Fixed an issue with migrating legacy json cookies.
VerifyAndUpgradeLegacySignedMessageassumes all incoming cookies are marshal-encoded. This is not the case when
secret_tokenis used in conjunction with the
In those case, when upgrading to use
secret_key_base, this would cause a
TypeError: incompatible marshal file formatand a 500 error for the user.
Make URL escaping more consistent:
- Escape '%' characters in URLs - only unescaped data should be passed to URL helpers
- Add an
Router::Utilsthat escapes '/' characters
escape_fragmentin optimized URL generation
escape_pathin URL generation
For point 4 there are two exceptions. Firstly, when a route uses wildcard segments (e.g. *foo) then we use
escape_pathas the value may contain '/' characters. This means that wildcard routes can't be optimized. Secondly, if a
:controllersegment is used in the path then this uses
escape_pathas the controller may be namespaced.
Fixes #14629, #14636 and #14070.
Andrew White, Edho Arief
Returns null type format when format is not know and controller is using
Rafael Mendonça França
Improve routing error page with fuzzy matching search.
Only make deeply nested routes shallow when parent is shallow.
Andrew White, James Coglan
Append link to bad code to backtrace when exception is SyntaxError.
Swapped the parameters of assert_equal in
assert_selectso that the proper values were printed correctly
shallow?returns false if the parent resource is a singleton so we need to check if we're not inside a nested scope before copying the :path and :as options to their shallow equivalents.
Make logging of CSRF failures optional (but on by default) with the
log_warning_on_csrf_failureconfiguration setting in
Fix URL generation in controller tests with request-dependent
Please check 4-1-stable for previous changes.