyone can see me!"
652 end
653
654 def edit
655 render :text => "I'm only accessible if you know the password"
656 end
657 end
658
659 * Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. *DHH and Prem Sichanugrist*
660
661 * Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash *DHH*
662
663 form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })
664
665 * Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper *DHH*
666
667 * Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
668
669 * URL parameters which return false for to_param now appear in the query string (previously they were removed) *Andrew White*
670
671 * URL parameters which return nil for to_param are now removed from the query string *Andrew White*
672
673 * ActionDispatch::MiddlewareStack now uses composition over inheritance. It is
674 no longer an array which means there may be methods missing that were not tested.
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
675
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
676 * Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). *Jakub Kuźma, Igor Wiedler*
677
678 * HTML5 button_tag helper. *Rizwan Reza*
679
680 * Template lookup now searches further up in the inheritance chain. *Artemave*
681
682 * Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. *Piotr Sarnacki*
683
684 * url_for and named url helpers now accept :subdomain and :domain as options, *Josh Kalderimis*
685
686 * The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). *Josh Kalderimis*
687
688 * Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). *Piotr Sarnacki*
689
690 * Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
691
692 tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
693 # => <div data-name="Stephen" data-city-state="[&quot;Chicago&quot;,&quot;IL&quot;]" />
694
695 Keys are dasherized. Values are JSON-encoded, except for strings and symbols. *Stephen Celis*
696
697 * Deprecate old template handler API. The new API simply requires a template handler to respond to call. *José Valim*
698
699 * :rhtml and :rxml were finally removed as template handlers. *José Valim*
700
701 * Moved etag responsibility from ActionDispatch::Response to the middleware stack. *José Valim*
702
703 * Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. *José Valim*
704
705 * file_field automatically adds :multipart => true to the enclosing form. *Santiago Pastorino*
706
707 * Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. *fxn*
708
709 * Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. *Yehuda Katz, Carl Lerche*
710
711
05c6caf @claudiob Add release dates to documentation
claudiob authored
712 ## Rails 3.0.12 (March 1, 2012) ##
152a393 @pacoguzman Update changelogs with rails 3.0-stable branch info
pacoguzman authored
713
714 * Fix using `tranlate` helper with a html translation which uses the `:count` option for
715 pluralization.
716
717 *Jon Leighton*
718
719
720 ## Rails 3.0.11 (November 18, 2011) ##
721
722 * Fix XSS security vulnerability in the `translate` helper method. When using interpolation
723 in combination with HTML-safe translations, the interpolated input would not get HTML
724 escaped. *GH 3664*
725
726 Before:
727
728 translate('foo_html', :something => '<script>') # => "...<script>..."
729
730 After:
731
732 translate('foo_html', :something => '<script>') # => "...&lt;script&gt;..."
733
734 *Sergey Nartimov*
735
736 * Implement a workaround for a bug in ruby-1.9.3p0 where an error would be
737 raised while attempting to convert a template from one encoding to another.
738
739 Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
740
741 The workaround is to load all conversions into memory ahead of time, and will
742 only happen if the ruby version is exactly 1.9.3p0. The hope is obviously
743 that the underlying problem will be resolved in the next patchlevel release
744 of 1.9.3.
745
746 * Fix assert_select_email to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.
747
748 * Fix url_for when passed a hash to prevent additional options (eg. :host, :protocol) from being added to the hash after calling it.
749
750
751 ## Rails 3.0.10 (August 16, 2011) ##
752
753 * Fixes an issue where cache sweepers with only after filters would have no
754 controller object, it would raise undefined method controller_name for nil [jeroenj]
755
756 * Ensure status codes are logged when exceptions are raised.
757
758 * Subclasses of OutputBuffer are respected.
759
760 * Fixed ActionView::FormOptionsHelper#select with :multiple => false
761
762 * Avoid extra call to Cache#read in case of a fragment cache hit
763
764
765 ## Rails 3.0.9 (June 16, 2011) ##
766
767 * json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove]
768
769 * Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist]
770
771 * Fix text helpers to work correctly with the new SafeBuffer restriction [Paul Gallagher, Arun Agrawal, Prem Sichanugrist]
772
773
774 ## Rails 3.0.8 (June 7, 2011) ##
775
776 * It is prohibited to perform a in-place SafeBuffer mutation [tenderlove]
777
778 The old behavior of SafeBuffer allowed you to mutate string in place via
779 method like `sub!`. These methods can add unsafe strings to a safe buffer,
780 and the safe buffer will continue to be marked as safe.
781
782 An example problem would be something like this:
783
784 <%= link_to('hello world', @user).sub!(/hello/, params[:xss]) %>
785
786 In the above example, an untrusted string (`params[:xss]`) is added to the
787 safe buffer returned by `link_to`, and the untrusted content is successfully
788 sent to the client without being escaped. To prevent this from happening
789 `sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
790
791 In addition to the in-place versions, some of the versions of these methods which return a copy of the string will incorrectly mark strings as safe. For example:
792
793 <%= link_to('hello world', @user).sub(/hello/, params[:xss]) %>
794
795 The new versions will now ensure that *all* strings returned by these methods on safe buffers are marked unsafe.
796
797 You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb
798
799 * Fixed github issue #342 with asset paths and relative roots.
800
801
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
802 ## Rails 3.0.7 (April 18, 2011) ##
803
804 * No changes.
805
806
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
807 ## Rails 3.0.6 (April 5, 2011) ##
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
808
809 * Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
810 html safe. Please make sure that calls to auto_link() are wrapped in a
811 sanitize(), or a raw() depending on the type of input passed to auto_link().
812 For example:
813
814 <%= sanitize(auto_link(some_user_input)) %>
815
816 Thanks to Torben Schulz for reporting this. The fix can be found here:
817 61ee3449674c591747db95f9b3472c5c3bd9e84d
818
819 * Fixes the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default *Prem Sichanugrist*
820
821 * Fixes an issue with number_to_human when converting values which are less than 1 but greater than -1 *Josh Kalderimis*
822
823 * Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. *Prem Sichanugrist, fxn*
824
825 * URL parameters which return nil for to_param are now removed from the query string *Andrew White*
826
827 * Don't allow i18n to change the minor version, version now set to ~> 0.5.0 *Santiago Pastorino*
828
829 * Make TranslationHelper#translate use the :rescue_format option in I18n 0.5.0 *Sven Fuchs*
830
831 * Fix regression: javascript_include_tag shouldn't raise if you register an expansion key with nil or [] value *Santiago Pastorino*
832
833 * Fix Action caching bug where an action that has a non-cacheable response always renders a nil response body. It now correctly renders the response body. *Cheah Chu Yeow*
834
835
836 ## Rails 3.0.5 (February 26, 2011) ##
837
838 * No changes.
839
840
841 ## Rails 3.0.4 (February 8, 2011) ##
842
843 * No changes.
844
845
846 ## Rails 3.0.3 (November 16, 2010) ##
847
848 * When ActiveRecord::Base objects are sent to predicate methods, the id of the object should be sent to ARel, not the ActiveRecord::Base object.
849
850 * :constraints routing should only do sanity checks against regular expressions. String arguments are OK.
851
852
853 ## Rails 3.0.2 (November 15, 2010) ##
854
855 * The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. *Don Wilson*
856
857
858 ## Rails 3.0.1 (October 15, 2010) ##
859
860 * No Changes, just a version bump.
861
862
863 ## Rails 3.0.0 (August 29, 2010) ##
864
865 * password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) *Santiago Pastorino*
866
867 * Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. *José Valim*
868
869 * Add clear_helpers as a way to clean up all helpers added to this controller, maintaining just the helper with the same name as the controller. *José Valim*
870
871 * Support routing constraints in functional tests. *Andrew White*
872
873 * Add a header that tells Internet Explorer (all versions) to use the best available standards support. *Yehuda Katz*
874
875 * Allow stylesheet/javascript extensions to be changed through railties. *Josh Kalderimis*
876
877 * link_to, button_to, and tag/tag_options now rely on html_escape instead of escape_once. *fxn*
878
879 * url_for returns always unescaped strings, and the :escape option is gone. *fxn*
880
881 * Added accept-charset parameter and _snowman hidden field to force the contents
882 of Rails POSTed forms to be in UTF-8 *Yehuda Katz*
883
884 * Upgrade to Rack 1.2.1 *Jeremy Kemper*
885
886 * Allow :path to be given to match/get/post/put/delete instead of :path_names in the new router *Carlos Antônio da Silva*
887
888 * Added resources_path_names to the new router DSL *José Valim*
889
890 * Allow options to be given to the namespace method in the new router *Carlos Antônio da Silva*
891
892 * Deprecate :name_prefix in the new router DSL *José Valim*
893
894 * Add shallow routes back to the new router *Diego Carrion, Andrew White*
895
896 resources :posts do
897 shallow do
898 resources :comments
899 end
900 end
901
902 You can now use comment_path for /comments/1 instead of post_comment_path for /posts/1/comments/1.
903
904 * Add support for multi-subdomain session by setting cookie host in session cookie so you can share session between www.example.com, example.com and user.example.com. #4818 *Guillermo Álvarez*
905
906 * Removed textilize, textilize_without_paragraph and markdown helpers. *Santiago Pastorino*
907
908 * Remove middleware laziness *José Valim*
909
910 * Make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean. *José Valim*
911
912 * OAuth 2: HTTP Token Authorization support to complement Basic and Digest Authorization. *Rick Olson*
913
914 * Fixed inconsistencies in form builder and view helpers #4432 *Neeraj Singh*
915
916 * Both :xml and :json renderers now forwards the given options to the model, allowing you to invoke them as render :xml => @projects, :include => :tasks *José Valim, Yehuda Katz*
917
918 * Renamed the field error CSS class from fieldWithErrors to field_with_errors for consistency. *Jeremy Kemper*
919
920 * Add support for shorthand routes like /projects/status(.:format) #4423 *Diego Carrion*
921
922 * Changed translate helper so that it doesn’t mark every translation as safe HTML. Only keys with a "_html" suffix and keys named "html" are considered to be safe HTML. All other translations are left untouched. *Craig Davey*
923
924 * New option :as added to form_for allows to change the object name. The old <% form_for :client, @post %> becomes <% form_for @post, :as => :client %> *spastorino*
925
926 * Removed verify method in controllers. *JV*
927 It's now available as a plugin at http://github.com/rails/verification
928
929 * Removed input, form, error_messages_for and error_message_on from views. *JV*
930 It's now available as a plugin at http://github.com/rails/dynamic_form
931
932 * Routes can be scoped by controller module. *Jeremy Kemper*
933
934 # /session => Auth::SessionsController
935 scope :module => 'auth' do
936 resource :session
937 end
938
939 * Added #favicon_link_tag, it uses #image_path so in particular the favicon gets an asset ID *fxn*
940
941 * Fixed that default locale templates should be used if the current locale template is missing *DHH*
942
943 * Added all the new HTML5 form types as individual form tag methods (search, url, number, etc) #3646 *Stephen Celis*
944
945 * Changed the object used in routing constraints to be an instance of
946 ActionDispatch::Request rather than Rack::Request *YK*
947
948 * Changed ActionDispatch::Request#method to return a String, to be compatible
949 with Rack::Request. Added ActionDispatch::Request#method_symbol to
950 return a symbol form of the request method. *YK*
951
952 * Changed ActionDispatch::Request#method to return the original
953 method and #request_method to return the overridden method in the
954 case of methodoverride being used (this means that #method returns
955 "HEAD" and #request_method returns "GET" in HEAD requests). This
956 is for compatibility with Rack::Request *YK*
957
958 * #concat is now deprecated in favor of using <%= %> helpers *YK*
959
960 * Block helpers now return Strings, so you can use <%= form_for @foo do |f| %>.
