actionpack 3.0.20 → 3.1.0.beta1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- data/CHANGELOG +88 -142
- data/MIT-LICENSE +1 -1
- data/README.rdoc +5 -6
- data/lib/abstract_controller.rb +1 -0
- data/lib/abstract_controller/asset_paths.rb +2 -2
- data/lib/abstract_controller/base.rb +24 -19
- data/lib/abstract_controller/callbacks.rb +19 -19
- data/lib/abstract_controller/helpers.rb +11 -13
- data/lib/abstract_controller/layouts.rb +4 -5
- data/lib/abstract_controller/railties/routes_helpers.rb +18 -0
- data/lib/abstract_controller/rendering.rb +34 -31
- data/lib/abstract_controller/url_for.rb +27 -0
- data/lib/abstract_controller/view_paths.rb +31 -6
- data/lib/action_controller.rb +5 -3
- data/lib/action_controller/base.rb +15 -16
- data/lib/action_controller/caching.rb +2 -2
- data/lib/action_controller/caching/actions.rb +11 -12
- data/lib/action_controller/caching/fragments.rb +41 -19
- data/lib/action_controller/caching/pages.rb +3 -9
- data/lib/action_controller/caching/sweeping.rb +0 -1
- data/lib/action_controller/deprecated.rb +1 -1
- data/lib/action_controller/log_subscriber.rb +1 -1
- data/lib/action_controller/metal.rb +78 -20
- data/lib/action_controller/metal/compatibility.rb +0 -9
- data/lib/action_controller/metal/conditional_get.rb +9 -9
- data/lib/action_controller/metal/data_streaming.rb +145 -0
- data/lib/action_controller/metal/force_ssl.rb +35 -0
- data/lib/action_controller/metal/head.rb +1 -1
- data/lib/action_controller/metal/helpers.rb +37 -44
- data/lib/action_controller/metal/hide_actions.rb +2 -3
- data/lib/action_controller/metal/http_authentication.rb +41 -38
- data/lib/action_controller/metal/implicit_render.rb +13 -13
- data/lib/action_controller/metal/instrumentation.rb +2 -2
- data/lib/action_controller/metal/mime_responds.rb +25 -19
- data/lib/action_controller/metal/params_wrapper.rb +224 -0
- data/lib/action_controller/metal/redirecting.rb +6 -2
- data/lib/action_controller/metal/renderers.rb +50 -36
- data/lib/action_controller/metal/rendering.rb +34 -25
- data/lib/action_controller/metal/request_forgery_protection.rb +18 -36
- data/lib/action_controller/metal/responder.rb +47 -12
- data/lib/action_controller/metal/streaming.rb +244 -138
- data/lib/action_controller/metal/testing.rb +0 -9
- data/lib/action_controller/metal/url_for.rb +12 -14
- data/lib/action_controller/railtie.rb +19 -37
- data/lib/action_controller/railties/paths.rb +24 -0
- data/lib/action_controller/record_identifier.rb +4 -10
- data/lib/action_controller/test_case.rb +36 -19
- data/lib/action_controller/vendor/html-scanner/html/node.rb +5 -5
- data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +3 -3
- data/lib/action_controller/vendor/html-scanner/html/selector.rb +2 -0
- data/lib/action_dispatch.rb +4 -1
- data/lib/action_dispatch/http/cache.rb +5 -32
- data/lib/action_dispatch/http/filter_parameters.rb +3 -1
- data/lib/action_dispatch/http/mime_negotiation.rb +22 -3
- data/lib/action_dispatch/http/mime_type.rb +45 -5
- data/lib/action_dispatch/http/rack_cache.rb +58 -0
- data/lib/action_dispatch/http/request.rb +27 -41
- data/lib/action_dispatch/http/response.rb +56 -54
- data/lib/action_dispatch/http/upload.rb +1 -11
- data/lib/action_dispatch/http/url.rb +102 -42
