…rgumentError: wrong number of arguments (1 for 0) to be thrown at actionpack-3.0.10/lib/action_controller/railtie.rb:54.
…oller::TestCase#process since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process. This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed thanks and high fives to kinsteronline
XSS attacks. Thanks Sascha Depold for the report.
…e no controller object It would raise undefined method controller_name for nil
…ing an exception [#6333 state:resolved] Signed-off-by: José Valim <firstname.lastname@example.org>
…ame." This commit was actually correct. The first parameter in process_action is not necessarily the same as the action_name. Use action_name to retrieve the action instead. This reverts commit 4e2bacd.
* 3-0-6: bumping version to 3.0.6 updating CHANGELOG updating CHANGELOG for actionpack do not return html safe strings from auto_link bumping to 3.0.6.rc2 Support both conventions for translations for namespaced models. Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns. Bring back i18n_key to avoid regression Revert "Improve testing of cookies in functional tests:" bumping version to 3.0.6.rc1 updating AR changelog
This reverts commit e2523ff.
…nse always renders a nil response body. It now correctly renders the response body. Note that only GET and HTTP 200 responses can be cached. [#6480 state:committed] Signed-off-by: Santiago Pastorino <email@example.com>
…lication code before it fires.
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
…ff for actions.
…uch cases prefer kind_of(String) over respond_to?(to_str) [#5841 state:resolved] Signed-off-by: José Valim <firstname.lastname@example.org>
…reating a single hash argument as the resource instead of as options. Signed-off-by: Santiago Pastorino <email@example.com>
Signed-off-by: Santiago Pastorino <firstname.lastname@example.org>
Commit: f0dbcc7a692bc375e3e52a9661af4037392ee52f Useful for cases such as warden, where a block configuration is taken. class SomeController < ApplicationController use RailsWarden::Manager do |manager| manager.default_strategies :facebook_oauth manager.failure_app = SomeController.action(:authorize) end end
This information was lost in commit bd6b61b. This might have been intentional, but this class does represent the starting point for all things related to actions, and as such should document it. I couldn't find any trace of this documentation, which seems like a waste. Updated parts here and there to conform to current best practices.