Permalink
Browse files

Merge branch 'master' of git@github.com:lifo/docrails

  • Loading branch information...
2 parents 6aca445 + 8292c7d commit dbbd757edd896947e33fdf18ba870b8df5974d62 @radar radar committed Oct 1, 2008
Showing with 4,804 additions and 3,989 deletions.
  1. +1 −1 actionmailer/lib/action_mailer/version.rb
  2. +2 −0 actionpack/CHANGELOG
  3. +1 −1 actionpack/lib/action_controller/base.rb
  4. +2 −22 actionpack/lib/action_controller/cgi_ext/session.rb
  5. +2 −1 actionpack/lib/action_controller/cgi_process.rb
  6. +2 −1 actionpack/lib/action_controller/rack_process.rb
  7. +2 −1 actionpack/lib/action_controller/session/cookie_store.rb
  8. +4 −0 actionpack/lib/action_controller/session_management.rb
  9. +1 −1 actionpack/lib/action_pack/version.rb
  10. +1 −1 actionpack/lib/action_view.rb
  11. +0 −1 actionpack/lib/action_view/helpers.rb
  12. +316 −148 actionpack/lib/action_view/helpers/asset_tag_helper.rb
  13. +0 −92 actionpack/lib/action_view/helpers/form_country_helper.rb
  14. +4 −4 actionpack/lib/action_view/helpers/form_helper.rb
  15. +0 −3 actionpack/lib/action_view/helpers/form_options_helper.rb
  16. +80 −126 actionpack/lib/action_view/helpers/text_helper.rb
  17. +9 −4 actionpack/lib/action_view/template.rb
  18. +10 −20 actionpack/lib/action_view/template_error.rb
  19. +52 −1 actionpack/test/controller/session/cookie_store_test.rb
  20. +1 −0 actionpack/test/fixtures/test/sub_template_raise.html.erb
  21. +60 −4 actionpack/test/template/asset_tag_helper_test.rb
  22. +0 −1,549 actionpack/test/template/form_country_helper_test.rb
  23. +17 −1 actionpack/test/template/render_test.rb
  24. +8 −0 activerecord/CHANGELOG
  25. +2 −2 activerecord/lib/active_record.rb
  26. +45 −10 activerecord/lib/active_record/associations.rb
  27. +25 −7 activerecord/lib/active_record/associations/association_collection.rb
  28. +4 −1 activerecord/lib/active_record/associations/has_many_association.rb
  29. +2 −2 activerecord/lib/active_record/associations/has_many_through_association.rb
  30. +8 −2 activerecord/lib/active_record/attribute_methods.rb
  31. +32 −14 activerecord/lib/active_record/base.rb
  32. +4 −0 activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb
  33. +6 −1 activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
  34. +26 −0 activerecord/lib/active_record/i18n_interpolation_deprecation.rb
  35. +1 −1 activerecord/lib/active_record/schema_dumper.rb
  36. +2 −2 activerecord/lib/active_record/validations.rb
  37. +1 −1 activerecord/lib/active_record/version.rb
  38. +15 −0 activerecord/test/cases/associations/extension_test.rb
  39. +10 −1 activerecord/test/cases/associations/has_and_belongs_to_many_associations_test.rb
  40. +24 −0 activerecord/test/cases/associations/has_many_associations_test.rb
  41. +9 −0 activerecord/test/cases/associations/has_many_through_associations_test.rb
  42. +8 −0 activerecord/test/cases/associations_test.rb
  43. +56 −4 activerecord/test/cases/attribute_methods_test.rb
  44. +67 −7 activerecord/test/cases/base_test.rb
  45. +31 −0 activerecord/test/cases/defaults_test.rb
  46. +13 −2 activerecord/test/cases/finder_test.rb
  47. +14 −0 activerecord/test/cases/helper.rb
  48. +30 −0 activerecord/test/cases/method_scoping_test.rb
  49. +5 −1 activerecord/test/cases/migration_test.rb
  50. +6 −0 activerecord/test/cases/named_scope_test.rb
  51. +4 −4 activerecord/test/cases/sanitize_test.rb
  52. +5 −1 activerecord/test/cases/validations_i18n_test.rb
  53. +1 −1 activeresource/lib/active_resource/connection.rb
  54. +10 −2 activeresource/test/connection_test.rb
  55. +8 −0 activesupport/CHANGELOG
  56. +147 −0 activesupport/bin/generate_tables
  57. +1 −1 activesupport/lib/active_support.rb
  58. +1 −1 activesupport/lib/active_support/buffered_logger.rb
  59. +24 −9 activesupport/lib/active_support/core_ext/date/calculations.rb
  60. +19 −5 activesupport/lib/active_support/core_ext/date_time/calculations.rb
  61. +1 −1 activesupport/lib/active_support/core_ext/file/atomic.rb
  62. +1 −1 activesupport/lib/active_support/core_ext/hash/slice.rb
  63. +4 −2 activesupport/lib/active_support/core_ext/string.rb
  64. +5 −5 activesupport/lib/active_support/core_ext/string/access.rb
  65. +81 −0 activesupport/lib/active_support/core_ext/string/multibyte.rb
  66. +0 −66 activesupport/lib/active_support/core_ext/string/unicode.rb