- data/lib/action_dispatch/middleware/callbacks.rb +8 -25
- data/lib/action_dispatch/middleware/closed_error.rb +7 -0
- data/lib/action_dispatch/middleware/cookies.rb +37 -15
- data/lib/action_dispatch/middleware/flash.rb +80 -11
- data/lib/action_dispatch/middleware/params_parser.rb +2 -2
- data/lib/action_dispatch/middleware/reloader.rb +76 -0
- data/lib/action_dispatch/middleware/session/abstract_store.rb +56 -226
- data/lib/action_dispatch/middleware/session/cookie_store.rb +20 -44
- data/lib/action_dispatch/middleware/session/mem_cache_store.rb +7 -46
- data/lib/action_dispatch/middleware/show_exceptions.rb +15 -2
- data/lib/action_dispatch/middleware/stack.rb +50 -17
- data/lib/action_dispatch/middleware/static.rb +41 -29
- data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb +3 -3
- data/lib/action_dispatch/middleware/templates/rescues/_trace.erb +3 -3
- data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb +3 -3
- data/lib/action_dispatch/middleware/templates/rescues/layout.erb +4 -2
- data/lib/action_dispatch/middleware/templates/rescues/template_error.erb +2 -6
- data/lib/action_dispatch/railtie.rb +8 -0
- data/lib/action_dispatch/routing.rb +13 -1
- data/lib/action_dispatch/routing/mapper.rb +345 -227
- data/lib/action_dispatch/routing/polymorphic_routes.rb +33 -13
- data/lib/action_dispatch/routing/redirection.rb +110 -0
- data/lib/action_dispatch/routing/route.rb +15 -13
- data/lib/action_dispatch/routing/route_set.rb +116 -90
- data/lib/action_dispatch/routing/routes_proxy.rb +35 -0
- data/lib/action_dispatch/routing/url_for.rb +25 -1
- data/lib/action_dispatch/testing/assertions/response.rb +8 -10
- data/lib/action_dispatch/testing/assertions/routing.rb +15 -15
- data/lib/action_dispatch/testing/assertions/selector.rb +13 -220
- data/lib/action_dispatch/testing/integration.rb +37 -28
- data/lib/action_dispatch/testing/performance_test.rb +1 -3
- data/lib/action_dispatch/testing/test_process.rb +1 -1
- data/lib/action_dispatch/testing/test_request.rb +9 -3
- data/lib/action_dispatch/testing/test_response.rb +4 -111
- data/lib/action_pack.rb +1 -1
- data/lib/action_pack/version.rb +3 -3
- data/lib/action_view.rb +39 -24
- data/lib/action_view/base.rb +61 -86
- data/lib/action_view/buffers.rb +43 -0
- data/lib/action_view/context.rb +21 -24
- data/lib/action_view/flows.rb +79 -0
- data/lib/action_view/helpers.rb +8 -6
- data/lib/action_view/helpers/active_model_helper.rb +0 -23
- data/lib/action_view/helpers/asset_paths.rb +79 -0
- data/lib/action_view/helpers/asset_tag_helper.rb +30 -500
- data/lib/action_view/helpers/asset_tag_helpers/asset_include_tag.rb +147 -0
- data/lib/action_view/helpers/asset_tag_helpers/asset_paths.rb +101 -0
- data/lib/action_view/helpers/asset_tag_helpers/javascript_tag_helpers.rb +200 -0
- data/lib/action_view/helpers/asset_tag_helpers/stylesheet_tag_helpers.rb +152 -0
- data/lib/action_view/helpers/atom_feed_helper.rb +2 -2
- data/lib/action_view/helpers/cache_helper.rb +11 -19
- data/lib/action_view/helpers/capture_helper.rb +19 -8
- data/lib/action_view/helpers/controller_helper.rb +21 -0
- data/lib/action_view/helpers/csrf_helper.rb +22 -4
- data/lib/action_view/helpers/date_helper.rb +36 -22
