During application boot, the classloader stashes files with missing requirements to reload them once all files have been processed. This needs to be done when a not yet loaded constant is referenced from the class being loaded. This patch prints a message to the verbose log, telling which files had missing requirements, and where the original NameError happened.
Dries up repeated use of rather verbose environment check. Also provides an easily accessible guard that can be used to check if really verbose debug messages should be emitted. [#1044 state:resolved]
* This change misses specs mainly because the current merb-cache specs seem rather horrible and I couldn't find an easy way to spec it (The other specs use an ugly mix of mocking/stubbing and are pretty inconsistent imho. They could definitely need some refactoring! * Fixed formatting weirdness in abstract_strategy_store.rb [#1013 state:resolved]
This also works around an issue where rspec-1.2.9 seems to write all spec files to the spec/spec.opts file in case the spec.opts file is empty.
in init.rb. This change allows you to have default adapter set in the init.rb and still if you want to run Merb in IRB you can do it. Currently you can't because setting adapter in init.rb override the config value from ARGV parsing. [#1262 state:resolved]
[#1298 state: resolved ] This patch fixes a potential timing attack on the HMAC authentication used to verify cookie session contents by ensuring a constant time algorithm is used to compare the hashes. For more information see: http://codahale.com/a-lesson-in-timing-attacks/
Added checks for relative, absolute, and external urls for when path_prefix is set in Merb::Config. path_prefix should be ignored when an external url is requested, however it should be used when absolute or relative urls are passed. [#614 state:resolved]
Fixed :reload => false so it no longer defaults to Merb::Config[:reload_templates] when explicitly set. This was causing problems if you want to specifically overwrite the behavior of writing random strings (which can break urls, especially for external resources).
Without this change, the default password strategy is always activated because the wrong config key is used. [#1179 state:resolved]
* Fixed previously failing rake spec task due to spec order dependencies * Refactored specs to use a shared spec that can be used to test basic compliance * Use local merb-core and local merb-auth-more when running from a typical dev checkout (a git clone) * Added specs for sequel bcrypt mixin * Simplified require paths in lib and spec
On Ruby 1.9.x (tested on 1.9.1 and 1.9.2dev) class reloading failded to work. After every single save it just hanged after creating new child. This patch fixes the problem with properly closing the pipes and using Process.waitpid instead of Proces.detatch. Patch also rise rate at Kernel.select checks the output from the child which lowers system requirements for the class reloading.
…sty Doris) Added an explicit declaration to use Merb::Config[:default_cookie_domain] when creating the cookie session store. [#482 state:resolved]
I've dropped support for the Sequel < 2.7.0 in pk-merb_sequel. This change allows to expect that Model.errors is Hash.
If the log/ directory doesn't exist, we should create it (mkdir -p) so the app doesnt throw an error when trying to initialize the log file in production mode. [#1300 state:resolved]
When adding the message query, we need to allow for anchors within the url, otherwise the message will be ignored. Updated to use a URL object instead which handles the mixing/matching without concatenating a string. This provides protection against these edge cases. [#1252 state:resolved]
Added shortcuts: redirect url, :notice => "..." redirect url, :error => "..." These messages are then available via message[:notice] and message[:error]. [#494 state:resolved]
Added a error handler for when the user tries to run a script (using the Merb Runner Adapter) that looks like a file but doesn't exist. [#1231 state:resolved]
If for some reason you decided to reset the salt, [#1163 state:resolved]
Having the id or name attribute value set to 'submit' causes the jQuery submit() method to fail in some cases. While this obviously is a jquery bug, there's no real need why we couldn't work around that in merb to avoid confusion.
What was happening was that the last byte of the file in question was 0xFC, so when the multipart post was interpreted as a Unicode string in the original regex, the \r following the file was considered the second byte of the unicode character, and the regex didn't match. /n treats the string as ascii, and it works. [#1236 state:resolved]