Aaron Patterson
8e577fe560
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
...
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
2013-01-08 12:41:24 -08:00
Jeremy Kemper
c31cc963da
Revert "Merge branch 'master-sec'"
...
This reverts commit 88cc1688d0f049016cd3
2013-01-08 12:41:04 -08:00
Aaron Patterson
d99e8c9e16
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
...
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/http/request.rb
actionpack/lib/action_dispatch/middleware/params_parser.rb
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/predicate_builder.rb
activerecord/test/cases/relation/where_test.rb
2013-01-07 17:20:12 -08:00
Szymon Nowak
fd99bb8926
Make ActionDispatch::ParamsParser::ParseError#original_exception return the original exception.
2012-08-27 23:46:53 +02:00
Szymon Nowak
b6ba012032
Fix ActionDispatch::ParamsParser::ParseError message for XML and JSON parsers.
2012-08-24 21:55:41 +02:00
Szymon Nowak
d14e2e5a21
Raise generic ParseError exception when ActionDispatch::ParamsParser fails parsing request params.
2012-08-24 18:08:06 +02:00
Jose and Yehuda
56cdc81c08
Remove default match without specified method
...
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.
In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.
This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.
Closes #5964
2012-04-24 22:52:26 -05:00
Karunakar (Ruby)
0023643522
Moved all the logger methods to active support logger
...
minor
2012-01-06 00:38:46 +05:30
lest
cd9d28d6fd
middlewares should use logger from env
2011-11-25 13:09:46 +03:00
kennyj
ea70e027b6
Remove unreachable code, and add additional testcases.
2011-11-24 00:25:34 +09:00
Prem Sichanugrist
8c9e4d5202
Add ActionController::ParamsWrapper to wrap parameters into a nested hash
...
This will allow us to do a rootless JSON/XML request to server.
2011-05-03 03:21:43 +07:00
Carlos Antonio da Silva
7fc1edd790
Remove deprecated stuff in ActionController
...
This removes all deprecated classes in ActionController related to
Routing, Abstract Request/Response and Integration/IntegrationTest.
All tests and docs were changed to ActionDispatch instead of ActionController.
2010-09-26 02:13:45 +08:00
Piotr Sarnacki
b3eb26a161
Removed deprecated RouteSet API, still many tests fail
2010-09-05 13:44:36 +02:00
Joshua Peek
88ffba2329
Disable ShowExceptions during integration tests
2010-01-19 09:06:21 -06:00
Jeremy Kemper
425a02cece
Ruby 1.9: resolve constant lookup issues
2009-11-04 15:41:50 -08:00
Joshua Peek
a5c82a9dfb
Start rewriting some internal tests to use the new routing dsl
2009-10-20 16:03:55 -05:00
Joshua Peek
84e94551f6
Add custom "with_routing" to internal tests to fix reseting session after using
...
with_routing. This only affects our internal AP tests.
2009-10-03 20:45:49 -05:00
Joshua Peek
ba5995dcd9
Reset session in integration tests after changing routes to reload the middleware stack
2009-08-27 12:43:26 -05:00
Jay Pignata
679128da58
Adding a call to logger from params_parser to give detailed debug information when invalid xml or json is posted
...
[#2481 state:committed]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2009-08-15 16:51:03 -07:00
Joshua Peek
85750f22c9
Move dispatch related tests into test/dispatch
2009-01-28 22:50:46 -06:00