- data/lib/action_view/helpers/form_helper.rb +199 -113
- data/lib/action_view/helpers/form_options_helper.rb +10 -11
- data/lib/action_view/helpers/form_tag_helper.rb +94 -22
- data/lib/action_view/helpers/javascript_helper.rb +24 -107
- data/lib/action_view/helpers/number_helper.rb +36 -33
- data/lib/action_view/helpers/output_safety_helper.rb +38 -0
- data/lib/action_view/helpers/record_tag_helper.rb +6 -6
- data/lib/action_view/helpers/rendering_helper.rb +90 -0
- data/lib/action_view/helpers/sanitize_helper.rb +2 -2
- data/lib/action_view/helpers/sprockets_helper.rb +69 -0
- data/lib/action_view/helpers/tag_helper.rb +34 -12
- data/lib/action_view/helpers/text_helper.rb +30 -145
- data/lib/action_view/helpers/translation_helper.rb +10 -17
- data/lib/action_view/helpers/url_helper.rb +70 -67
- data/lib/action_view/locale/en.yml +1 -1
- data/lib/action_view/lookup_context.rb +36 -14
- data/lib/action_view/{paths.rb → path_set.rb} +9 -8
- data/lib/action_view/railtie.rb +12 -4
- data/lib/action_view/renderer/abstract_renderer.rb +36 -0
- data/lib/action_view/{render/partials.rb → renderer/partial_renderer.rb} +147 -146
- data/lib/action_view/renderer/renderer.rb +54 -0
- data/lib/action_view/renderer/streaming_template_renderer.rb +106 -0
- data/lib/action_view/renderer/template_renderer.rb +74 -0
- data/lib/action_view/template.rb +91 -54
- data/lib/action_view/template/error.rb +11 -8
- data/lib/action_view/template/handler.rb +9 -1
- data/lib/action_view/template/handlers.rb +9 -9
- data/lib/action_view/template/handlers/builder.rb +4 -4
- data/lib/action_view/template/handlers/erb.rb +21 -41
- data/lib/action_view/template/resolver.rb +171 -57
- data/lib/action_view/template/text.rb +0 -4
- data/lib/action_view/test_case.rb +32 -16
- data/lib/action_view/testing/resolvers.rb +16 -10
- data/lib/sprockets/railtie.rb +100 -0
- metadata +162 -140
- checksums.yaml +0 -7
- data/lib/action_controller/deprecated/base.rb +0 -143
- data/lib/action_controller/deprecated/dispatcher.rb +0 -28
- data/lib/action_controller/deprecated/url_writer.rb +0 -14
- data/lib/action_dispatch/routing/deprecated_mapper.rb +0 -525
- data/lib/action_view/helpers/prototype_helper.rb +0 -851
- data/lib/action_view/helpers/raw_output_helper.rb +0 -18
- data/lib/action_view/helpers/scriptaculous_helper.rb +0 -263
- data/lib/action_view/render/layouts.rb +0 -83
- data/lib/action_view/render/rendering.rb +0 -67
- data/lib/action_view/template/handlers/rjs.rb +0 -17
data/CHANGELOG
CHANGED
@@ -1,208 +1,153 @@
|
|
1
|
-
|
1
|
+
*Rails 3.1.0 (unreleased)*
|
2
2
|
|
3
|
-
*
|
3
|
+
* Only show dump of regular env methods on exception screen (not all the rack crap) [DHH]
|
4
4
|
|
5
|
-
|
5
|
+
* auto_link has been removed with no replacement. If you still use auto_link
|
6
|
+
please install the rails_autolink gem:
|
7
|
+
http://github.com/tenderlove/rails_autolink
|
6
8
|
|
7
|
-
|
9
|
+
[tenderlove]
|
8
10
|
|
9
|
-
|
11
|
+
* Added streaming support, you can enable it with: [José Valim]
|
10
12
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
helper doesn't correctly handle malformed html. As a result an attacker can
|
17
|
-
execute arbitrary javascript through the use of specially crafted malformed
|
18
|
-
html.
