Skip to content
Commits on Nov 16, 2011
  1. Added a missing parameter to relative_url_root= that was causing an A…

    mhuffnagle committed Nov 15, 2011
    …rgumentError: wrong number of arguments (1 for 0) to be thrown at actionpack-3.0.10/lib/action_controller/railtie.rb:54.
Commits on Sep 11, 2011
  1. @misfo @jeremy

    prevent errors when passing a frozen string as a param to ActionContr…

    misfo committed with jeremy Feb 8, 2011
    since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process.  This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed
    thanks and high fives to kinsteronline
Commits on Aug 16, 2011
  1. @tenderlove

    Tags with invalid names should also be stripped in order to prevent

    tenderlove committed Aug 16, 2011
    XSS attacks.  Thanks Sascha Depold for the report.
Commits on Jul 18, 2011
  1. @jstorimer

    Ensure that status codes are logged properly

    jstorimer committed Jul 18, 2011
    Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue
    so that status codes rendered from rescue_from blocks are logged
Commits on Jun 23, 2011
  1. Fixes an issue where cache sweepers with only after filters would hav…

    Jeroen Jacobs committed Jun 21, 2011
    …e no controller object
    It would raise undefined method controller_name for nil
Commits on May 13, 2011
  1. @dougfales @tenderlove

    A patch so that http status codes are still included in logs even dur…

    dougfales committed with tenderlove Jan 18, 2011
    …ing an exception [#6333 state:resolved]
    Signed-off-by: José Valim <>
Commits on May 6, 2011
  1. @josevalim

    Revert "Pass the proper method_name instead of hardcoding to action_n…

    josevalim committed May 6, 2011
    This commit was actually correct. The first parameter in process_action
    is not necessarily the same as the action_name. Use action_name to
    retrieve the action instead.
    This reverts commit 4e2bacd.
Commits on Apr 29, 2011
  1. @vijaydev
Commits on Apr 5, 2011
  1. @tenderlove

    Merge branch '3-0-6' into 3-0-stable

    tenderlove committed Apr 5, 2011
    * 3-0-6:
      bumping version to 3.0.6
      updating CHANGELOG
      updating CHANGELOG for actionpack
      do not return html safe strings from auto_link
      bumping to 3.0.6.rc2
      Support both conventions for translations for namespaced models.
      Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns.
      Bring back i18n_key to avoid regression
      Revert "Improve testing of cookies in functional tests:"
      bumping version to 3.0.6.rc1
      updating AR changelog
Commits on Mar 29, 2011
  1. @tenderlove

    Revert "Improve testing of cookies in functional tests:"

    tenderlove committed Mar 29, 2011
    This reverts commit e2523ff.
  2. @josevalim
Commits on Mar 6, 2011
  1. @pixeltrix

    Improve testing of cookies in functional tests:

    pixeltrix committed Mar 6, 2011
    - cookies can be set using string or symbol keys
    - cookies are preserved across calls to get, post, etc.
    - cookie names and values are escaped
    - cookies can be cleared using @request.cookies.clear
    [#6272 state:resolved]
Commits on Mar 2, 2011
  1. @chuyeow @spastorino

    Fix Action caching bug where an action that has a non-cacheable respo…

    chuyeow committed with spastorino Feb 27, 2011
    …nse always renders a nil response body. It now correctly renders the response body.
    Note that only GET and HTTP 200 responses can be cached.
    [#6480 state:committed]
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 22, 2011
  1. @NZKoz

    Prepend the CSRF filter to make it much more difficult to execute app…

    NZKoz committed Feb 23, 2011
    …lication code before it fires.
Commits on Jan 31, 2011
  1. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz committed Jan 5, 2011
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  2. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim committed with NZKoz Nov 28, 2010
Commits on Dec 9, 2010
  1. @josevalim