961 <% form_for do |f| %> still works with deprecation notices *YK*
962
963 * Add a new #mount method on the router that does not anchor the PATH_INFO
964 at the end *YK & CL*
965
966 * Create a new LookupContext object that is responsible for performantly
967 finding a template for a given pattern *JV*
968
969 * Removed relative_url_for in favor of respecting SCRIPT_NAME *YK & CL*
970
971 * Changed file streaming to use Rack::Sendfile middleware *YK*
972
973 * ActionDispatch::Request#content_type returns a String to be compatible with
974 Rack::Request. Use #content_mime_type for the Mime::Type instance *YK*
975
976 * Updated Prototype to 1.6.1 and Scriptaculous to 1.8.3 *ML*
977
978 * Change the preferred way that URL helpers are included into a class*YK & CL*
979
980 # for all helpers including named routes
981 include Rails.application.router.url_helpers
982
983 # for just url_for
984 include Rails.application.router.url_for
985
986 * Fixed that PrototypeHelper#update_page should return html_safe *DHH*
987
988 * Fixed that much of DateHelper wouldn't return html_safe? strings *DHH*
989
990 * Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) *DHH*
991
992 * Added that ActionController::Base now does helper :all instead of relying on the default ApplicationController in Rails to do it *DHH*
993
994 * Added ActionDispatch::Request#authorization to access the http authentication header regardless of its proxy hiding *DHH*
995
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
996 * Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that'll automatically set the proper flash before the redirection *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
997
998 flash[:notice] = 'Post was created'
999 redirect_to(@post)
1000
1001 ...becomes:
1002
1003 redirect_to(@post, :notice => 'Post was created')
1004
1005 * Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= *DHH*
1006
1007 * Introduce grouped_collection_select helper. #1249 *Dan Codeape, Erik Ostrom*
1008
1009 * Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls. #1664 *Matthew Rudy Jacobs*
1010
1011 * Ruby 1.9: fix Content-Length for multibyte send_data streaming. #2661 *Sava Chankov*
1012
1013 * Ruby 1.9: ERB template encoding using a magic comment at the top of the file. *Jeremy Kemper*
1014 <%# encoding: utf-8 %>
1015
1016 * Change integration test helpers to accept Rack environment instead of just HTTP Headers *Pratik Naik*
1017
1018 Before : get '/path', {}, 'Accept' => 'text/javascript'
1019 After : get '/path', {}, 'HTTP_ACCEPT' => 'text/javascript'
1020
1021 * Instead of checking Rails.env.test? in Failsafe middleware, check env["rails.raise_exceptions"] *Bryan Helmkamp*
1022
1023 * Fixed that TestResponse.cookies was returning cookies unescaped #1867 *Doug McInnes*
1024
1025
1026 ## 2.3.2 Final (March 15, 2009) ##
1027
1028 * Fixed that redirection would just log the options, not the final url (which lead to "Redirected to #<Post:0x23150b8>") *DHH*
1029
1030 * Don't check authenticity tokens for any AJAX requests *Ross Kaffenberger/Bryan Helmkamp*
1031
1032 * Added ability to pass in :public => true to fresh_when, stale?, and expires_in to make the request proxy cachable #2095 *Gregg Pollack*
1033
1034 * Fixed that passing a custom form builder would be forwarded to nested fields_for calls #2023 *Eloy Duran/Nate Wiger*
1035
1036 * Form option helpers now support disabled option tags and the use of lambdas for selecting/disabling option tags from collections #837 *Tekin*
1037
1038 * Added partial scoping to TranslationHelper#translate, so if you call translate(".foo") from the people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo") *DHH*
1039
1040 * Fix a syntax error in current_page?() that was prevent matches against URL's with multiple query parameters #1385, #1868 *chris finne/Andrew White*
1041
1042 * Added localized rescue template when I18n.locale is set (ex: public/404.da.html) #1835 *José Valim*
1043
1044 * Make the form_for and fields_for helpers support the new Active Record nested update options. #1202 *Eloy Duran*
1045
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1046 <% form_for @person do |person_form| %>
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1047 ...
1048 <% person_form.fields_for :projects do |project_fields| %>
1049 <% if project_fields.object.active? %>
1050 Name: <%= project_fields.text_field :name %>
1051 <% end %>
1052 <% end %>
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1053 <% end %>
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1054
1055
1056 * Added grouped_options_for_select helper method for wrapping option tags in optgroups. #977 *Jon Crawford*
1057
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1058 * Implement HTTP Digest authentication. #1230 *Gregg Kellogg, Pratik Naik* Example :
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1059
1060 class DummyDigestController < ActionController::Base
1061 USERS = { "lifo" => 'world' }
1062
1063 before_filter :authenticate
1064
1065 def index
1066 render :text => "Hello Secret"
1067 end
1068
1069 private
1070
1071 def authenticate
1072 authenticate_or_request_with_http_digest("Super Secret") do |username|
1073 # Return the user's password
1074 USERS[username]
1075 end
1076 end
1077 end
1078
1079 * Improved i18n support for the number_to_human_size helper. Changes the storage_units translation data; update your translations accordingly. #1634 *Yaroslav Markin*
1080 storage_units:
1081 # %u is the storage unit, %n is the number (default: 2 MB)
1082 format: "%n %u"
1083 units:
1084 byte:
1085 one: "Byte"
1086 other: "Bytes"
1087 kb: "KB"
1088 mb: "MB"
1089 gb: "GB"
1090 tb: "TB"
1091
1092 * Added :silence option to BenchmarkHelper#benchmark and turned log_level into a hash parameter and deprecated the old use *DHH*
1093
1094 * Fixed the AssetTagHelper cache to use the computed asset host as part of the cache key instead of just assuming the its a string #1299 *DHH*
1095
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1096 * Make ActionController#render(string) work as a shortcut for render :file/:template/:action => string. #1435 *Pratik Naik* Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1097
1098 \# Instead of render(:action => 'other_action')
1099 render('other_action') # argument has no '/'
1100 render(:other_action)
1101
1102 \# Instead of render(:template => 'controller/action')
1103 render('controller/action') # argument must not begin with a '/', but contain a '/'
1104
1105 \# Instead of render(:file => '/Users/lifo/home.html.erb')
1106 render('/Users/lifo/home.html.erb') # argument must begin with a '/'
1107
1108 * Add :prompt option to date/time select helpers. #561 *Sam Oliver*
1109
1110 * Fixed that send_file shouldn't set an etag #1578 *Hongli Lai*
1111
1112 * Allow users to opt out of the spoofing checks in Request#remote_ip. Useful for sites whose traffic regularly triggers false positives. *Darren Boyd*
1113
1114 * Deprecated formatted_polymorphic_url. *Jeremy Kemper*
1115
1116 * Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) *David Heinemeier Hansson*
1117
1118 * Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) *David Heinemeier Hansson*
1119
1120 * Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 *aaronbatalion*
1121
1122 * Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. *Michael Koziarski*
1123
1124 * Allow helpers directory to be overridden via ActionController::Base.helpers_dir #1424 *Sam Pohlenz*
1125
1126 * Remove deprecated ActionController::Base#assign_default_content_type_and_charset
1127
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1128 * Changed the default of ActionView#render to assume partials instead of files when not given an options hash *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1129
1130 # Instead of <%= render :partial => "account" %>
1131 <%= render "account" %>
1132
1133 # Instead of <%= render :partial => "account", :locals => { :account => @buyer } %>
1134 <%= render "account", :account => @buyer %>
1135
1136 # @account is an Account instance, so it uses the RecordIdentifier to replace
1137 # <%= render :partial => "accounts/account", :locals => { :account => @account } %>
1138 <%= render(@account) %>
1139
1140 # @posts is an array of Post instances, so it uses the RecordIdentifier to replace
1141 # <%= render :partial => "posts/post", :collection => @posts %>
1142 <%= render(@posts) %>
1143
1144 * Remove deprecated render_component. Please use the plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
1145
1146 * Fixed RedCloth and BlueCloth shouldn't preload. Instead just assume that they're available if you want to use textilize and markdown and let autoload require them *David Heinemeier Hansson*
1147
1148
1149 ## 2.2.2 (November 21st, 2008) ##
1150
1151 * I18n: translate number_to_human_size. Add storage_units: [Bytes, KB, MB, GB, TB] to your translations. #1448 *Yaroslav Markin*
1152
1153 * Restore backwards compatible functionality for setting relative_url_root. Include deprecation
1154
1155 * Switched the CSRF module to use the request content type to decide if the request is forgeable. #1145 *Jeff Cohen*
1156
1157 * Added :only and :except to map.resources to let people cut down on the number of redundant routes in an application. Typically only useful for huge routesets. #1215 *Tom Stuart*
1158
1159 map.resources :products, :only => :show do |product|
1160 product.resources :images, :except => :destroy
1161 end
1162
1163 * Added render :js for people who want to render inline JavaScript replies without using RJS *David Heinemeier Hansson*
1164
1165 * Fixed that polymorphic_url should compact given array #1317 *hiroshi*
1166
1167 * Fixed the sanitize helper to avoid double escaping already properly escaped entities #683 *antonmos/Ryan McGeary*
1168
1169 * Fixed that FormTagHelper generated illegal html if name contained square brackets #1238 *Vladimir Dobriakov*
1170
1171 * Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 *Bernardo Padua/Tor Erik*
1172
1173 * Simplified the logging format for parameters (don't include controller, action, and format as duplicates) *David Heinemeier Hansson*
1174
1175 * Remove the logging of the Session ID when the session store is CookieStore *David Heinemeier Hansson*
1176
1177 * Fixed regex in redirect_to to fully support URI schemes #1247 *Seth Fitzsimmons*
1178
1179 * Fixed bug with asset timestamping when using relative_url_root #1265 *Joe Goldwasser*
1180
1181
1182 ## 2.2.0 RC1 (October 24th, 2008) ##
1183
1184 * Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections *packagethief*
1185
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1186 * Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1187
1188 class ArticlesController < ApplicationController
1189 def show_with_respond_to_block
1190 @article = Article.find(params[:id])
1191
1192
1193 # If the request sends headers that differs from the options provided to stale?, then
1194 # the request is indeed stale and the respond_to block is triggered (and the options
1195 # to the stale? call is set on the response).
1196 #
1197 # If the request headers match, then the request is fresh and the respond_to block is
1198 # not triggered. Instead the default render will occur, which will check the last-modified
1199 # and etag headers and conclude that it only needs to send a "304 Not Modified" instead
1200 # of rendering the template.
1201 if stale?(:last_modified => @article.published_at.utc, :etag => @article)
1202 respond_to do |wants|
1203 # normal response processing
1204 end
1205 end
1206 end
1207
1208 def show_with_implied_render
1209 @article = Article.find(params[:id])
1210
1211 # Sets the response headers and checks them against the request, if the request is stale
1212 # (i.e. no match of either etag or last-modified), then the default render of the template happens.
1213 # If the request is fresh, then the default render will return a "304 Not Modified"
1214 # instead of rendering the template.