|
19
|
-
|
20
|
-
*Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*
|
21
|
-
|
22
|
-
* When an "include_blank" value is supplied to the `select_tag` helper, the "include_blank" value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
|
23
|
-
Vulnerable code will look something like this:
|
24
|
-
select_tag("name", options, :include_blank => UNTRUSTED_INPUT)
|
25
|
-
|
26
|
-
*Santiago Pastorino*
|
27
|
-
|
28
|
-
## Rails 3.0.16 (Jul 26, 2012)
|
29
|
-
|
30
|
-
* Do not convert digest auth strings to symbols. CVE-2012-3424
|
31
|
-
|
32
|
-
## Rails 3.0.14 (Jun 12, 2012)
|
33
|
-
|
34
|
-
* nil is removed from array parameter values
|
35
|
-
|
36
|
-
CVE-2012-2694
|
37
|
-
|
38
|
-
* Rails 3.0.13 (May 31, 2012)
|
39
|
-
|
40
|
-
* Strip null bytes from Location header
|
41
|
-
|
42
|
-
* load the encoding converter to work around [ruby-core:41556] when switching
|
43
|
-
encodings
|
44
|
-
|
45
|
-
* Avoid inspecting the whole route set, closes #1525
|
46
|
-
|
47
|
-
* whitelist protocols for auto_link
|
48
|
-
|
49
|
-
* Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
|
50
|
-
CVE-2012-2660
|
51
|
-
|
52
|
-
*Rails 3.0.12 (unreleased)*
|
53
|
-
|
54
|
-
* Fix using `tranlate` helper with a html translation which uses the `:count` option for
|
55
|
-
pluralization.
|
56
|
-
|
57
|
-
*Jon Leighton*
|
58
|
-
|
59
|
-
*Rails 3.0.11 (unreleased)*
|
60
|
-
|
61
|
-
* Fix XSS security vulnerability in the `translate` helper method. When using interpolation
|
62
|
-
in combination with HTML-safe translations, the interpolated input would not get HTML
|
63
|
-
escaped. *GH 3664*
|
64
|
-
|
65
|
-
Before:
|
66
|
-
|
67
|
-
translate('foo_html', :something => '<script>') # => "...<script>..."
|
68
|
-
|
69
|
-
After:
|
70
|
-
|
71
|
-
translate('foo_html', :something => '<script>') # => "...<script>..."
|
72
|
-
|
73
|
-
*Sergey Nartimov*
|
74
|
-
|
75
|
-
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be
|
76
|
-
raised while attempting to convert a template from one encoding to another.
|
77
|
-
|
78
|
-
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
|
79
|
-
|
80
|
-
The workaround is to load all conversions into memory ahead of time, and will
|
81
|
-
only happen if the ruby version is exactly 1.9.3p0. The hope is obviously
|
82
|
-
that the underlying problem will be resolved in the next patchlevel release
|
83
|
-
of 1.9.3.
|
84
|
-
|
85
|
-
* Fix assert_select_email to work on multipart and non-multipart emails as the method stopped working correctly in Rails 3.x due to changes in the new mail gem.
|
86
|
-
|
87
|
-
* Fix url_for when passed a hash to prevent additional options (eg. :host, :protocol) from being added to the hash after calling it.
|
88
|
-
|
89
|
-
|
90
|
-
*Rails 3.0.10 (August 16, 2011)*
|
13
|
+
class PostsController < ActionController::Base
|
14
|
+
stream :only => :index
|
15
|
+
end
|
16
|
+
|
17
|
+
Please read the docs at `ActionController::Streaming` for more information.
