* 3-0-6: bumping version to 3.0.6 updating CHANGELOG updating CHANGELOG for actionpack do not return html safe strings from auto_link bumping to 3.0.6.rc2 Support both conventions for translations for namespaced models. Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns. Bring back i18n_key to avoid regression Revert "Improve testing of cookies in functional tests:" bumping version to 3.0.6.rc1 updating AR changelog
This reverts commit e2523ff.
…:resolved] This will make the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default This commit is the second attempt on fixing the issue, as the regular expression on another commit on `master` was invalid.
…template, test included Signed-off-by: Santiago Pastorino <firstname.lastname@example.org>
The method_name argument is "default_render" for implicit actions so use the action_name attribute to determine which callbacks to run. [#5673 state:resolved]
…less than 1 but greater than -1 [#6576 state:resolved] Signed-off-by: Santiago Pastorino <email@example.com>
…itted] This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria <firstname.lastname@example.org>
- cookies can be set using string or symbol keys - cookies are preserved across calls to get, post, etc. - cookie names and values are escaped - cookies can be cleared using @request.cookies.clear [#6272 state:resolved]
…nse always renders a nil response body. It now correctly renders the response body. Note that only GET and HTTP 200 responses can be cached. [#6480 state:committed] Signed-off-by: Santiago Pastorino <email@example.com>
…ey with nil or  value
…n 0.5.0 (backports 896e25e) Don't catch exceptions here. Instead only declare that we want exceptions to be rescued as :html, but also let users configure reactions to exceptions in I18n. Signed-off-by: Santiago Pastorino <firstname.lastname@example.org>
…lication code before it fires.
…tributes already persisted does not render properly Signed-off-by: Santiago Pastorino <email@example.com>
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
… filesystems. This fixes CVE-2011-0449