1215 fresh_when(:last_modified => @article.published_at.utc, :etag => @article)
1216 end
1217 end
1218
1219
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1220 * Added inline builder yield to atom_feed_helper tags where appropriate *Sam Ruby*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1221
1222 entry.summary :type => 'xhtml' do |xhtml|
1223 xhtml.p pluralize(order.line_items.count, "line item")
1224 xhtml.p "Shipped to #{order.address}"
1225 xhtml.p "Paid by #{order.pay_type}"
1226 end
1227
1228 * Make PrototypeHelper#submit_to_remote a wrapper around PrototypeHelper#button_to_remote. *Tarmo Tänav*
1229
1230 * Set HttpOnly for the cookie session store's cookie. #1046
1231
1232 * Added FormTagHelper#image_submit_tag confirm option #784 *Alastair Brunton*
1233
1234 * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 *Jose Fernandez*
1235
1236 * Stopped logging template compiles as it only clogs up the log *David Heinemeier Hansson*
1237
1238 * Changed the X-Runtime header to report in milliseconds *David Heinemeier Hansson*
1239
1240 * Changed BenchmarkHelper#benchmark to report in milliseconds *David Heinemeier Hansson*
1241
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1242 * Changed logging format to be millisecond based and skip misleading stats *DHH*. Went from:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1243
1244 Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com]
1245
1246 ...to:
1247
1248 Completed in 100ms (View: 40, DB: 4) | 200 OK [http://example.com]
1249
1250 * Add support for shallow nesting of routes. #838 *S. Brent Faulkner*
1251
1252 Example :
1253
1254 map.resources :users, :shallow => true do |user|
1255 user.resources :posts
1256 end
1257
1258 - GET /users/1/posts (maps to PostsController#index action as usual)
1259 named route "user_posts" is added as usual.
1260
1261 - GET /posts/2 (maps to PostsController#show action as if it were not nested)
1262 Additionally, named route "post" is added too.
1263
1264 * Added button_to_remote helper. #3641 *Donald Piret, Tarmo Tänav*
1265
1266 * Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master *Pratik Naik*
1267
1268 * Routes may be restricted to lists of HTTP methods instead of a single method or :any. #407 *Brennan Dunn, Gaius Centus Novus*
1269 map.resource :posts, :collection => { :search => [:get, :post] }
1270 map.session 'session', :requirements => { :method => [:get, :post, :delete] }
1271
1272 * Deprecated implicit local assignments when rendering partials *Josh Peek*
1273
1274 * Introduce current_cycle helper method to return the current value without bumping the cycle. #417 *Ken Collins*
1275
1276 * Allow polymorphic_url helper to take url options. #880 *Tarmo Tänav*
1277
1278 * Switched integration test runner to use Rack processor instead of CGI *Josh Peek*
1279
1280 * Made AbstractRequest.if_modified_sense return nil if the header could not be parsed *Jamis Buck*
1281
1282 * Added back ActionController::Base.allow_concurrency flag *Josh Peek*
1283
1284 * AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root *Josh Peek*
1285
1286 * Update Prototype to 1.6.0.2 #599 *Patrick Joyce*
1287
1288 * Conditional GET utility methods. *Jeremy Kemper*
1289 response.last_modified = @post.updated_at
1290 response.etag = [:admin, @post, current_user]
1291
1292 if request.fresh?(response)
1293 head :not_modified
1294 else
1295 # render ...
1296 end
1297
1298 * All 2xx requests are considered successful *Josh Peek*
1299
1300 * Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run *David Heinemeier Hansson*
1301
1302 * Removed config.action_view.cache_template_loading, use config.cache_classes instead *Josh Peek*
1303
1304 * Get buffer for fragment cache from template's @output_buffer *Josh Peek*
1305
1306 * Set config.action_view.warn_cache_misses = true to receive a warning if you perform an action that results in an expensive disk operation that could be cached *Josh Peek*
1307
1308 * Refactor template preloading. New abstractions include Renderable mixins and a refactored Template class *Josh Peek*
1309
1310 * Changed ActionView::TemplateHandler#render API method signature to render(template, local_assigns = {}) *Josh Peek*
1311
1312 * Changed PrototypeHelper#submit_to_remote to PrototypeHelper#button_to_remote to stay consistent with link_to_remote (submit_to_remote still works as an alias) #8994 *clemens*
1313
1314 * Add :recursive option to javascript_include_tag and stylesheet_link_tag to be used along with :all. #480 *Damian Janowski*
1315
1316 * Allow users to disable the use of the Accept header *Michael Koziarski*
1317
1318 The accept header is poorly implemented by browsers and causes strange
1319 errors when used on public sites where crawlers make requests too. You can use formatted urls (e.g. /people/1.xml) to support API clients in a much simpler way.
1320 To disable the header you need to set:
1321 config.action_controller.use_accept_header = false
1322 * Do not stat template files in production mode before rendering. You will no longer be able to modify templates in production mode without restarting the server *Josh Peek*
1323
1324 * Deprecated TemplateHandler line offset *Josh Peek*
1325
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1326 * Allow caches_action to accept cache store options. #416. *José Valim*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1327
1328 caches_action :index, :redirected, :if => Proc.new { |c| !c.request.format.json? }, :expires_in => 1.hour
1329
1330 * Remove define_javascript_functions, javascript_include_tag and friends are far superior. *Michael Koziarski*
1331
1332 * Deprecate :use_full_path render option. The supplying the option no longer has an effect *Josh Peek*
1333
1334 * Add :as option to render a collection of partials with a custom local variable name. #509 *Simon Jefford, Pratik Naik*
1335
1336 render :partial => 'other_people', :collection => @people, :as => :person
1337
1338 This will let you access objects of @people as 'person' local variable inside 'other_people' partial template.
1339
1340 * time_zone_select: support for regexp matching of priority zones. Resolves #195 *Ernie Miller*
1341
1342 * Made ActionView::Base#render_file private *Josh Peek*
1343
1344 * Refactor and simplify the implementation of assert_redirected_to. Arguments are now normalised relative to the controller being tested, not the root of the application. *Michael Koziarski*
1345
1346 This could cause some erroneous test failures if you were redirecting between controllers
1347 in different namespaces and wrote your assertions relative to the root of the application.
1348
1349 * Remove follow_redirect from controller functional tests.
1350
1351 If you want to follow redirects you can use integration tests. The functional test version was only useful if you were using redirect_to :id=>...
1352 * Fix polymorphic_url with singleton resources. #461 *Tammer Saleh*
1353
1354 * Replaced TemplateFinder abstraction with ViewLoadPaths *Josh Peek*
1355
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1356 * Added block-call style to link_to *Sam Stephenson/David Heinemeier Hansson*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1357
1358 <% link_to(@profile) do %>
1359 <strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
1360 <% end %>
1361
1362 * Performance: integration test benchmarking and profiling. *Jeremy Kemper*
1363
1364 * Make caching more aware of mime types. Ensure request format is not considered while expiring cache. *Jonathan del Strother*
1365
1366 * Drop ActionController::Base.allow_concurrency flag *Josh Peek*
1367
1368 * More efficient concat and capture helpers. Remove ActionView::Base.erb_variable. *Jeremy Kemper*
1369
1370 * Added page.reload functionality. Resolves #277. *Sean Huber*
1371
1372 * Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) *Mark Imbriaco, Bradford Folkens*
1373
1374 * Allow caches_action to accept a layout option *José Valim*
1375
1376 * Added Rack processor *Ezra Zygmuntowicz, Josh Peek*
1377
1378
1379 ## 2.1.0 (May 31st, 2008) ##
1380
1381 * InstanceTag#default_time_from_options overflows to DateTime *Geoff Buesing*
1382
1383 * Fixed that forgery protection can be used without session tracking (Peter Jones) *#139*
1384
1385 * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) *#136*
1386
1387 * Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" *Rick Olson*
1388 * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap *Geoff Buesing*
1389
1390 * select_date defaults to Time.zone.today when config.time_zone is set *Geoff Buesing*
1391
1392 * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) *#80*
1393
1394 * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) *David Heinemeier Hansson*
1395
1396 * Reduce number of instance variables being copied from controller to view. *Pratik Naik*
1397
1398 * select_datetime and select_time default to Time.zone.now when config.time_zone is set *Geoff Buesing*
1399
1400 * datetime_select defaults to Time.zone.now when config.time_zone is set *Geoff Buesing*
1401
1402 * Remove ActionController::Base#view_controller_internals flag. *Pratik Naik*
1403
1404 * Add conditional options to caches_page method. *Paul Horsfall*
1405
1406 * Move missing template logic to ActionView. *Pratik Naik*
1407
1408 * Introduce ActionView::InlineTemplate class. *Pratik Naik*
1409
1410 * Automatically parse posted JSON content for Mime::JSON requests. *Rick Olson*
1411
1412 POST /posts
1413 {"post": {"title": "Breaking News"}}
1414
1415 def create
1416 @post = Post.create params[:post]
1417 # ...