|
91
18
|
|
92
|
-
*
|
93
|
-
controller object, it would raise undefined method controller_name for nil [jeroenj]
|
19
|
+
* Added `ActionDispatch::Request.ignore_accept_header` to ignore accept headers and only consider the format given as parameter [José Valim]
|
94
20
|
|
95
|
-
*
|
21
|
+
* Created `ActionView::Renderer` and specified an API for `ActionView::Context`, check those objects for more information [José Valim]
|
96
22
|
|
97
|
-
*
|
23
|
+
* Added `ActionController::ParamsWrapper` to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default [Prem Sichanugrist]
|
98
24
|
|
99
|
-
|
25
|
+
This can be customized by setting `ActionController::Base.wrap_parameters` in `config/initializer/wrap_parameters.rb`
|
100
26
|
|
101
|
-
*
|
27
|
+
* RJS has been extracted out to a gem. [fxn]
|
102
28
|
|
103
|
-
*
|
29
|
+
* Implicit actions named not_implemented can be rendered. [Santiago Pastorino]
|
104
30
|
|
105
|
-
*
|
31
|
+
* Wildcard route will always match the optional format segment by default. [Prem Sichanugrist]
|
106
32
|
|
107
|
-
|
33
|
+
For example if you have this route:
|
108
34
|
|
109
|
-
*
|
35
|
+
map '*pages' => 'pages#show'
|
110
36
|
|
37
|
+
by requesting '/foo/bar.json', your `params[:pages]` will be equals to "foo/bar" with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
|
111
38
|
|
112
|
-
*
|
39
|
+
map '*pages' => 'pages#show', :format => false
|
113
40
|
|
114
|
-
*
|
41
|
+
* Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH]
|
115
42
|
|
116
|
-
|
117
|
-
|
118
|
-
and the safe buffer will continue to be marked as safe.
|
43
|
+
class PostsController < ApplicationController
|
44
|
+
USER_NAME, PASSWORD = "dhh", "secret"
|
119
45
|
|
120
|
-
|
46
|
+
before_filter :authenticate, :except => [ :index ]
|
121
47
|
|
122
|
-
|
48
|
+
def index
|
49
|
+
render :text => "Everyone can see me!"
|
50
|
+
end
|
123
51
|
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
`sub!` and other similar methods will now raise an exception when they are called on a safe buffer.
|
52
|
+
def edit
|
53
|
+
render :text => "I'm only accessible if you know the password"
|
54
|
+
end
|
128
55
|
|
129
|
-
|
56
|
+
private
|
57
|
+
def authenticate
|
58
|
+
authenticate_or_request_with_http_basic do |user_name, password|
|
59
|
+
user_name == USER_NAME && password == PASSWORD
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
130
63
|
|
131
|
-
|
64
|
+
..can now be written as
|
132
65
|
|
133
|
-
|
66
|
+
class PostsController < ApplicationController
|
67
|
+
http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
|
134
68
|
|
135
|
-
|
69
|
+
def index
|
70
|
+
render :text => "Everyone can see me!"
|
71
|
+
end
|
136
72
|
|
137
|
-
|
73
|
+
def edit
|
74
|
+
render :text => "I'm only accessible if you know the password"
|
75
|
+
end
|
76
|
+
end
|
138
77
|
|
78
|
+
* Allow you to add `force_ssl` into controller to force browser to transfer data via HTTPS protocol on that particular controller. You can also specify `:only` or `:except` to specific it to particular action. [DHH and Prem Sichanugrist]
|
139
79
|
|
140
|
-
*
|
80
|
+
* Allow FormHelper#form_for to specify the :method as a direct option instead of through the :html hash [DHH]
|
141
81
|
|
142
|
-
|
82
|
+
form_for(@post, remote: true, method: :delete) instead of form_for(@post, remote: true, html: { method: :delete })
|
143
83
|
|
84
|
+
* Make JavaScriptHelper#j() an alias for JavaScriptHelper#escape_javascript() -- note this then supersedes the Object#j() method that the JSON gem adds within templates using the JavaScriptHelper [DHH]
|
144
85
|
|
145
|
-
*
|
86
|
+
* Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. [Prem Sichanugrist, fxn]
|
146
87
|
|
147
|
-
*
|
148
|
-
html safe. Please make sure that calls to auto_link() are wrapped in a
|
149
|
-
sanitize(), or a raw() depending on the type of input passed to auto_link().