    Ensure that while caching a page rails takes into

    Neeraj Singh committed with josevalim Dec 9, 2010
    account the resolved mime type for the request
    This is a port of fix on master to 3-0-stable
    Signed-off-by: José Valim <>
Commits on Dec 8, 2010
  1. @fxn
  2. @fxn

    Add to documentation that action caching does

    Neeraj Singh committed with fxn Dec 6, 2010
    handle HTTP_ACCEPT attribute properly and might
    provide wrong result. Use params[:format] to
    avoid this issue.
Commits on Nov 27, 2010
  1. @radar @fxn

    Add explicit statement that verify_authenticity_token can be turned o…

    radar committed with fxn Nov 27, 2010
    …ff for actions.
Commits on Nov 24, 2010
  1. @josevalim

    If a user wants json output then try best to render json output. In s…

    Neeraj Singh committed with josevalim Nov 15, 2010
    …uch cases prefer kind_of(String) over respond_to?(to_str)
    [#5841 state:resolved]
    Signed-off-by: José Valim <>
Commits on Nov 7, 2010
  1. @chriseppstein @spastorino

    Correctly handle the case of an API response that returns a hash by t…

    chriseppstein committed with spastorino Nov 5, 2010
    …reating a single hash argument as the resource instead of as options.
    Signed-off-by: Santiago Pastorino <>
Commits on Oct 18, 2010
  1. @pixeltrix
Commits on Oct 11, 2010
  1. @szimek @josevalim

    Return a valid empty JSON on successful PUT and DELETE requests. [#5199

    szimek committed with josevalim Oct 11, 2010
    … state:resolved]
    Signed-off-by: José Valim <>
Commits on Oct 10, 2010
  1. @wycats
Commits on Sep 27, 2010
  1. @dcrec1 @josevalim

    renderer calls object.to_json when rendering :json => object [#5655 s…

    dcrec1 committed with josevalim Sep 18, 2010
    Signed-off-by: José Valim <>
Commits on Sep 24, 2010
  1. @miloops @spastorino

    Refactor decode_credentials to avoid inject and use map instead.

    miloops committed with spastorino Sep 22, 2010
    Signed-off-by: Santiago Pastorino <>
  2. @miloops @spastorino

    Refactor methods in html node to avoid injects.

    miloops committed with spastorino Sep 22, 2010
    Signed-off-by: Santiago Pastorino <>
Commits on Sep 12, 2010
  1. @mikel

    Backport of: added block arguments to ActionController::Metal#use

    mikel committed Sep 12, 2010
    Commit: f0dbcc7a692bc375e3e52a9661af4037392ee52f
    Useful for cases such as warden, where a block configuration is taken.
        class SomeController < ApplicationController
          use RailsWarden::Manager do |manager|
            manager.default_strategies :facebook_oauth
            manager.failure_app = SomeController.action(:authorize)
Commits on Sep 9, 2010
  1. @mikel
Commits on Sep 1, 2010
  1. @thiagopradi @josevalim

    Use join instead of looping and calling to_s [#5492 state:resolved]

    thiagopradi committed with josevalim Aug 29, 2010
    Signed-off-by: José Valim <>
Commits on Aug 26, 2010
  1. @josevalim
Commits on Aug 25, 2010
  1. @tilsammans @fxn

    Restored top-level documentation for ActionController::Base.

    tilsammans committed with fxn Aug 25, 2010
    This information was lost in commit bd6b61b.
    This might have been intentional, but this class does represent the starting
    point for all things related to actions, and as such should document it.
    I couldn't find any trace of this documentation, which seems like a waste.
    Updated parts here and there to conform to current best practices.
Commits on Aug 24, 2010
  1. @pixeltrix @josevalim

    Reset symbolized path parameters when a test request is recycled [#5437

    pixeltrix committed with josevalim Aug 24, 2010
    … state:resolved]
    Signed-off-by: José Valim <>
Commits on Aug 19, 2010
  1. @josevalim
Something went wrong with that request. Please try again.