1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionpack/CHANGELOG.md

346 lines
10 KiB
Markdown
Raw Normal View History

* `ActionController::Parameters#permit!` permits hashes in array values.
*Xavier Noria*
* Converts hashes in arrays of unfiltered params to unpermitted params.
Fixes #13382
*Xavier Noria*
* New config option to opt out of params "deep munging" that was used to
address security vulnerability CVE-2013-0155. In your app config:
config.action_dispatch.perform_deep_munge = false
Take care to understand the security risk involved before disabling this.
[Read more.](https://groups.google.com/forum/#!topic/rubyonrails-security/t1WFuuQyavI)
*Bernard Potocki*
* `rake routes` shows routes defined under assets prefix.
*Ryunosuke SATO*
* Extend cross-site request forgery (CSRF) protection to GET requests with
JavaScript responses, protecting apps from cross-origin `<script>` tags.
*Jeremy Kemper*
2013-12-12 05:33:46 -05:00
* Fix generating a path for engine inside a resources block.
Fixes #8533.
*Piotr Sarnacki*
2013-12-12 05:33:46 -05:00
* Add `Mime::Type.register "text/vcard", :vcf` to the default list of mime types.
*DHH*
* Remove deprecated `ActionController::RecordIdentifier`, use
`ActionView::RecordIdentifier` instead.
*kennyj*
* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
`options[:raise]`.
This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
*Shota Fukumori (sora_h)*
* Introducing Variants
We often want to render different html/json/xml templates for phones,
tablets, and desktop browsers. Variants make it easy.
2013-12-04 14:48:32 -05:00
The request variant is a specialization of the request format, like `:tablet`,
`:phone`, or `:desktop`.
2013-12-12 05:33:46 -05:00
You can set the variant in a `before_action`:
request.variant = :tablet if request.user_agent =~ /iPad/
Respond to variants in the action just like you respond to formats:
respond_to do |format|
format.html do |html|
html.tablet # renders app/views/projects/show.html+tablet.erb
html.phone { extra_setup; render ... }
end
end
Provide separate templates for each format and variant:
app/views/projects/show.html.erb
app/views/projects/show.html+tablet.erb
app/views/projects/show.html+phone.erb
You can also simplify the variants definition using the inline syntax:
respond_to do |format|
format.js { render "trash" }
format.html.phone { redirect_to progress_path }
format.html.none { render "trash" }
end
*Łukasz Strzałkowski*
Move the null mime type to request.format TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
2013-12-19 13:30:48 -05:00
* Fix render of localized templates without an explicit format using wrong
content header and not passing correct formats to template due to the
introduction of the `NullType` for mimes.
Move the null mime type to request.format TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
2013-12-19 13:30:48 -05:00
Templates like `hello.it.erb` were subject to this issue.
2013-12-03 11:38:12 -05:00
Fixes #13064.
Move the null mime type to request.format TLDR: always return an object that responds to the query methods from request.format, and do not touch Mime::Type[] lookup to avoid bugs. --- Long version: The initial issue was about being able to do checks like request.format.html? for request with an unknown format, where request.format would be nil. This is where the issue came from at first in #7837 and #8085 (merged in cba05887dc3b56a46a9fe2779b6b228880b49622), but the implementation went down the path of adding this to the mime type lookup logic. This unfortunately introduced subtle bugs, for instance in the merged commit a test related to send_file had to be changed to accomodate the introduction of the NullType. Later another bug was found in #13064, related to the content-type being shown as #<Mime::NullType:...> for templates with localized extensions but no format included. This one was fixed in #13133, merged in 43962d6ec50f918c9970bd3cd4b6ee5c7f7426ed. Besides that, custom handlers were not receiving the proper template formats anymore when passing through the rendering process, because of the NullType addition. That was found while migrating an application from 3.2 to 4.0 that uses the Markerb gem (a custom handler that generates both text and html emails from a markdown template). --- This changes the implementation moving away from returning this null object from the mime lookup, and still fixes the initial issue where request.format.zomg? would raise an exception for unknown formats due to request.format being nil.
2013-12-19 13:30:48 -05:00
*Angelo Capilleri*, *Carlos Antonio da Silva*
* Try to escape each part of a url correctly when using a redirect route.
Fixes #13110.
*Andrew White*
* Better error message for typos in assert_response argument.
When the response type argument to `assert_response` is not a known
response type, `assert_response` now throws an ArgumentError with a clear
message. This is intended to help debug typos in the response type.
*Victor Costan*
* Fix formatting for `rake routes` when a section is shorter than a header.
*Sıtkı Bağdat*
* Take a hash with options inside array in `#url_for`.
Example:
url_for [:new, :admin, :post, { param: 'value' }]
2013-11-15 08:22:49 -05:00
# => http://example.com/admin/posts/new?param=value
*Andrey Ognevsky*
2013-10-29 12:00:45 -04:00
* Add `session#fetch` method
2013-12-12 05:33:46 -05:00
fetch behaves like [Hash#fetch](http://www.ruby-doc.org/core-1.9.3/Hash.html#method-i-fetch).
2013-10-29 12:00:45 -04:00
It returns a value from the hash for the given key.
If the key cant be found, there are several options:
* With no other arguments, it will raise an KeyError exception.
* If a default value is given, then that will be returned.
* If the optional code block is specified, then that will be run and its result returned.
*Damien Mathieu*
* Don't let strong parameters mutate the given hash via `fetch`
Create a new instance if the given parameter is a `Hash` instead of
passing it to the `convert_hashes_to_parameters` method since it is
overriding its default value.
*Brendon Murphy*, *Doug Cole*
* Add `params` option to `button_to` form helper, which renders the given hash
as hidden form fields.