|
150
|
-
For example:
|
88
|
+
* URL parameters which return false for to_param now appear in the query string (previously they were removed) [Andrew White]
|
151
89
|
|
152
|
-
|
90
|
+
* URL parameters which return nil for to_param are now removed from the query string [Andrew White]
|
153
91
|
|
154
|
-
|
155
|
-
|
92
|
+
* ActionDispatch::MiddlewareStack now uses composition over inheritance. It is
|
93
|
+
no longer an array which means there may be methods missing that were not
|
94
|
+
tested.
|
156
95
|
|
157
|
-
*
|
96
|
+
* Add an :authenticity_token option to form_tag for custom handling or to omit the token (pass :authenticity_token => false). [Jakub Kuźma, Igor Wiedler]
|
158
97
|
|
159
|
-
*
|
98
|
+
* HTML5 button_tag helper. [Rizwan Reza]
|
160
99
|
|
161
|
-
*
|
100
|
+
* Template lookup now searches further up in the inheritance chain. [Artemave]
|
162
101
|
|
163
|
-
*
|
102
|
+
* Brought back config.action_view.cache_template_loading, which allows to decide whether templates should be cached or not. [Piotr Sarnacki]
|
164
103
|
|
165
|
-
*
|
104
|
+
* url_for and named url helpers now accept :subdomain and :domain as options, [Josh Kalderimis]
|
166
105
|
|
167
|
-
*
|
106
|
+
* The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused (check the documentation for examples). [Josh Kalderimis]
|
168
107
|
|
169
|
-
*
|
108
|
+
* Added config.action_controller.include_all_helpers. By default 'helper :all' is done in ActionController::Base, which includes all the helpers by default. Setting include_all_helpers to false will result in including only application_helper and helper corresponding to controller (like foo_helper for foo_controller). [Piotr Sarnacki]
|
170
109
|
|
171
|
-
*
|
110
|
+
* Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a :data hash of options:
|
172
111
|
|
112
|
+
tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)})
|
113
|
+
# => <div data-name="Stephen" data-city-state="["Chicago","IL"]" />
|
173
114
|
|
174
|
-
|
115
|
+
Keys are dasherized. Values are JSON-encoded, except for strings and symbols. [Stephen Celis]
|
175
116
|
|
176
|
-
*
|
117
|
+
* Added render :once. You can pass either a string or an array of strings and Rails will ensure they each of them are rendered just once. [José Valim]
|
177
118
|
|
119
|
+
* Deprecate old template handler API. The new API simply requires a template handler to respond to call. [José Valim]
|
178
120
|
|
179
|
-
*
|
121
|
+
* :rhtml and :rxml were finally removed as template handlers. [José Valim]
|
180
122
|
|
181
|
-
*
|
123
|
+
* Moved etag responsibility from ActionDispatch::Response to the middleware stack. [José Valim]
|
182
124
|
|
125
|
+
* Rely on Rack::Session stores API for more compatibility across the Ruby world. This is backwards incompatible since Rack::Session expects #get_session to accept 4 arguments and requires #destroy_session instead of simply #destroy. [José Valim]
|
183
126
|
|
184
|
-
*
|
127
|
+
* file_field automatically adds :multipart => true to the enclosing form. [Santiago Pastorino]
|
185
128
|
|
186
|
-
*
|
129
|
+
* Renames csrf_meta_tag -> csrf_meta_tags, and aliases csrf_meta_tag for backwards compatibility. [fxn]
|
187
130
|
|
188
|
-
* :
|
131
|
+
* Add Rack::Cache to the default stack. Create a Rails store that delegates to the Rails cache, so by default, whatever caching layer you are using will be used for HTTP caching. Note that Rack::Cache will be used if you use #expires_in, #fresh_when or #stale with :public => true. Otherwise, the caching rules will apply to the browser only. [Yehuda Katz, Carl Lerche]
|
189
132
|
|
190
133
|
|
191
|
-
*Rails 3.0.2 (
|
134
|
+
*Rails 3.0.2 (unreleased)*
|
192
135
|
|
193
136
|
* The helper number_to_currency accepts a new :negative_format option to be able to configure how to render negative amounts. [Don Wilson]
|
194
137
|
|
195
138
|
|
196
139
|
*Rails 3.0.1 (October 15, 2010)*
|
197
140
|
|
198
|
-
* No
|
141
|
+
* No Changes, just a version bump.
