1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Commit graph

15 commits

Author SHA1 Message Date
Chris Sinjakli
8f8ccb9901 Don't convert empty arrays to nils when deep munging params 2014-12-15 14:51:07 +00:00
Lukasz Sarnacki
69ab91ae93 Log which keys were set to nil in deep_munge
deep_munge solves CVE-2013-0155 security vulnerability, but its
behaviour is definately confuisng. This commit adds logging to deep_munge.
It logs keys for which values were set to nil.

Also mentions in guides were added.
2014-01-28 20:29:38 +01:00
Jeremy Kemper
c437a98aca Merge pull request #13188 from imanel/skip_deep_munge
Add configuration option to optionally disable deep_munge

Conflicts:
	actionpack/CHANGELOG.md
2013-12-19 23:39:17 -07:00
Trent Ogren
d0fc760d09 Make ActionDispatch::Request::Session#fetch behave like Hash#fetch
Session#fetch was mutating the session when given a default argument
and/or a block. Since Session duck-types as a Hash, it should behave
like one in these cases.
2013-12-11 15:29:33 -06:00
Bernard Potocki
e8572cf2f9 Add configuration option to optionally disable deep_munge 2013-12-05 12:08:34 +01:00
Damien Mathieu
84c9f4164b add the fetch method to sessions 2013-10-29 20:37:15 +01:00
Genadi Samokovarov
5438f6866e Extract ActionDispatch::Request#deep_munge
ActionDispatch::Request#deep_munge was introduced as a private method,
but was turned into a public one for the use of
ActionDispatch::ParamsParser.

I have extracted it into ActionDispatch::Request::Utils, so it does not
get mixed up with the Request public methods.
2013-05-30 21:26:37 +03:00
Carlos Antonio da Silva
7d624e0e8c Integrate Action Pack with Rack 1.5
All ActionPack and Railties tests are passing. Closes #8891.

[Carlos Antonio da Silva + Santiago Pastorino]
2013-01-25 17:28:41 -02:00
Aaron Patterson
abd47c15b8 Merge pull request #7495 from steveklabnik/issue_7478
Properly reset the session on reset_session
2012-09-01 23:42:39 -07:00
Andreas Loupasakis
8bfcb0de3a Force reloading of the session after destroy
Use load_for_write! to ensure a refresh of the session object.
This way the new session_id and the empty data will be stored properly.
E.g. in the case of the session cookie store this means that a new
digest will be returned to the user.
2012-09-01 16:35:52 -07:00
Andreas Loupasakis
54a0b01f76 Assign a new session_id to session options hash 2012-09-01 16:35:32 -07:00
Steve Klabnik
a91c7b4006 Fix comment about Session.
SessionHash isn't a thing, and tenses are wrong.
2012-08-31 11:20:04 -07:00
Philip Arndt
6ac458d341 Added ActionDispatch::Request::Session#keys and ActionDispatch::Request::Session#values 2012-05-23 14:47:30 +12:00
Aaron Patterson
d5cc711307 need to dup the default options so that mutations will not impact us 2012-05-04 15:55:57 -07:00
Aaron Patterson
c4f02295df bread AD::Request::Session to it's own file, consolidate HASH OF DOOM lookups 2012-05-03 14:28:11 -07:00