Skip to content
This repository

Aug 16, 2011

  1. Aaron Patterson

    Tags with invalid names should also be stripped in order to prevent

    XSS attacks.  Thanks Sascha Depold for the report.
    tenderlove authored
  2. Jon Leighton

    Use lazy load hooks to set parameter wrapping configuration. This mea…

    …ns that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint.
    jonleighton authored
  3. Jon Leighton

    Don't refer to ActionController::Base in the wrap_parameters initiali…

    …zer - use config object instead. Cuts about 15% off the load time. (#734)
    jonleighton authored

Aug 07, 2011

  1. Santiago Pastorino

    x_sendfile_header now defaults to nil and production.rb env file doesn't

    set a particular value for it. This allows servers to set it through
    X-Sendfile-Type, read for more
    info. Anyways you can force this value in your production.rb
    spastorino authored

Aug 01, 2011

  1. thoefer2

    modified fix #1872 according to jose valim´s suggestions

    thoefer2 authored

Jul 25, 2011

  1. David Chelimsky

    Paramify param values in controller tests.

    dchelimsky authored

Jul 24, 2011

  1. Ömür Özkir

    Changed a few instances of of words in the API docs written in Britis…

    …h English to
    American English(according to Weber)
    oem authored fxn committed

Jul 18, 2011

  1. Jesse Storimer

    Ensure that status codes are logged properly

    Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue
    so that status codes rendered from rescue_from blocks are logged
    jstorimer authored

Jul 06, 2011

  1. José Valim

    Deprecate stream at the class level.

    This is because only template rendering works with streaming.
    Setting it at the class level was also changing the behavior
    of JSON and XML responses, closes #1337.
    josevalim authored

Jun 30, 2011

  1. José Valim

    Make sure respond_with with :js tries to render a template in all cases

    josevalim authored

Jun 29, 2011

  1. José Valim

    [IMPORTANT] Make "sprockets/railtie" require explicit.

    This makes "sprockets/railtie" explicit. This means that sprockets will
    be loaded when you require "rails/all". If you are not using requiring
    "rails/all", you need to manually load it with all other framework
    In order to be complete, this commit also adds --skip-sprockets to
    the rails generator.
    josevalim authored

Jun 24, 2011

  1. Santiago Pastorino

    Merge pull request #1844 from jeroenj/cachesweeper-fix-3-1

    Fixes an issue where cache sweepers
    spastorino authored

Jun 23, 2011

  1. Matt Jankowski

    more detail on how the flow between redirect and show works, and mino…

    …r grammar
    mjankowski authored fxn committed
  2. Fixes an issue where cache sweepers with only after filters would hav…

    …e no controller object
    It would raise undefined method controller_name for nil
    Jeroen Jacobs authored

Jun 18, 2011

  1. Christine Yen

    Tweak linebreak in ActionController::Redirecting doc

    christineyen authored fxn committed
  2. Christine Yen

    Improve documentation around status code argument of redirect_to

    christineyen authored fxn committed

Jun 06, 2011

  1. Guillermo Iguaran

    Remove trailing white-spaces

    guilleiguaran authored fxn committed
  2. Vijay Dev

    some grammatical corrections

    vijaydev authored fxn committed
  3. Guillermo Iguaran

    Removing trailing white-spaces

    guilleiguaran authored fxn committed

May 27, 2011

  1. Damien Mathieu

    don't raise an exception if the format isn't recognized

    Fixed while traveling to heuruko
    dmathieu authored josevalim committed

May 23, 2011

  1. Jon Leighton

    Replace references to ActiveSupport::SecureRandom with just SecureRan…

    …dom, and require 'securerandom' from the stdlib when active support is required.

May 19, 2011

  1. Josh Kalderimis

    renamed the wrap_parameters :only and :except options to :include and…

    … :exclude to make it consistent with controller filters
    joshk authored

May 17, 2011

  1. José Valim

    Use anonymous? that works on both Ruby 1.8 and 1.9.

    josevalim authored
  2. David Chelimsky

    add more robust test for wrapping params with anonymous class

    dchelimsky authored
  3. Andy Lindeman

    Add fix for error when an anonymous controller subclasses Application…

    alindeman authored dchelimsky committed

May 15, 2011

  1. Prem Sichanugrist

    Make ParamsWrapper calling newly introduced `Model.attribute_names` i…

    …nstead of `.column_names`
    sikachu authored
  2. Prem Sichanugrist

    Do not try to call `column_names` on the abstract class.

    Normally the table for abstract class won't be existed, so we should not trying to call `#column_names` on it.
    sikachu authored

May 14, 2011

  1. Xavier Noria

    Merge branch 'master' of git://

    fxn authored
  2. Xavier Noria

    minor edits after going through what's new in docrails

    fxn authored

May 12, 2011

  1. Nick Sutterer

    added an example for AC::UrlFor usage to make usage simpler.

    apotonick authored
  2. Nick Sutterer

    added docs for AbC::UrlFor and AC::UrlFor.

    apotonick authored

May 10, 2011

  1. José Valim

    Get around weird missing constant error caused by AS instead of simpl…

    …y raising NameError, closes #477.
    josevalim authored

May 09, 2011

  1. José Valim

    Warn if we cannot verify CSRF token authenticity

May 07, 2011

  1. José Valim

    Merge pull request #280 from jballanc/frozen-string-strip-tags

    Stripping tags from a frozen string
    josevalim authored
  2. José Valim

    Use .ref instead of .to_sym.

    josevalim authored
Something went wrong with that request. Please try again.