|
199
142
|
|
200
143
|
|
201
144
|
*Rails 3.0.0 (August 29, 2010)*
|
202
145
|
|
203
|
-
*
|
146
|
+
* password_field renders with nil value by default making the use of passwords secure by default, if you want to render you should do for instance f.password_field(:password, :value => @user.password) [Santiago Pastorino]
|
147
|
+
|
148
|
+
* Symbols and strings in routes should yield the same behavior. Note this may break existing apps that were using symbols with the new routes API. [José Valim]
|
204
149
|
|
205
|
-
* Add clear_helpers as a way to clean up all helpers added to this controller,
|
150
|
+
* Add clear_helpers as a way to clean up all helpers added to this controller, maintaining just the helper with the same name as the controller. [José Valim]
|
206
151
|
|
207
152
|
* Support routing constraints in functional tests. [Andrew White]
|
208
153
|
|
@@ -340,6 +285,7 @@ controller object, it would raise undefined method controller_name for nil [jero
|
|
340
285
|
|
341
286
|
* Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= [DHH]
|
342
287
|
|
288
|
+
|
343
289
|
* Introduce grouped_collection_select helper. #1249 [Dan Codeape, Erik Ostrom]
|
344
290
|
|
345
291
|
* Make sure javascript_include_tag/stylesheet_link_tag does not append ".js" or ".css" onto external urls. #1664 [Matthew Rudy Jacobs]
|
@@ -2204,7 +2150,7 @@ superclass' view_paths. [Rick Olson]
|
|
2204
2150
|
|
2205
2151
|
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
|
2206
2152
|
|
2207
|
-
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
|
2153
|
+
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
|
2208
2154
|
|
2209
2155
|
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
|
2210
2156
|
|
@@ -2801,7 +2747,7 @@ superclass' view_paths. [Rick Olson]
|
|
2801
2747
|
|
2802
2748
|
* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
|
2803
2749
|
|
2804
|
-
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
|
2750
|
+
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
|
2805
2751
|
|
2806
2752
|
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
|
2807
2753
|
|
data/MIT-LICENSE
CHANGED
data/README.rdoc
CHANGED
@@ -19,9 +19,8 @@ It consists of several modules:
|
|
19
19
|
|
20
20
|
* Action View, which handles view template lookup and rendering, and provides
|
21
21
|
view helpers that assist when building HTML forms, Atom feeds and more.
|
22
|
-
Template formats that Action View handles are
|
23
|
-
used to inline short Ruby snippets inside HTML), XML Builder
|
24
|
-
(dynamically generated JavaScript from Ruby code).
|
22
|
+
Template formats that Action View handles are ERB (embedded Ruby, typically
|
23
|
+
used to inline short Ruby snippets inside HTML), and XML Builder.
|
25
24
|
|
26
25
|
With the Ruby on Rails framework, users only directly interface with the
|
27
26
|
Action Controller module. Necessary Action Dispatch functionality is activated
|
@@ -57,7 +56,7 @@ A short rundown of some of the major features:
|
|
57
56
|
{Learn more}[link:classes/ActionController/Base.html]
|
58
57
|
|
59
58
|
|
60
|
-
*
|
59
|
+
* ERB templates (static content mixed with dynamic output from ruby)
|
61
60
|
|
62
61
|
<% for post in @posts %>
|
63
62
|
Title: <%= post.title %>
|
@@ -262,7 +261,7 @@ methods:
|
|
262
261
|
layout "weblog/layout"
|
263
262
|
|
264
263
|
def index
|
265
|
-
@posts = Post.