1418 end
1419
1420 * add json_escape ERB util to escape html entities in json strings that are output in HTML pages. *Rick Olson*
1421
1422 * Provide a helper proxy to access helper methods from outside views. Closes #10839 *Josh Peek*
1423 e.g. ApplicationController.helpers.simple_format(text)
1424
1425 * Improve documentation. *Xavier Noria, leethal, jerome*
1426
1427 * Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 *Josh Peek, eventualbuddha, Pratik Naik*
1428
1429 * Support render :partial => collection of heterogeneous elements. #11491 *Zach Dennis*
1430
1431 * Avoid remote_ip spoofing. *Brian Candler*
1432
1433 * Added support for regexp flags like ignoring case in the :requirements part of routes declarations #11421 *NeilW*
1434
1435 * Fixed that ActionController::Base#read_multipart would fail if boundary was exactly 10240 bytes #10886 *ariejan*
1436
1437 * Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 *esad, packagethief*
1438
1439 * Improve documentation. *Ryan Bigg, Jan De Poorter, Cheah Chu Yeow, Xavier Shay, Jack Danger Canty, Emilio Tagua, Xavier Noria, Sunny Ripert*
1440
1441 * Fixed that FormHelper#radio_button would produce invalid ids #11298 *harlancrystal*
1442
1443 * Added :confirm option to submit_tag #11415 *Emilio Tagua*
1444
1445 * Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) *zhangyuanyi*
1446
1447 * Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 *François Beausoleil, Chris O'Sullivan*
1448
1449 * Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. *Rick Olson*
1450
1451 * Refactor filters to use Active Support callbacks. #11235 *Josh Peek*
1452
1453 * Fixed that polymorphic routes would modify the input array #11363 *thomas.lee*
1454
1455 * Added :format option to NumberHelper#number_to_currency to enable better localization support #11149 *lylo*
1456
1457 * Fixed that TextHelper#excerpt would include one character too many #11268 *Irfy*
1458
1459 * Fix more obscure nested parameter hash parsing bug. #10797 *thomas.lee*
1460
1461 * Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets. #10350 *lotswholetime*
1462
1463 * Fix nested parameter hash parsing bug. #10797 *thomas.lee*
1464
1465 * Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 *Eloy Duran*
1466
1467 * Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off *David Heinemeier Hansson*
1468
1469 * Make MimeResponds::Responder#any work without explicit types. Closes #11140 *jaw6*
1470
1471 * Better error message for type conflicts when parsing params. Closes #7962 *spicycode, matt*
1472
1473 * Remove unused ActionController::Base.template_class. Closes #10787 *Pratik Naik*
1474
1475 * Moved template handlers related code from ActionView::Base to ActionView::Template. *Pratik Naik*
1476
1477 * Tests for div_for and content_tag_for helpers. Closes #11223 *Chris O'Sullivan*
1478
1479 * Allow file uploads in Integration Tests. Closes #11091 *RubyRedRick*
1480
1481 * Refactor partial rendering into a PartialTemplate class. *Pratik Naik*
1482
1483 * Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block *David Heinemeier Hansson*
1484
1485 * Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 *Ernesto Jimenez*
1486
1487 * Remove support for multivalued (e.g., '&'-delimited) cookies. *Jamis Buck*
1488
1489 * Fix problem with render :partial collections, records, and locals. #11057 *lotswholetime*
1490
1491 * Added support for naming concrete classes in sweeper declarations *David Heinemeier Hansson*
1492
1493 * Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 *Tim Pope, Chris Kampmeier*
1494
1495 * Fix typo in form_helper documentation. #10650 *Xavier Shay, Chris Kampmeier*
1496
1497 * Fix bug with setting Request#format= after the getter has cached the value. #10889 *cch1*
1498
1499 * Correct inconsistencies in RequestForgeryProtection docs. #11032 *Mislav Marohnić*
1500
1501 * Introduce a Template class to ActionView. #11024 *Pratik Naik*
1502
1503 * Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). #9883 *rmm5t*
1504
1505 * Introduce map.resources :cards, :as => 'tarjetas' to use a custom resource name in the URL: cards_path == '/tarjetas'. #10578 *blj*
1506
1507 * TestSession supports indifferent access. #7372 *tamc, Arsen7, mhackett, julik, jean.helou*
1508
1509 * Make assert_routing aware of the HTTP method used. #8039 *mpalmer*
1510 e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" })
1511
1512 * Make map.root accept a single symbol as an argument to declare an alias. #10818 *bscofield*
1513
1514 e.g. map.dashboard '/dashboard', :controller=>'dashboard'
1515 map.root :dashboard
1516
1517 * Handle corner case with image_tag when passed 'messed up' image names. #9018 *Duncan Beevers, mpalmer*
1518
1519 * Add label_tag helper for generating elements. #10802 *DefV*
1520
1521 * Introduce TemplateFinder to handle view paths and lookups. #10800 *Pratik Naik*
1522
1523 * Performance: optimize route recognition. Large speedup for apps with many resource routes. #10835 *oleganza*
1524
1525 * Make render :partial recognise form builders and use the _form partial. #10814 *Damian Janowski*
1526
1527 * Allow users to declare other namespaces when using the atom feed helpers. #10304 *david.calavera*
1528
1529 * Introduce send_file :x_sendfile => true to send an X-Sendfile response header. *Jeremy Kemper*
1530
1531 * Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 *Jeremy Evans*
1532
1533 * Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. *Michael Koziarski*
1534
1535 * UrlWriter respects relative_url_root. #10748 *Cheah Chu Yeow*
1536
1537 * The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. #10549 *Cheah Chu Yeow, Peter B, Tom Taylor*
1538
1539 * Support render :text => nil. #6684 *tjennings, PotatoSalad, Cheah Chu Yeow*
1540
1541 * assert_response failures include the exception message. #10688 *Seth Rasmussen*
1542
1543 * All fragment cache keys are now by default prefixed with the "views/" namespace *David Heinemeier Hansson*
1544
1545 * Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore *David Heinemeier Hansson*
1546
1547 * Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store *David Heinemeier Hansson*
1548
1549 * Made fragment caching in views work for rjs and builder as well #6642 *Dee Zsombor*
1550
1551 * Fixed rendering of partials with layout when done from site layout #9209 *antramm*
1552
1553 * Fix atom_feed_helper to comply with the atom spec. Closes #10672 *Xavier Shay*
1554
1555 * The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html)
1556 * IDs are not guaranteed unique
1557 * A default self link was not provided, contrary to the documentation
1558 * NOTE: This changes tags for existing atom entries, but at least they validate now.
1559
1560 * Correct indentation in tests. Closes #10671 *Luca Guidi*
1561
1562 * Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 *Brad Greenlee*
1563
1564 * Ensure that test case setup is run even if overridden. #10382 *Josh Peek*
1565
1566 * Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes #10566 *wesley.moxam*
1567
1568 * Add :default option to time_zone_select. #10590 *Matt Aimonetti*
1569
1570
1571 ## 2.0.2 (December 16th, 2007) ##
1572
1573 * Added delete_via_redirect and put_via_redirect to integration testing #10497 *philodespotos*
1574
1575 * Allow headers['Accept'] to be set by hand when calling xml_http_request #10461 *BMorearty*
1576
1577 * Added OPTIONS to list of default accepted HTTP methods #10449 *holoway*
1578
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1579 * Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 *Cheah Chu Yeow*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1580
1581 ActionController::Base.asset_host = Proc.new { |source|
1582 if source.starts_with?('/images')
1583 "http://images.example.com"
1584 else
1585 "http://assets.example.com"
1586 end
1587 }
1588
1589 * Fixed that ActionView#file_exists? would be incorrect if @first_render is set #10569 *dbussink*
1590
1591 * Added that Array#to_param calls to_param on all it's elements #10473 *brandon*
1592
1593 * Ensure asset cache directories are automatically created. #10337 *Josh Peek, Cheah Chu Yeow*
1594
1595 * render :xml and :json preserve custom content types. #10388 *jmettraux, Cheah Chu Yeow*
1596
1597 * Refactor Action View template handlers. #10437, #10455 *Josh Peek*
1598
1599 * Fix DoubleRenderError message and leave out mention of returning false from filters. Closes #10380 *Frederick Cheung*
1600
1601 * Clean up some cruft around ActionController::Base#head. Closes #10417 *ssoroka*
1602
1603
1604 ## 2.0.1 (December 7th, 2007) ##
1605
1606 * Fixed send_file/binary_content for testing #8044 *tolsen*
1607
1608 * When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 *Jack Danger Canty*
1609
1610 * Update Prototype to 1.6.0.1. *sam*
1611
1612 * Update script.aculo.us to 1.8.0.1. *madrobby*
1613
1614 * Add 'disabled' attribute to <OPTION> separators used in time zone and country selects. Closes #10354 *Josh Susser*
1615
1616 * Added the same record identification guessing rules to fields_for as form_for has *David Heinemeier Hansson*
1617
1618 * Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) *David Heinemeier Hansson*
1619
1620 * Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 *Tarmo Tänav*
1621
1622 * Update to Prototype -r8232. *sam*
1623
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1624 * Make sure the optimisation code for routes doesn't get used if :host, :anchor or :port are provided in the hash arguments. *pager, Michael Koziarski* #10292
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1625
1626 * Added protection from trailing slashes on page caching #10229 *devrieda*
1627
1628 * Asset timestamps are appended, not prepended. Closes #10276 *Mike Naberezny*
1629
1630 * Minor inconsistency in description of render example. Closes #10029 *ScottSchram*
1631
1632 * Add #prepend_view_path and #append_view_path instance methods on ActionController::Base for consistency with the class methods. *Rick Olson*
1633
1634 * Refactor sanitizer helpers into HTML classes and make it easy to swap them out with custom implementations. Closes #10129. *Rick Olson*
1635
1636 * Add deprecation for old subtemplate syntax for ActionMailer templates, use render :partial *Rick Olson*
1637
1638 * Fix TemplateError so it doesn't bomb on exceptions while running tests *Rick Olson*
1639
1640 * Fixed that named routes living under resources shouldn't have double slashes #10198 *Isaac Feliu*
1641
1642 * Make sure that cookie sessions use a secret that is at least 30 chars in length. *Michael Koziarski*
1643
1644 * Fixed that partial rendering should look at the type of the first render to determine its own type if no other clues are available (like when using text.plain.erb as the extension in AM) #10130 *java*
1645
1646 * Fixed that has_many :through associations should render as collections too #9051 *mathie/Jack Danger Canty*
1647
1648 * Added :mouseover short-cut to AssetTagHelper#image_tag for doing easy image swaps #6893 *joost*
1649
1650 * Fixed handling of non-domain hosts #9479 *purp*
1651
1652 * Fix syntax error in documentation example for cycle method. Closes #8735 *foca*
1653
1654 * Document :with option for link_to_remote. Closes #8765 *Ryan Bates*
1655
1656 * Document :minute_step option for time_select. Closes #8814 *brupm*
1657
1658 * Explain how to use the :href option for link_to_remote to degrade gracefully in the absence of JavaScript. Closes #8911 *vlad*
1659
1660 * Disambiguate :size option for text area tag. Closes #8955 *redbeard*
1661
1662 * Fix broken tag in assert_tag documentation. Closes #9037 *mfazekas*
1663
1664 * Add documentation for route conditions. Closes #9041 *innu, Manfred Stienstra*
1665
1666 * Fix typo left over from previous typo fix in url helper. Closes #9414 *Henrik N*
1667
1668 * Fixed that ActionController::CgiRequest#host_with_port() should handle standard port #10082 *moro*
1669
1670 * Update Prototype to 1.6.0 and script.aculo.us to 1.8.0. *sam, madrobby*
1671
1672 * Expose the cookie jar as a helper method (before the view would just get the raw cookie hash) *David Heinemeier Hansson*
1673
1674 * Integration tests: get_ and post_via_redirect take a headers hash. #9130 *simonjefford*
1675
1676 * Simplfy #view_paths implementation. ActionView templates get the exact object, not a dup. *Rick Olson*
1677
1678 * Update tests for ActiveSupport's JSON escaping change. *Rick Olson*
1679
1680 * FormHelper's auto_index should use #to_param instead of #id_before_type_cast. Closes #9994 *mattly*
1681
1682 * Doc typo fixes for ActiveRecordHelper. Closes #9973 *mikong*
1683
1684 * Make example parameters in restful routing docs idiomatic. Closes #9993 *Jack Danger Canty*
1685
1686 * Make documentation comment for mime responders match documentation example. Closes #9357 *yon*
1687
1688 * Introduce a new test case class for functional tests. ActionController::TestCase. *Michael Koziarski*
1689
1690 * Fix incorrect path in helper rdoc. Closes #9926 *viktor tron*
1691
1692 * Partials also set 'object' to the default partial variable. #8823 *Nick Retallack, Jeremy Kemper*
1693
1694 * Request profiler. *Jeremy Kemper*
1695 $ cat login_session.rb
1696 get_with_redirect '/'
1697 say "GET / => #{path}"
1698 post_with_redirect '/sessions', :username => 'john', :password => 'doe'
1699 say "POST /sessions => #{path}"
1700 $ ./script/performance/request -n 10 login_session.rb
1701
1702 * Disabled checkboxes don't submit a form value. #9301 *vladr, robinjfisher*
1703
1704 * Added tests for options to ActiveRecordHelper#form. Closes #7213 *richcollins, mikong, Mislav Marohnić*
1705
1706 * Changed before_filter halting to happen automatically on render or redirect but no longer on simply returning false *David Heinemeier Hansson*
1707
1708 * Ensure that cookies handle array values correctly. Closes #9937 *queso*
1709
1710 * Make sure resource routes don't clash with internal helpers like javascript_path, image_path etc. #9928 *Geoff Buesing*
1711
1712 * caches_page uses a single after_filter instead of one per action. #9891 *Pratik Naik*
1713
1714 * Update Prototype to 1.6.0_rc1 and script.aculo.us to 1.8.0 preview 0. *sam, madrobby*
1715
1716 * Dispatcher: fix that to_prepare should only run once in production. #9889 *Nathaniel Talbott*
1717
1718 * Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. #9823 *kamk*
1719
1720 * error_messages_for also takes :message and :header_message options which defaults to the old "There were problems with the following fields:" and "<count> errors prohibited this <object_name> from being saved". #8270 *rmm5t, zach-inglis-lt3*
1721
1722 * Make sure that custom inflections are picked up by map.resources. #9815 *Mislav Marohnić*
1723
1724 * Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call *David Heinemeier Hansson*
1725
1726 * Extracted sanitization methods from TextHelper to SanitizeHelper *David Heinemeier Hansson*
1727
1728 * rescue_from accepts :with => lambda { |exception| ... } or a normal block. #9827 *Pratik Naik*
1729
1730 * Add :status to redirect_to allowing users to choose their own response code without manually setting headers. #8297 *Coda Hale, chasgrundy*
1731
1732 * Add link_to :back which uses your referrer with a fallback to a javascript link. #7366 *eventualbuddha, Tarmo Tänav*
1733
1734 * error_messages_for and friends also work with local variables. #9699 *Frederick Cheung*
1735
1736 * Fix url_for, redirect_to, etc. with :controller => :symbol instead of 'string'. #8562, #9525 *Justin Lynn, Tarmo Tänav, shoe*
1737
1738 * Use #require_library_or_gem to load the memcache library for the MemCache session and fragment cache stores. Closes #8662. *Rick Olson*
1739
1740 * Move ActionController::Routing.optimise_named_routes to ActionController::Base.optimise_named_routes. Now you can set it in the config. *Rick Olson*
1741
1742 config.action_controller.optimise_named_routes = false
1743
1744 * ActionController::Routing::DynamicSegment#interpolation_chunk should call #to_s on all values before calling URI.escape. *Rick Olson*
1745
1746 * Only accept session ids from cookies, prevents session fixation attacks. *bradediger*
1747
1748
1749 ## 2.0.0 Preview Release (September 29th, 2007) Includes duplicates of changes from 1.12.2 - 1.13.3 ##
1750
1751 * Fixed that render template did not honor exempt_from_layout #9698 *pezra*
1752
1753 * Better error messages if you leave out the :secret option for request forgery protection. Closes #9670 *Rick Olson*
1754
1755 * Allow ability to disable request forgery protection, disable it in test mode by default. Closes #9693 *Pratik Naik*
1756
1757 * Avoid calling is_missing on LoadErrors. Closes #7460. *ntalbott*
1758
1759 * Move Railties' Dispatcher to ActionController::Dispatcher, introduce before_ and after_dispatch callbacks, and warm up to non-CGI requests. *Jeremy Kemper*
1760
1761 * The tag helper may bypass escaping. *Jeremy Kemper*
1762
1763 * Cache asset ids. *Jeremy Kemper*
1764
1765 * Optimized named routes respect AbstractRequest.relative_url_root. #9612 *Daniel Morrison, Jeremy Kemper*
1766
1767 * Introduce ActionController::Base.rescue_from to declare exception-handling methods. Cleaner style than the case-heavy rescue_action_in_public. #9449 *Norbert Crombach*
1768
1769 * Rename some RequestForgeryProtection methods. The class method is now #protect_from_forgery, and the default parameter is now 'authenticity_token'. *Rick Olson*
1770
1771 * Merge csrf_killer plugin into rails. Adds RequestForgeryProtection model that verifies session-specific _tokens for non-GET requests. *Rick Olson*
1772
1773 * Secure #sanitize, #strip_tags, and #strip_links helpers against xss attacks. Closes #8877. *Rick Olson, Pratik Naik, Jacques Distler*
1774
1775 This merges and renames the popular white_list helper (along with some css sanitizing from Jacques Distler version of the same plugin).