  67. +26 −11 activesupport/lib/active_support/core_ext/time/calculations.rb
  68. +11 −5 activesupport/lib/active_support/inflector.rb
  69. +30 −6 activesupport/lib/active_support/multibyte.rb
  70. +664 −127 activesupport/lib/active_support/multibyte/chars.rb
  71. +8 −0 activesupport/lib/active_support/multibyte/exceptions.rb
  72. +0 −149 activesupport/lib/active_support/multibyte/generators/generate_tables.rb
  73. +0 −9 activesupport/lib/active_support/multibyte/handlers/passthru_handler.rb
  74. +0 −564 activesupport/lib/active_support/multibyte/handlers/utf8_handler.rb
  75. +0 −43 activesupport/lib/active_support/multibyte/handlers/utf8_handler_proc.rb
  76. +71 −0 activesupport/lib/active_support/multibyte/unicode_database.rb
  77. +7 −1 activesupport/lib/active_support/test_case.rb
  78. +53 −41 activesupport/lib/active_support/time_with_zone.rb
  79. BIN activesupport/lib/active_support/values/unicode_tables.dat
  80. +17 −10 activesupport/lib/active_support/vendor/i18n-0.0.1/i18n.rb
  81. +12 −9 activesupport/lib/active_support/vendor/i18n-0.0.1/i18n/backend/simple.rb
  82. +1 −1 activesupport/lib/active_support/version.rb
  83. +19 −0 activesupport/test/abstract_unit.rb
  84. +23 −0 activesupport/test/core_ext/date_ext_test.rb
  85. +75 −0 activesupport/test/core_ext/date_time_ext_test.rb
  86. +10 −0 activesupport/test/core_ext/hash_ext_test.rb
  87. +53 −6 activesupport/test/core_ext/string_ext_test.rb
  88. +75 −6 activesupport/test/core_ext/time_ext_test.rb
  89. +64 −10 activesupport/test/core_ext/time_with_zone_test.rb
  90. +6 −0 activesupport/test/inflector_test.rb
  91. +4 −1 activesupport/test/inflector_test_cases.rb
  92. +0 −12 activesupport/test/json/encoding_test.rb
  93. +544 −161 activesupport/test/multibyte_chars_test.rb
  94. +44 −61 activesupport/test/multibyte_conformance.rb
  95. +0 −372 activesupport/test/multibyte_handler_test.rb
  96. +19 −0 activesupport/test/multibyte_test_helpers.rb
  97. +28 −0 activesupport/test/multibyte_unicode_database_test.rb
  98. +5 −2 railties/Rakefile
  99. BIN railties/doc/guides/.DS_Store
  100. +28 −0 railties/doc/guides/actioncontroller/actioncontroller.txt
  101. +26 −0 railties/doc/guides/actioncontroller/cookies.txt
  102. +118 −0 railties/doc/guides/actioncontroller/filters.txt
  103. +24 −0 railties/doc/guides/actioncontroller/http_auth.txt
  104. +7 −0 railties/doc/guides/actioncontroller/introduction.txt
  105. +37 −0 railties/doc/guides/actioncontroller/methods.txt
  106. +14 −0 railties/doc/guides/actioncontroller/parameter_filtering.txt
  107. +62 −0 railties/doc/guides/actioncontroller/params.txt
  108. +35 −0 railties/doc/guides/actioncontroller/request_response_objects.txt
  109. +3 −0 railties/doc/guides/actioncontroller/rescue.txt
  110. +130 −0 railties/doc/guides/actioncontroller/session.txt
  111. +91 −0 railties/doc/guides/actioncontroller/streaming.txt
  112. +3 −0 railties/doc/guides/actioncontroller/verification.txt
  113. +592 −5 railties/doc/guides/actionview/layouts_and_rendering.txt
  114. +241 −152 railties/doc/guides/activerecord/association_basics.txt
  115. BIN railties/doc/guides/activerecord/images/has_many_through.png
  116. BIN railties/doc/guides/activerecord/images/polymorphic.png
  117. BIN railties/doc/guides/benchmarking_and_profiling/examples/.DS_Store
  118. +1 −1 railties/doc/guides/benchmarking_and_profiling/rubyprof.txt
  119. +1 −1 railties/doc/guides/debugging/debugging_rails_applications.txt
  120. +67 −31 railties/doc/guides/index.txt
  121. +1 −1 railties/doc/guides/migrations/migrations.txt
  122. +8 −8 railties/doc/guides/routing/routing_outside_in.txt
  123. +98 −39 railties/doc/guides/testing_rails_applications/testing_rails_applications.txt
  124. +3 −1 railties/lib/rails/gem_dependency.rb
  125. +1 −1 railties/lib/rails/version.rb
  126. +10 −2 railties/lib/tasks/databases.rake
  127. +1 −1 railties/test/gem_dependency_test.rb
@@ -1,7 +1,7 @@
module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 1
+ MINOR = 2
TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
View
@@ -1,5 +1,7 @@
*Edge*
+* Set HttpOnly for the cookie session store's cookie. #1046
+
* Added FormTagHelper#image_submit_tag confirm option #784 [Alastair Brunton]
* Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 [Jose Fernandez]
@@ -252,7 +252,7 @@ class UnknownHttpMethod < ActionControllerError #:nodoc:
