kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
43810 commits 72 branches 493 tags 355 MiB
Commit graph

14 commits

Author SHA1 Message Date
Lukasz Sarnacki
69ab91ae93 Log which keys were set to nil in deep_munge 
deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.

Also mentions in guides were added.
 2014-01-28 20:29:38 +01:00
Jeremy Kemper
c437a98aca Merge pull request #13188 from imanel/skip_deep_munge 
Add configuration option to optionally disable deep_munge

Conflicts:
	actionpack/CHANGELOG.md
 2013-12-19 23:39:17 -07:00
Trent Ogren
d0fc760d09 Make ActionDispatch::Request::Session#fetch behave like Hash#fetch 
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
 2013-12-11 15:29:33 -06:00
Bernard Potocki
e8572cf2f9 Add configuration option to optionally disable deep_munge 2013-12-05 12:08:34 +01:00
Damien Mathieu
84c9f4164b add the fetch method to sessions 2013-10-29 20:37:15 +01:00
Genadi Samokovarov
5438f6866e Extract ActionDispatch::Request#deep_munge 
ActionDispatch::Request#deep_munge was introduced as a private method,
but was turned into a public one for the use of
ActionDispatch::ParamsParser.

I have extracted it into ActionDispatch::Request::Utils, so it does not
get mixed up with the Request public methods.
 2013-05-30 21:26:37 +03:00
Carlos Antonio da Silva
7d624e0e8c Integrate Action Pack with Rack 1.5 
All ActionPack and Railties tests are passing. Closes #8891.

[Carlos Antonio da Silva + Santiago Pastorino]
 2013-01-25 17:28:41 -02:00
Aaron Patterson
abd47c15b8 Merge pull request #7495 from steveklabnik/issue_7478 
Properly reset the session on reset_session
 2012-09-01 23:42:39 -07:00
Andreas Loupasakis
8bfcb0de3a Force reloading of the session after destroy 
Use load_for_write! to ensure a refresh of the session object.
This way the new session_id and the empty data will be stored properly.
E.g. in the case of the session cookie store this means that a new
digest will be returned to the user.
 2012-09-01 16:35:52 -07:00
Andreas Loupasakis
54a0b01f76 Assign a new session_id to session options hash 2012-09-01 16:35:32 -07:00
Steve Klabnik
a91c7b4006 Fix comment about Session. 
SessionHash isn't a thing, and tenses are wrong.
 2012-08-31 11:20:04 -07:00
Philip Arndt
6ac458d341 Added ActionDispatch::Request::Session#keys and ActionDispatch::Request::Session#values 2012-05-23 14:47:30 +12:00
Aaron Patterson
d5cc711307 need to dup the default options so that mutations will not impact us 2012-05-04 15:55:57 -07:00
Aaron Patterson
c4f02295df bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookups 2012-05-03 14:28:11 -07:00