1776 Also applied updated versions of #strip_tags and #strip_links from #8877.
1777
1778 * Remove use of & logic operator. Closes #8114. *watson*
1779
1780 * Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 *Ruy Asan*
1781
1782 * Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 *seth*
1783
1784 * Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 *Bounga*
1785
1786 * Added FormHelper#label. #8641, #9850 *jcoglan, Jarkko Laine*
1787
1788 * Added AtomFeedHelper (slightly improved from the atom_feed_helper plugin) *David Heinemeier Hansson*
1789
1790 * Prevent errors when generating routes for uncountable resources, (i.e. sheep where plural == singluar). map.resources :sheep now creates sheep_index_url for the collection and sheep_url for the specific item. *Michael Koziarski*
1791
1792 * Added support for HTTP Only cookies (works in IE6+ and FF 2.0.5+) as an improvement for XSS attacks #8895 *Pratik Naik, Mark Somerville*
1793
1794 * Don't warn when a path segment precedes a required segment. Closes #9615. *Nicholas Seckar*
1795
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1796 * Fixed CaptureHelper#content_for to work with the optional content parameter instead of just the block #9434 *sandofsky/wildchild*.
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1797
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1798 * Added Mime::Type.register_alias for dealing with different formats using the same mime type *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1799
1800 class PostsController < ApplicationController
1801 before_filter :adjust_format_for_iphone
1802
1803 def index
1804 @posts = Post.find(:all)
1805
1806 respond_to do |format|
1807 format.html # => renders index.html.erb and uses "text/html" as the content type
1808 format.iphone # => renders index.iphone.erb and uses "text/html" as the content type
1809 end
1810 end
1811
1812
1813 private
1814 def adjust_format_for_iphone
1815 if request.env["HTTP_USER_AGENT"] && request.env["HTTP_USER_AGENT"][/iPhone/]
1816 request.format = :iphone
1817 end
1818 end
1819 end
1820
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1821 * Added that render :json will automatically call .to_json unless it's being passed a string *DHH*.
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1822
1823 * Autolink behaves well with emails embedded in URLs. #7313 *Jeremy McAnally, Tarmo Tänav*
1824
1825 * Fixed that default layouts did not take the format into account #9564 *Pratik Naik*
1826
1827 * Fixed optimized route segment escaping. #9562 *wildchild, Jeremy Kemper*
1828
1829 * Added block acceptance to JavaScriptHelper#javascript_tag. #7527 *Bob Silva, Tarmo Tänav, rmm5t*
1830
1831 * root_path returns '/' not ''. #9563 *Pratik Naik*
1832
1833 * Fixed that setting request.format should also affect respond_to blocks *David Heinemeier Hansson*
1834
1835 * Add option to force binary mode on tempfile used for fixture_file_upload. #6380 *Jonathan Viney*
1836
1837 * Fixed that resource namespaces wouldn't stick to all nested resources #9399 *pixeltrix*
1838
1839 * Moved ActionController::Macros::AutoComplete into the auto_complete plugin on the official Rails svn. #9512 *Pratik Naik*
1840
1841 * Moved ActionController::Macros::InPlaceEditing into the in_place_editor plugin on the official Rails svn. #9513 *Pratik Naik*
1842
1843 * Removed deprecated form of calling xml_http_request/xhr without the first argument being the http verb *David Heinemeier Hansson*
1844
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1845 * Removed deprecated methods *DHH*:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1846
1847 - ActionController::Base#keep_flash (use flash.keep instead)
1848 - ActionController::Base#expire_matched_fragments (just call expire_fragment with a regular expression)
1849 - ActionController::Base.template_root/= methods (use ActionController#Base.view_paths/= instead)
1850 - ActionController::Base.cookie (use ActionController#Base.cookies[]= instead)
1851
1852 * Removed the deprecated behavior of appending ".png" to image_tag/image_path calls without an existing extension *David Heinemeier Hansson*
1853
1854 * Removed ActionController::Base.scaffold -- it went through the whole idea of scaffolding (card board walls you remove and tweak one by one). Use the scaffold generator instead (it does resources too now!) *David Heinemeier Hansson*
1855
1856 * Optimise named route generation when using positional arguments. *Michael Koziarski*
1857
1858 This change delivers significant performance benefits for the most
1859 common usage scenarios for modern rails applications by avoiding the
1860 costly trip through url_for. Initial benchmarks indicate this is
1861 between 6 and 20 times as fast.
1862
1863 * Explicitly require active_record/query_cache before using it. *Jeremy Kemper*
1864
1865 * Fix layout overriding response status. #9476 *lotswholetime*
1866
1867 * Add field_set_tag for generating field_sets, closes #9477. *Damian Janowski*
1868
1869 * Allow additional parameters to be passed to named route helpers when using positional arguments. Closes #8930 *Ian White*
1870
1871 * Make render :partial work with a :collection of Hashes, previously this wasn't possible due to backwards compatibility restrictions. *Pratik Naik*
1872
1873 * request.host works with IPv6 addresses. #9458 *yuya*
1874
1875 * Fix bug where action caching sets the content type to the ActionCachePath object. Closes #9282 *mindforge*
1876
1877 * Find layouts even if they're not in the first view_paths directory. Closes #9258 *caio*
1878
1879 * Major improvement to the documentation for the options / select form helpers. Closes #9038 *Chris Kampmeier, jardeon, wesg*
1880
1881 * Fix number_to_human_size when using different precisions. Closes #7536. *RichardStrand, mpalmer*
1882
1883 * Added partial layouts (see example in action_view/lib/partials.rb) *David Heinemeier Hansson*
1884
1885 * Allow you to set custom :conditions on resource routes. *Rick Olson*
1886
1887 * Fixed that file.content_type for uploaded files would include a trailing \r #9053 *Brad Greenlee*
1888
1889 * url_for now accepts a series of symbols representing the namespace of the record *Josh Knowles*
1890
1891 * Make :trailing_slash work with query parameters for url_for. Closes #4004 *nov*
1892
1893 * Make sure missing template exceptions actually say which template they were looking for. Closes #8683 *dasil003*
1894
1895 * Fix errors with around_filters which do not yield, restore 1.1 behaviour with after filters. Closes #8891 *Stefan Kaes*
1896
1897 After filters will *no longer* be run if an around_filter fails to yield, users relying on
1898 this behaviour are advised to put the code in question after a yield statement in an around filter.