*Andy Waite*
2013-10-24 12:43:07 -04:00
* Make assets helpers work in the controllers like it works in the views.
2013-10-24 03:46:57 -04:00
Example:
2013-10-24 12:43:07 -04:00
2013-10-24 03:46:57 -04:00
# config/application.rb
config.asset_host = 'http://mycdn.com'
2013-10-24 12:43:07 -04:00
2013-10-24 03:46:57 -04:00
ActionController::Base.helpers.asset_path('fallback.png')
# => http://mycdn.com/assets/fallback.png
2013-10-24 12:43:07 -04:00
Fixes #10051.
2013-10-24 03:46:57 -04:00
*Tima Maslyuchenko*
2013-10-24 12:43:07 -04:00
* Respect `SCRIPT_NAME` when using `redirect` with a relative path
Example:
2013-10-24 12:43:07 -04:00
# application routes.rb
mount BlogEngine => '/blog'
# engine routes.rb
get '/admin' => redirect('admin/dashboard')
This now redirects to the path `/blog/admin/dashboard`, whereas before it would've
generated an invalid url because there would be no slash between the host name and
the path. It also allows redirects to work where the application is deployed to a
subdirectory of a website.
2013-10-24 12:43:07 -04:00
Fixes #7977.
*Andrew White*
* Fixing repond_with working directly on the options hash
This fixes an issue where the respond_with worked directly with the given
options hash, so that if a user relied on it after calling respond_with,
the hash wouldn't be the same.
Fixes #12029.
*bluehotdog*
2013-09-30 07:51:37 -04:00
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
Fixes #10844.
2013-09-30 07:51:37 -04:00
*Tamir Duberstein*
* Strong parameters should permit nested number as key.
Fixes #12293.
*kennyj*
* Fix regex used to detect URI schemes in `redirect_to` to be consistent with
RFC 3986.
*Derek Prior*
* Fix incorrect `assert_redirected_to` failure message for protocol-relative
URLs.
*Derek Prior*
* Fix an issue where router can't recognize downcased url encoding path.
Fixes #12269.
*kennyj*
* Fix custom flash type definition. Misusage of the `_flash_types` class variable
caused an error when reloading controllers with custom flash types.
Fixes #12057.
*Ricardo de Cillo*
* Do not break params filtering on `nil` values.
Fixes #12149.
*Vasiliy Ermolovich*
* Development mode exceptions are rendered in text format in case of XHR request.
*Kir Shatrov*
* Fix an issue where :if and :unless controller action procs were being run
before checking for the correct action in the :only and :unless options.
Fixes #11799.
*Nicholas Jakobsen*
* Fix an issue where `assert_dom_equal` and `assert_dom_not_equal` were
ignoring the passed failure message argument.
Fixes #11751.
*Ryan McGeary*
* Allow REMOTE_ADDR, HTTP_HOST and HTTP_USER_AGENT to be overridden from
the environment passed into `ActionDispatch::TestRequest.new`.
Fixes #11590.
*Andrew White*
* Fix an issue where Journey was failing to clear the named routes hash when the
routes were reloaded and since it doesn't overwrite existing routes then if a
route changed but wasn't renamed it kept the old definition. This was being
masked by the optimised url helpers so it only became apparent when passing an
options hash to the url helper.
*Andrew White*
* Skip routes pointing to a redirect or mounted application when generating urls
using an options hash as they aren't relevant and generate incorrect urls.
Fixes #8018.
*Andrew White*
* Move `MissingHelperError` out of the `ClassMethods` module.
*Yves Senn*
* Fix an issue where rails raise exception about missing helper where it
should throw `LoadError`. When helper file exists and only loaded file from
this helper does not exist rails should throw LoadError instead of
`MissingHelperError`.
*Piotr Niełacny*
* Fix `ActionDispatch::ParamsParser#parse_formatted_parameters` to rewind body input stream on
parsing json params.
Fixes #11345.
*Yuri Bol*, *Paul Nikitochkin*
* Ignore spaces around delimiter in Set-Cookie header.
*Yamagishi Kazutoshi*
* Remove deprecated Rails application fallback for integration testing, set
`ActionDispatch.test_app` instead.
*Carlos Antonio da Silva*
* Remove deprecated `page_cache_extension` config.
*Francesco Rodriguez*
* Remove deprecated constants from Action Controller:
ActionController::AbstractRequest => ActionDispatch::Request
ActionController::Request => ActionDispatch::Request
ActionController::AbstractResponse => ActionDispatch::Response
ActionController::Response => ActionDispatch::Response
ActionController::Routing => ActionDispatch::Routing
ActionController::Integration => ActionDispatch::Integration
ActionController::IntegrationTest => ActionDispatch::IntegrationTest
*Carlos Antonio da Silva*
* Fix `Mime::Type.parse` when bad accepts header is looked up. Previously it
was setting `request.formats` with an array containing a `nil` value, which
raised an error when setting the controller formats.
Fixes #10965.
*Becker*
* Merge `:action` from routing scope and assign endpoint if both `:controller`
and `:action` are present. The endpoint assignment only occurs if there is
no `:to` present in the options hash so should only affect routes using the
shorthand syntax (i.e. endpoint is inferred from the path).
Fixes #9856.
*Yves Senn*, *Andrew White*
* Action View extracted from Action Pack.
2013-06-20 13:06:52 -04:00
*Piotr Sarnacki*, *Łukasz Strzałkowski*
* Fix removing trailing slash for mounted apps.
Fixes #3215.
*Piotr Sarnacki*
2013-04-29 12:06:45 -04:00
Please check [4-0-stable](https://github.com/rails/rails/blob/4-0-stable/actionpack/CHANGELOG.md) for previous changes.