#
# def do_something
# redirect_to(:action => "elsewhere") and return if monkeys.nil?
- # render :action => "overthere" # won't be called unless monkeys is nil
+ # render :action => "overthere" # won't be called if monkeys is nil
# end
#
class Base
@@ -6,28 +6,8 @@ class CGI #:nodoc:
# * Expose the CGI instance to session stores.
# * Don't require 'digest/md5' whenever a new session id is generated.
class Session #:nodoc:
- begin
- require 'securerandom'
-
- # Generate a 32-character unique id using SecureRandom.
- # This is used to generate session ids but may be reused elsewhere.
- def self.generate_unique_id(constant = nil)
- SecureRandom.hex(16)
- end
- rescue LoadError
- # Generate an 32-character unique id based on a hash of the current time,
- # a random number, the process id, and a constant string. This is used
- # to generate session ids but may be reused elsewhere.
- def self.generate_unique_id(constant = 'foobar')
- md5 = Digest::MD5.new
- now = Time.now
- md5 << now.to_s
- md5 << String(now.usec)
- md5 << String(rand(0))
- md5 << String($$)
- md5 << constant
- md5.hexdigest
- end
+ def self.generate_unique_id(constant = nil)
+ ActiveSupport::SecureRandom.hex(16)
end
# Make the CGI instance available to session stores.
@@ -42,7 +42,8 @@ class SessionFixationAttempt < StandardError #:nodoc:
:prefix => "ruby_sess.", # prefix session file names
:session_path => "/", # available to all paths in app
:session_key => "_session_id",
- :cookie_only => true
+ :cookie_only => true,
+ :session_http_only=> true
}
def initialize(cgi, session_options = {})
@@ -14,7 +14,8 @@ class SessionFixationAttempt < StandardError #:nodoc:
:prefix => "ruby_sess.", # prefix session file names
:session_path => "/", # available to all paths in app
:session_key => "_session_id",
- :cookie_only => true
+ :cookie_only => true,
+ :session_http_only=> true
}
def initialize(env, session_options = DEFAULT_SESSION_OPTIONS)
@@ -70,7 +70,8 @@ def initialize(session, options = {})
'path' => options['session_path'],
'domain' => options['session_domain'],
'expires' => options['session_expires'],
- 'secure' => options['session_secure']
+ 'secure' => options['session_secure'],
+ 'http_only' => options['session_http_only']
}
# Set no_hidden and no_cookies since the session id is unused and we
@@ -60,6 +60,10 @@ def session_options
# # the session will only work over HTTPS, but only for the foo action
# session :only => :foo, :session_secure => true
#
+ # # the session by default uses HttpOnly sessions for security reasons.
+ # # this can be switched off.
+ # session :only => :foo, :session_http_only => false
+ #
# # the session will only be disabled for 'foo', and only if it is
# # requested as a web service
# session :off, :only => :foo,
@@ -1,7 +1,7 @@
module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 1
+ MINOR = 2
TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
@@ -43,7 +43,7 @@
require 'action_view/partials'
require 'action_view/template_error'
-I18n.load_translations "#{File.dirname(__FILE__)}/action_view/locale/en-US.yml"
+I18n.load_path << "#{File.dirname(__FILE__)}/action_view/locale/en-US.yml"
require 'action_view/helpers'
@@ -21,7 +21,6 @@ module ClassMethods
include CaptureHelper
include DateHelper
include DebugHelper
- include FormCountryHelper
include FormHelper
include FormOptionsHelper
include FormTagHelper
Oops, something went wrong.

0 comments on commit dbbd757

Please sign in to comment.