1899
1900
1901 * Allow you to delete cookies with options. Closes #3685 *Josh Peek, Chris Wanstrath*
1902
1903 * Allow you to render views with periods in the name. Closes #8076 *Norbert Crombach*
1904
1905 render :partial => 'show.html.erb'
1906
1907 * Improve capture helper documentation. #8796 *Chris Kampmeier*
1908
1909 * Prefix nested resource named routes with their action name, e.g. new_group_user_path(@group) instead of group_new_user_path(@group). The old nested action named route is deprecated in Rails 1.2.4. #8558 *David Chelimsky*
1910
1911 * Allow sweepers to be created solely for expiring after controller actions, not model changes *David Heinemeier Hansson*
1912
1913 * Added assigns method to ActionController::Caching::Sweeper to easily access instance variables on the controller *David Heinemeier Hansson*
1914
1915 * Give the legacy X-POST_DATA_FORMAT header greater precedence during params parsing for backward compatibility. *Jeremy Kemper*
1916
1917 * Fixed that link_to with an href of # when using :method will not allow for click-through without JavaScript #7037 *Steven Bristol, Josh Peek*
1918
1919 * Fixed that radio_button_tag should generate unique ids #3353 *Bob Silva, Rebecca, Josh Peek*
1920
1921 * Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 *Mislav Marohnić*
1922
1923 * Don't mistakenly interpret the request uri as the query string. #8731 *Pratik Naik, Jeremy Kemper*
1924
1925 * Make ActionView#view_paths an attr_accessor for real this time. Also, don't perform an unnecessary #compact on the @view_paths array in #initialize. Closes #8582 *dasil003, julik, Rick Olson*
1926
1927 * Tolerate missing content type on multipart file uploads. Fix for Safari 3. *Jeremy Kemper*
1928
1929 * Deprecation: remove pagination. Install the classic_pagination plugin for forward compatibility, or move to the superior will_paginate plugin. #8157 *Josh Peek*
1930
1931 * Action caching is limited to GET requests returning 200 OK status. #3335 *tom@craz8.com, halfbyte, Dan Kubb, Josh Peek*
1932
1933 * Improve Text Helper test coverage. #7274 *Rob Sanheim, Josh Peek*
1934
1935 * Improve helper test coverage. #7208, #7212, #7215, #7233, #7234, #7235, #7236, #7237, #7238, #7241, #7243, #7244 *Rich Collins, Josh Peek*
1936
1937 * Improve UrlRewriter tests. #7207 *Rich Collins*
1938
1939 * Resources: url_for([parent, child]) generates /parents/1/children/2 for the nested resource. Likewise with the other simply helpful methods like form_for and link_to. #6432 *mhw, Jonathan Vaught, lotswholetime*
1940
1941 * Assume html format when rendering partials in RJS. #8076 *Rick Olson*
1942
1943 * Don't double-escape url_for in views. #8144 *Rich Collins, Josh Peek*
1944
1945 * Allow JSON-style values for the :with option of observe_field. Closes #8557 *kommen*
1946
1947 * Remove RAILS_ROOT from backtrace paths. #8540 *Tim Pope*
1948
1949 * Routing: map.resource :logo routes to LogosController so the controller may be reused for multiple nestings or namespaces. *Jeremy Kemper*
1950
1951 * render :partial recognizes Active Record associations as Arrays. #8538 *Kamal Fariz Mahyuddin*
1952
1953 * Routing: drop semicolon and comma as route separators. *Jeremy Kemper*
1954
1955 * request.remote_ip understands X-Forwarded-For addresses with nonstandard whitespace. #7386 *moses*
1956
1957 * Don't prepare response when rendering a component. #8493 *jsierles*
1958
1959 * Reduce file stat calls when checking for template changes. #7736 *alex*
1960
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1961 * Added custom path cache_page/expire_page parameters in addition to the options hashes *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
1962
1963 def index
1964 caches_page(response.body, "/index.html")
1965 end
1966
1967 * Action Caching speedup. #8231 *Stefan Kaes*
1968
1969 * Wordsmith resources documentation. #8484 *marclove*
1970
1971 * Fix syntax error in code example for routing documentation. #8377. *Norbert Crombach*
1972
1973 * Routing: respond with 405 Method Not Allowed status when the route path matches but the HTTP method does not. #6953 *Josh Peek, defeated, Dan Kubb, Coda Hale*
1974
1975 * Add support for assert_select_rjs with :show and :hide. #7780 *dchelimsky*
1976
1977 * Make assert_select's failure messages clearer about what failed. #7779 *dchelimsky*
1978
1979 * Introduce a default respond_to block for custom types. #8174 *Josh Peek*
1980
1981 * auto_complete_field takes a :method option so you can GET or POST. #8120 *zapnap*
1982
1983 * Added option to suppress :size when using :maxlength for FormTagHelper#text_field #3112 *Tim Pope*
1984
1985 * catch possible WSOD when trying to render a missing partial. Closes #8454 *Jonathan del Strother*
1986
1987 * Rewind request body after reading it, if possible. #8438 *s450r1*
1988
1989 * Resource namespaces are inherited by their has_many subresources. #8280 *marclove, Geoff Garside*
1990
1991 * Fix filtered parameter logging with nil parameter values. #8422 *choonkeat*
1992
1993 * Integration tests: alias xhr to xml_http_request and add a request_method argument instead of always using POST. #7124 *Nik Wakelin, François Beausoleil, Wizard*
1994
1995 * Document caches_action. #5419 *Jarkko Laine*
1996
1997 * Update to Prototype 1.5.1. *Sam Stephenson*
1998
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
1999 * Allow routes to be decalred under namespaces *Tobias Lütke*:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2000
2001 map.namespace :admin do |admin|
2002 admin.root :controller => "products"
2003 admin.feed 'feed.xml', :controller => 'products', :action => 'feed', :format => 'xml'
2004 end
2005
2006 * Update to script.aculo.us 1.7.1_beta3. *Thomas Fuchs*
2007
2008 * observe_form always sends the serialized form. #5271 *Manfred Stienstra, normelton@gmail.com*
2009
2010 * Parse url-encoded and multipart requests ourselves instead of delegating to CGI. *Jeremy Kemper*
2011
2012 * select :include_blank option can be set to a string instead of true, which just uses an empty string. #7664 *Wizard*
2013
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2014 * Added url_for usage on render :location, which allows for record identification *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2015
2016 render :xml => person, :status => :created, :location => person
2017
2018 ...expands the location to person_url(person).
2019
2020 * Introduce the request.body stream. Lazy-read to parse parameters rather than always setting RAW_POST_DATA. Reduces the memory footprint of large binary PUT requests. *Jeremy Kemper*
2021
2022 * Add some performance enhancements to ActionView.
2023
2024 * Cache base_paths in @@cached_base_paths
2025 * Cache template extensions in @@cached_template_extension
2026 * Remove unnecessary rescues
2027
2028 * Assume that rendered partials go by the HTML format by default
2029
2030 def my_partial
2031 render :update do |page|
2032 # in this order
2033 # _foo.html.erb
2034 # _foo.erb
2035 # _foo.rhtml
2036 page.replace :foo, :partial => 'foo'
2037 end
2038 end
2039
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2040 * Added record identifications to FormHelper#form_for and PrototypeHelper#remote_form_for *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2041
2042 <% form_for(@post) do |f| %>
2043 ...
2044 <% end %>
2045
2046 This will expand to be the same as:
2047
2048 <% form_for :post, @post, :url => post_path(@post), :html => { :method => :put, :class => "edit_post", :id => "edit_post_45" } do |f| %>
2049 ...
2050 <% end %>
2051
2052 And for new records:
2053
2054 <% form_for(Post.new) do |f| %>
2055 ...
2056 <% end %>
2057
2058 This will expand to be the same as:
2059
2060 <% form_for :post, @post, :url => posts_path, :html => { :class => "new_post", :id => "new_post" } do |f| %>
2061 ...
2062 <% end %>
2063
2064 * Rationalize route path escaping according to RFC 2396 section 3.3. #7544, #8307. *Jeremy Kemper, Chris Roos, begemot, jugend*
2065
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2066 * Added record identification with polymorphic routes for ActionController::Base#url_for and ActionView::Base#url_for *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2067
2068 redirect_to(post) # => redirect_to(posts_url(post)) => Location: http://example.com/posts/1
2069 link_to(post.title, post) # => link_to(post.title, posts_url(post)) => <a href="/posts/1">Hello world</a>
2070
2071 Any method that calls url_for on its parameters will automatically benefit from this.
2072
2073 * Removed deprecated parameters_for_method_reference concept (legacy from before named routes) *David Heinemeier Hansson*
2074
2075 * Add ActionController::Routing::Helpers, a module to contain common URL helpers such as polymorphic_url. *Nicholas Seckar*
2076
2077 * Included the HttpAuthentication plugin as part of core (ActionController::HttpAuthentication::Basic) *David Heinemeier Hansson*
2078
2079 * Modernize documentation for form helpers. *Jeremy McAnally*
2080
2081 * Add brief introduction to REST to the resources documentation. *fearoffish*
2082
2083 * Fix various documentation typos throughout ActionPack. *Henrik N*
2084
2085 * Enhance documentation and add examples for url_for. *Jeremy McAnally*
2086
2087 * Fix documentation typo in routes. *Norbert Crombach, pam*
2088
2089 * Sweep flash when filter chain is halted. *Caio Chassot <lists@v2studio.com>*
2090
2091 * Fixed that content_tag with a block will just return the result instead of concate it if not used in a ERb view #7857, #7432 *michael.niessner*
2092
2093 * Replace the current block/continuation filter chain handling by an implementation based on a simple loop. #8226 *Stefan Kaes*
2094
2095 * Update UrlWriter to accept :anchor parameter. Closes #6771. *Chris McGrath*
2096
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2097 * Added RecordTagHelper for using RecordIdentifier conventions on divs and other container elements *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2098
2099 <% div_for(post) do %> <div id="post_45" class="post">
2100 <%= post.body %> What a wonderful world!
2101 <% end %> </div>
2102
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2103 * Added page[record] accessor to JavaScriptGenerator that relies on RecordIdentifier to find the right dom id *DHH*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2104
2105 format.js do
2106 # Calls: new Effect.fade('post_45');
2107 render(:update) { |page| page[post].visual_effect(:fade) }
2108 end
2109
2110 * Added RecordIdentifier to enforce view conventions on records for dom ids, classes, and partial paths *David Heinemeier Hansson*
2111
2112 * Added map.namespace to deal with the common situation of admin sections and the like *David Heinemeier Hansson*
2113
2114 Before:
2115
2116 map.resources :products, :path_prefix => "admin", :controller => "admin/products", :collection => { :inventory => :get }, :member => { :duplicate => :post }
2117 map.resources :tags, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_tags"
2118 map.resources :images, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_images"
2119 map.resources :variants, :name_prefix => 'admin_product_', :path_prefix => "admin/products/:product_id", :controller => "admin/product_variants"
2120
2121 After:
2122
2123 map.namespace(:admin) do |admin|
2124 admin.resources :products,
2125 :collection => { :inventory => :get },
2126 :member => { :duplicate => :post },
2127 :has_many => [ :tags, :images, :variants ]
2128 end
2129
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2130 * Added :name_prefix as standard for nested resources *DHH*. WARNING: May be backwards incompatible with your app
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2131
2132 Before:
2133
2134 map.resources :emails do |emails|
2135 emails.resources :comments, :name_prefix => "email_"
2136 emails.resources :attachments, :name_prefix => "email_"
2137 end
2138
2139 After:
2140
2141 map.resources :emails do |emails|
2142 emails.resources :comments
2143 emails.resources :attachments
2144 end
2145
2146 This does mean that if you intended to have comments_url go to /emails/5/comments, then you'll have to set :name_prefix to nil explicitly.
2147
2148 * Added :has_many and :has_one for declaring plural and singular resources beneath the current *David Heinemeier Hansson*
2149
2150 Before:
2151
2152 map.resources :notes do |notes|
2153 notes.resources :comments
2154 notes.resources :attachments
2155 notes.resource :author
2156 end
2157
2158 After:
2159
2160 map.resources :notes, :has_many => [ :comments, :attachments ], :has_one => :author
2161
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2162 * Added that render :xml will try to call to_xml if it can *DHH*. Makes these work:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2163
2164 render :xml => post
2165 render :xml => comments
2166
2167 * Added :location option to render so that the common pattern of rendering a response after creating a new resource is now a 1-liner *David Heinemeier Hansson*
2168
2169 render :xml => post.to_xml, :status => :created, :location => post_url(post)
2170
2171 * Ensure that render_text only adds string content to the body of the response *David Heinemeier Hansson*
2172
2173 * Return the string representation from an Xml Builder when rendering a partial. Closes #5044 *Tim Pope*
2174
2175 * Fixed that parameters from XML should also be presented in a hash with indifferent access *David Heinemeier Hansson*
2176
2177 * Tweak template format rules so that the ACCEPT header is only used if it's text/javascript. This is so ajax actions without a :format param get recognized as Mime::JS. *Rick Olson*
2178
2179 * The default respond_to blocks don't set a specific extension anymore, so that both 'show.rjs' and 'show.js.rjs' will work. *Rick Olson*
2180
2181 * Allow layouts with extension of .html.erb. Closes #8032 *Josh Knowles*
2182
2183 * Change default respond_to templates for xml and rjs formats. *Rick Olson*
2184
2185 * Default xml template goes from #{action_name}.rxml => #{action_name}.xml.builder.
2186 * Default rjs template goes from #{action_name}.rjs => #{action_name}.js.rjs.
2187
2188 You can still specify your old templates:
2189
2190 respond_to do |format|
2191 format.xml do
2192 render :action => "#{action_name}.rxml"
2193 end
2194 end
2195
2196 * Fix WSOD due to modification of a formatted template extension so that requests to templates like 'foo.html.erb' fail on the second hit. *Rick Olson*
2197
2198 * Fix WSOD when template compilation fails *Rick Olson*
2199
2200 * Change ActionView template defaults. Look for templates using the request format first, such as "show.html.erb" or "show.xml.builder", before looking for the old defaults like "show.erb" or "show.builder" *Rick Olson*
2201
2202 * Highlight helper highlights one or many terms in a single pass. *Jeremy Kemper*
2203
2204 * Dropped the use of ; as a separator of non-crud actions on resources and went back to the vanilla slash. It was a neat idea, but lots of the non-crud actions turned out not to be RPC (as the ; was primarily intended to discourage), but legitimate sub-resources, like /parties/recent, which didn't deserve the uglification of /parties;recent. Further more, the semicolon caused issues with caching and HTTP authentication in Safari. Just Not Worth It *David Heinemeier Hansson*
2205
2206 * Added that FormTagHelper#submit_tag will return to its original state if the submit fails and you're using :disable_with *David Heinemeier Hansson*
2207
2208 * Cleaned up, corrected, and mildly expanded ActionPack documentation. Closes #7190 *Jeremy McAnally*
2209
2210 * Small collection of ActionController documentation cleanups. Closes #7319 *Jeremy McAnally*
2211
2212 * Make sure the route expiry hash is constructed by comparing the to_param-ized values of each hash. *Jamis Buck*
2213
2214 * Allow configuration of the default action cache path for #caches_action calls. *Rick Olson*
2215
2216 class ListsController < ApplicationController
2217 caches_action :index, :cache_path => Proc.new { |controller|
2218 controller.params[:user_id] ?
2219 controller.send(:user_lists_url, c.params[:user_id]) :
2220 controller.send(:lists_url) }
2221 end
2222
2223 * Performance: patch cgi/session/pstore to require digest/md5 once rather than per #initialize. #7583 *Stefan Kaes*
2224
2225 * Cookie session store: ensure that new sessions doesn't reuse data from a deleted session in the same request. *Jeremy Kemper*
2226
2227 * Deprecation: verification with :redirect_to => :named_route shouldn't be deprecated. #7525 *Justin French*
2228
2229 * Cookie session store: raise ArgumentError when :session_key is blank. *Jeremy Kemper*
2230
2231 * Deprecation: remove deprecated request, redirect, and dependency methods. Remove deprecated instance variables. Remove deprecated url_for(:symbol, *args) and redirect_to(:symbol, *args) in favor of named routes. Remove uses_component_template_root for toplevel components directory. Privatize deprecated render_partial and render_partial_collection view methods. Remove deprecated link_to_image, link_image_to, update_element_function, start_form_tag, and end_form_tag helper methods. Remove deprecated human_size helper alias. *Jeremy Kemper*
2232
2233 * Consistent public/protected/private visibility for chained methods. #7813 *Dan Manges*
2234
2235 * Prefer MIME constants to strings. #7707 *Dan Kubb*
2236
2237 * Allow array and hash query parameters. Array route parameters are converted/to/a/path as before. #6765, #7047, #7462 *bgipsy, Jeremy McAnally, Dan Kubb, brendan*
2238
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2239 \# Add a #dbman attr_reader for CGI::Session and make CGI::Session::CookieStore#generate_digest public so it's easy to generate digests using the cookie store's secret. *Rick Olson*
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2240 * Added Request#url that returns the complete URL used for the request *David Heinemeier Hansson*
2241
2242 * Extract dynamic scaffolding into a plugin. #7700 *Josh Peek*
2243
2244 * Added user/password options for url_for to add http authentication in a URL *David Heinemeier Hansson*
2245
2246 * Fixed that FormTagHelper#text_area_tag should disregard :size option if it's not a string *Brendon Davidson*
2247
2248 * Set the original button value in an attribute of the button when using the :disable_with key with submit_tag, so that the original can be restored later. *Jamis Buck*
2249
2250 * session_enabled? works with session :off. #6680 *Jonathan del Strother*
2251
2252 * Added :port and :host handling to UrlRewriter (which unified url_for usage, regardless of whether it's called in view or controller) #7616 *alancfrancis*
2253
2254 * Allow send_file/send_data to use a registered mime type as the :type parameter #7620 *jonathan*
2255
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2256 * Allow routing requirements on map.resource(s) #7633 *quixoten*. Example:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2257
2258 map.resources :network_interfaces, :requirements => { :id => /^\d+\.\d+\.\d+\.\d+$/ }
2259
2260 * Cookie session store: empty and unchanged sessions don't write a cookie. *Jeremy Kemper*
2261
2262 * Added helper(:all) as a way to include all helpers from app/helpers/**/*.rb in ApplicationController *David Heinemeier Hansson*
2263
2264 * Integration tests: introduce methods for other HTTP methods. #6353 *caboose*
2265
2266 * Routing: better support for escaped values in route segments. #7544 [Chris
2267 Roos]
2268 * Introduce a cookie-based session store as the Rails default. Sessions typically contain at most a user_id and flash message; both fit within the 4K cookie size limit. A secure message digest is included with the cookie to ensure data integrity (a user cannot alter his user_id without knowing the secret key included in the digest). If you have more than 4K of session data or don't want your data to be visible to the user, pick another session store. Cookie-based sessions are dramatically faster than the alternatives. *Jeremy Kemper*
2269
2270 Example config/environment.rb:
2271 # Use an application-wide secret key and the default SHA1 message digest.
2272 config.action_controller.session = { :secret => "can't touch this" }
2273
2274 # Store a secret key per user and employ a stronger message digest.
2275 config.action_controller.session = {
2276 :digest => 'SHA512',
2277 :secret => Proc.new { User.current.secret_key }
2278 }
2279
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2280 * Added .erb and .builder as preferred aliases to the now deprecated .rhtml and .rxml extensions *Chad Fowler*. This is done to separate the renderer from the mime type. .erb templates are often used to render emails, atom, csv, whatever. So labeling them .rhtml doesn't make too much sense. The same goes for .rxml, which can be used to build everything from HTML to Atom to whatever. .rhtml and .rxml will continue to work until Rails 3.0, though. So this is a slow phasing out. All generators and examples will start using the new aliases, though.
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2281
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2282 * Added caching option to AssetTagHelper#stylesheet_link_tag and AssetTagHelper#javascript_include_tag *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2283
2284 stylesheet_link_tag :all, :cache => true # when ActionController::Base.perform_caching is false =>
2285 <link href="/stylesheets/style1.css" media="screen" rel="Stylesheet" type="text/css" />
2286 <link href="/stylesheets/styleB.css" media="screen" rel="Stylesheet" type="text/css" />
2287 <link href="/stylesheets/styleX2.css" media="screen" rel="Stylesheet" type="text/css" />
2288
2289 stylesheet_link_tag :all, :cache => true # when ActionController::Base.perform_caching is true =>
2290 <link href="/stylesheets/all.css" media="screen" rel="Stylesheet" type="text/css" />
2291
2292 ...when caching is on, all.css is the concatenation of style1.css, styleB.css, and styleX2.css.
2293 Same deal for JavaScripts.
2294
2295 * Work around the two connection per host browser limit: use asset%d.myapp.com to distribute asset requests among asset[0123].myapp.com. Use a DNS wildcard or CNAMEs to map these hosts to your asset server. See http://www.die.net/musings/page_load_time/ for background. *Jeremy Kemper*
2296
2297 * Added default mime type for CSS (Mime::CSS) *David Heinemeier Hansson*
2298
2299 * Added that rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified and the response body will be set to an empty string. *David Heinemeier Hansson*
2300
2301 * Added X-Runtime to all responses with the request run time *David Heinemeier Hansson*
2302
2303 * Add Mime::Type convenience methods to check the current mime type. *Rick Olson*
2304
2305 request.format.html? # => true if Mime::HTML
2306 request.format.jpg? # => true if Mime::JPG
2307
2308 \# ActionController sample usage:
2309 \# the session will be disabled for non html/ajax requests
2310 session :off, :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
2311
2312 * Performance: patch cgi/session to require digest/md5 once rather than per #create_new_id. *Stefan Kaes*
2313
2314 * Add a :url_based_filename => true option to ActionController::Streaming::send_file, which allows URL-based filenames. *Thomas Fuchs*
2315
2316 * Fix that FormTagHelper#submit_tag using :disable_with should trigger the onsubmit handler of its form if available *David Heinemeier Hansson*
2317
2318 * Fix #render_file so that TemplateError is called with the correct params and you don't get the WSOD. *Rick Olson*
2319
2320 * Fix issue with deprecation messing up #template_root= usage. Add #prepend_view_path and #append_view_path to allow modification of a copy of the
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2321 superclass' view_paths. *Rick Olson*
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2322 * Allow Controllers to have multiple view_paths instead of a single template_root. Closes #2754 *John Long*
2323
2324 * Add much-needed html-scanner tests. Fixed CDATA parsing bug. *Rick Olson*
2325
2326 * improve error message for Routing for named routes. Closes #7346 *Rob Sanheim*
2327
2328 * Added enhanced docs to routing assertions. Closes #7359 *Rob Sanheim*
2329
2330 * fix form_for example in ActionController::Resources documentation. Closes #7362 *gnarg*
2331
2332 * Make sure that the string returned by TextHelper#truncate is actually a string, not a char proxy -- that should only be used internally while working on a multibyte-safe way of truncating *David Heinemeier Hansson*
2333
2334 * Added FormBuilder#submit as a delegate for FormTagHelper#submit_tag *David Heinemeier Hansson*
2335
2336 * Allow Routes to generate all urls for a set of options by specifying :generate_all => true. Allows caching to properly set or expire all paths for a resource. References #1739. *Nicholas Seckar*
2337
2338 * Change the query parser to map empty GET params to "" rather than nil. Closes #5694. *Nicholas Seckar*
2339
2340 * date_select and datetime_select take a :default option. #7052 *Nik Wakelin*
2341 date_select "post", "written_on", :default => 3.days.from_now
2342 date_select "credit_card", "bill_due", :default => { :day => 20 }
2343
2344 * select :multiple => true suffixes the attribute name with [] unless already suffixed. #6977 *nik.kakelin, ben, julik*
2345
2346 * Improve routes documentation. #7095 *zackchandler*
2347
2348 * mail_to :encode => 'hex' also encodes the mailto: part of the href attribute as well as the linked email when no name is given. #2061 *Jarkko Laine, pfc.pille@gmx.net*
2349
2350 * Resource member routes require :id, eliminating the ambiguous overlap with collection routes. #7229 *dkubb*
2351
2352 * Remove deprecated assertions. *Jeremy Kemper*
2353
2354 * Change session restoration to allow namespaced models to be autoloaded. Closes #6348. *Nicholas Seckar*
2355
2356 * Fix doubly appearing parameters due to string and symbol mixups. Closes #2551. *Anthony Eden*
2357
2358 * Fix overly greedy rescues when loading helpers. Fixes #6268. *Nicholas Seckar*
2359
2360 * Fixed NumberHelper#number_with_delimiter to use "." always for splitting the original number, not the delimiter parameter #7389 *ceefour*
2361
2362 * Autolinking recognizes trailing and embedded . , : ; #7354 *Jarkko Laine*
2363
2364 * Make TextHelper::auto_link recognize URLs with colons in path correctly, fixes #7268. *imajes*
2365
2366 * Update to script.aculo.us 1.7.0. *Thomas Fuchs*
2367
2368 * Modernize cookie testing code, and increase coverage (Heckle++) #7101 *Kevin Clark*
2369
2370 * Improve Test Coverage for ActionController::Routing::Route#matches_controller_and_action? (Heckle++) #7115 *Kevin Clark*
2371
2372 * Heckling ActionController::Resources::Resource revealed that set_prefixes didn't break when :name_prefix was munged. #7081 *Kevin Clark*
2373
2374 * Fix #distance_of_time_in_words to report accurately against the Duration class. #7114 *eventualbuddha*
2375
2376 * Refactor #form_tag to allow easy extending. *Rick Olson*
2377
2378 * Update to Prototype 1.5.0. *Sam Stephenson*
2379
2380 * RecordInvalid, RecordNotSaved => 422 Unprocessable Entity, StaleObjectError => 409 Conflict. #7097 *dkubb*
2381
2382 * Allow fields_for to be nested inside form_for, so that the name and id get properly constructed *Jamis Buck*
2383
2384 * Allow inGroupsOf and eachSlice to be called through rjs. #7046 *Cody Fauser*
2385
2386 * Allow exempt_from_layout :rhtml. #6742, #7026 *Dan Manges, Squeegy*
2387
2388 * Recognize the .txt extension as Mime::TEXT *Rick Olson*
2389
2390 * Fix parsing of array[] CGI parameters so extra empty values aren't included. #6252 *Nicholas Seckar, aiwilliams, brentrowland*
2391
2392 * link_to_unless_current works with full URLs as well as paths. #6891 *Jarkko Laine, Manfred Stienstra, idrifter*
2393
2394 * Lookup the mime type for #auto_discovery_link_tag in the Mime::Type class. Closes #6941 *Josh Peek*
2395
2396 * Fix bug where nested resources ignore a parent singleton parent's path prefix. Closes #6940 *Dan Kubb*
2397
2398 * Fix no method error with error_messages_on. Closes #6935 *nik.wakelin Koz*
2399
2400 * Slight doc tweak to the ActionView::Helpers::PrototypeHelper#replace docs. Closes #6922 *Steven Bristol*
2401
2402 * Slight doc tweak to #prepend_filter. Closes #6493 *Jeremy Voorhis*
2403
2404 * Add more extensive documentation to the AssetTagHelper. Closes #6452 *Bob Silva*
2405
2406 * Clean up multiple calls to #stringify_keys in TagHelper, add better documentation and testing for TagHelper. Closes #6394 *Bob Silva*
2407
2408 * [DOCS] fix reference to ActionController::Macros::AutoComplete for #text_field_with_auto_complete. Closes #2578 *Jan Prill*
2409
2410 * Make sure html_document is reset between integration test requests. *ctm*
2411
2412 * Set session to an empty hash if :new_session => false and no session cookie or param is present. CGI::Session was raising an unrescued ArgumentError. *Josh Susser*
2413
2414 * Routing uses URI escaping for path components and CGI escaping for query parameters. *darix, Jeremy Kemper*
2415
2416 * Fix assert_redirected_to bug where redirecting from a nested to to a top-level controller incorrectly added the current controller's nesting. Closes #6128. *Rick Olson*
2417
2418 * Singleton resources: POST /singleton => create, GET /singleton/new => new. *Jeremy Kemper*
2419
2420 * Use 400 Bad Request status for unrescued ActiveRecord::RecordInvalid exceptions. *Jeremy Kemper*
2421
2422 * Silence log_error deprecation warnings from inspecting deprecated instance variables. *Nate Wiger*
2423
2424 * Only cache GET requests with a 200 OK response. #6514, #6743 *RSL, anamba*
2425
2426 * Add a 'referer' attribute to TestRequest. *Jamis Buck*
2427
2428 * Ensure render :json => ... skips the layout. Closes #6808 *Josh Peek*
2429
2430 * Fix HTML::Node to output double quotes instead of single quotes. Closes #6845 *mitreandy*
2431
2432 * Correctly report which filter halted the chain. #6699 *Martin Emde*
2433
2434 * Fix a bug in Routing where a parameter taken from the path of the current request could not be used as a query parameter for the next. Closes #6752. *Nicholas Seckar*
2435
2436 * Unrescued ActiveRecord::RecordNotFound responds with 404 instead of 500. *Jeremy Kemper*
2437
2438 * Improved auto_link to match more valid urls correctly *Tobias Lütke*
2439
2440 * Add singleton resources. *Rick Olson*
2441
2442 map.resource :account
2443
2444 GET /account
2445 GET /account;edit
2446 UPDATE /account
2447 DELETE /account
2448
2449 * respond_to recognizes JSON. render :json => @person.to_json automatically sets the content type and takes a :callback option to specify a client-side function to call using the rendered JSON as an argument. #4185 *Scott Raymond, eventualbuddha*
2450 # application/json response with body 'Element.show({:name: "David"})'
2451 respond_to do |format|
2452 format.json { render :json => { :name => "David" }.to_json, :callback => 'Element.show' }
2453 end
2454
2455 * Makes :discard_year work without breaking multi-attribute parsing in AR. #1260, #3800 *sean@ardismg.com, jmartin@desertflood.com, stephen@touset.org, Bob Silva*
2456
2457 * Adds html id attribute to date helper elements. #1050, #1382 *mortonda@dgrmm.net, David North, Bob Silva*
2458
2459 * Add :index and @auto_index capability to model driven date/time selects. #847, #2655 *moriq, Doug Fales, Bob Silva*
2460
2461 * Add :order to datetime_select, select_datetime, and select_date. #1427 *Timothee Peignier, Patrick Lenz, Bob Silva*
2462
2463 * Added time_select to work with time values in models. Update scaffolding. #2489, #2833 *Justin Palmer, Andre Caum, Bob Silva*
2464
2465 * Added :include_seconds to select_datetime, datetime_select and time_select. #2998 *csn, Bob Silva*
2466
2467 * All date/datetime selects can now accept an array of month names with :use_month_names. Allows for localization. #363 *tomasj, Bob Silva*
2468
2469 * Adds :time_separator to select_time and :date_separator to select_datetime. Preserves BC. #3811 *Bob Silva*
2470
2471 * Added map.root as an alias for map.connect '' *David Heinemeier Hansson*
2472
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2473 * Added Request#format to return the format used for the request as a mime type. If no format is specified, the first Request#accepts type is used. This means you can stop using respond_to for anything else than responses *DHH*. Examples:
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2474
2475 GET /posts/5.xml | request.format => Mime::XML
2476 GET /posts/5.xhtml | request.format => Mime::HTML
2477 GET /posts/5 | request.format => request.accepts.first (usually Mime::HTML for browsers)
2478
84054a7 @joneslee85 Fix typos and formats for CHANGELOG
joneslee85 authored
2479 * Added the option for extension aliases to mime type registration *DHH*. Example (already in the default routes):
281272a @jonleighton Convert CHANGELOGs to Markdown format.
jonleighton authored
2480
2481 Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
2482
2483 ...will respond on both .html and .xhtml.
2484
2485 * @response.redirect_url works with 201 Created responses: just return headers['Location'] rather than checking the response status. *Jeremy Kemper*
2486
2487 * Added CSV to Mime::SET so that respond_to csv will work *Cody Fauser*
2488
2489 * Fixed that HEAD should return the proper Content-Length header (that is, actually use @body.size, not just 0) *David Heinemeier Hansson*
2490
2491 * Added GET-masquarading for HEAD, so request.method will return :get even for HEADs. This will help anyone relying on case request.method to automatically work with HEAD and map.resources will also allow HEADs to all GET actions. Rails automatically throws away the response content in a reply to HEAD, so you don't even need to worry about that. If you, for whatever reason, still need to distinguish between GET and HEAD in some edge case, you can use Request#head? and even Request.headers["REQUEST_METHOD"] for get the "real" answer. Closes #6694 *David Heinemeier Hansson*
2492
2493 * Update Routing to complain when :controller is not specified by a route. Closes #6669. *Nicholas Seckar*
2494
2495 * Ensure render_to_string cleans up after itself when an exception is raised. #6658 *Rob Sanheim*
2496
2497 * Extract template_changed_since? from compile_template? so plugins may override its behavior for non-file-based templates. #6651 *Jeff Barczewski*
2498
2499 * Update to Prototype and script.aculo.us [5579]. *Thomas Fuchs*
2500
2501 * simple_format helper doesn't choke on nil. #6644 *jerry426*
2502
2503 * Update to Prototype 1.5.0_rc2 [5550] which makes it work in Opera again *Thomas Fuchs*
2504
2505 * Reuse named route helper module between Routing reloads. Use remove_method to delete named route methods after each load. Since the module is never collected, this fixes a significant memory leak. *Nicholas Seckar*
2506
2507 * ActionView::Base.erb_variable accessor names the buffer variable used to render templates. Defaults to _erbout; use _buf for erubis. *Rick Olson*
2508
2509 * assert_select_rjs :remove. *Dylan Egan*
2510
2511 * Always clear model associations from session. #4795 *sd@notso.net, andylien@gmail.com*
2512
2513 * Update to Prototype 1.5.0_rc2. *Sam Stephenson*
2514
2515 * Remove JavaScriptLiteral in favor of ActiveSupport::JSON::Variable. *Sam Stephenson*
2516
2517 * Sync ActionController::StatusCodes::STATUS_CODES with http://www.iana.org/assignments/http-status-codes. #6586 *dkubb*
2518
2519 * Multipart form values may have a content type without being treated as uploaded files if they do not provide a filename. #6401 *Andreas Schwarz, Jeremy Kemper*
2520
2521 * assert_response supports symbolic status codes. #6569 *Kevin Clark*
2522 assert_response :ok
2523 assert_response :not_found
2524 assert_response :forbidden
2525
2526 * Cache parsed query parameters. #6559 *Stefan Kaes*
2527
2528 * Deprecate JavaScriptHelper#update_element_function, which is superseeded by RJS *Thomas Fuchs*
2529
2530 * pluralize helper interprets nil as zero. #6474 *Tim Pope*
2531
2532 * Fix invalid test fixture exposed by stricter Ruby 1.8.5 multipart parsing. #6524 *Bob Silva*
2533
2534 * Set ActionView::Base.default_form_builder once rather than passing the :builder option to every form or overriding the form helper methods. *Jeremy Kemper*
2535
2536 * Deprecate expire_matched_fragments. Use expire_fragment instead. #6535 *Bob Silva*
2537
2538 * Update to latest Prototype, which doesn't serialize disabled form elements, adds clone() to arrays, empty/non-string Element.update() and adds a fixes excessive error reporting in WebKit beta versions *Thomas Fuchs*
2539
2540 * Deprecate start_form_tag and end_form_tag. Use form_tag / '</form>' from now on. *Rick Olson*
2541
2542 * Added block-usage to PrototypeHelper#form_remote_tag, document block-usage of FormTagHelper#form_tag *Rick Olson*
2543
2544 * Add a 0