|
264
|
+
@posts = Post.all
|
266
265
|
end
|
267
266
|
|
268
267
|
def show
|
@@ -323,7 +322,7 @@ The latest version of Action Pack can be installed with Rubygems:
|
|
323
322
|
|
324
323
|
Source code can be downloaded as part of the Rails project on GitHub
|
325
324
|
|
326
|
-
*
|
325
|
+
* https://github.com/rails/rails/tree/master/actionpack/
|
327
326
|
|
328
327
|
|
329
328
|
== License
|
data/lib/abstract_controller.rb
CHANGED
@@ -3,7 +3,7 @@ module AbstractController
|
|
3
3
|
extend ActiveSupport::Concern
|
4
4
|
|
5
5
|
included do
|
6
|
-
config_accessor :asset_host, :asset_path, :assets_dir, :javascripts_dir, :stylesheets_dir
|
6
|
+
config_accessor :asset_host, :asset_path, :assets_dir, :javascripts_dir, :stylesheets_dir, :use_sprockets
|
7
7
|
end
|
8
8
|
end
|
9
|
-
end
|
9
|
+
end
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'erubis'
|
1
2
|
require 'active_support/configurable'
|
2
3
|
require 'active_support/descendants_tracker'
|
3
4
|
require 'active_support/core_ext/module/anonymous'
|
@@ -18,6 +19,7 @@ module AbstractController
|
|
18
19
|
include ActiveSupport::Configurable
|
19
20
|
extend ActiveSupport::DescendantsTracker
|
20
21
|
|
22
|
+
undef_method :not_implemented
|
21
23
|
class << self
|
22
24
|
attr_reader :abstract
|
23
25
|
alias_method :abstract?, :abstract
|
@@ -61,13 +63,13 @@ module AbstractController
|
|
61
63
|
def action_methods
|
62
64
|
@action_methods ||= begin
|
63
65
|
# All public instance methods of this class, including ancestors
|
64
|
-
methods = public_instance_methods(true)
|
66
|
+
methods = (public_instance_methods(true) -
|
65
67
|
# Except for public instance methods of Base and its ancestors
|
66
|
-
internal_methods
|
68
|
+
internal_methods +
|
67
69
|
# Be sure to include shadowed public instance methods of this class
|
68
|
-
public_instance_methods(false).map { |
|
70
|
+
public_instance_methods(false)).uniq.map { |x| x.to_s } -
|
69
71
|
# And always exclude explicitly hidden actions
|
70
|
-
hidden_actions
|
72
|
+
hidden_actions.to_a
|
71
73
|
|
72
74
|
# Clear out AS callback method pollution
|
73
75
|
methods.reject { |method| method =~ /_one_time_conditions/ }
|
@@ -128,20 +130,23 @@ module AbstractController
|
|
128
130
|
self.class.action_methods
|
129
131
|
end
|
130
132
|
|
131
|
-
|
133
|
+
# Returns true if the name can be considered an action. This can
|
134
|
+
# be overridden in subclasses to modify the semantics of what
|
135
|
+
# can be considered an action.
|
136
|
+
#
|
137
|
+
# For instance, this is overriden by ActionController to add
|
138
|
+
# the implicit rendering feature.
|
139
|
+
#
|
140
|
+
# ==== Parameters
|
141
|
+
# * <tt>name</tt> - The name of an action to be tested
|
142
|
+
#
|
143
|
+
# ==== Returns
|
144
|
+
# * <tt>TrueClass</tt>, <tt>FalseClass</tt>
|
145
|
+
def action_method?(name)
|
146
|
+
self.class.action_methods.include?(name)
|
147
|
+
end
|
132
148
|
|
133
|
-
|
134
|
-
# be overridden in subclasses to modify the semantics of what
|
135
|
-
# can be considered an action.
|
136
|
-
#
|
137
|
-
# ==== Parameters
|
138
|
-
# * <tt>name</tt> - The name of an action to be tested
|
139
|
-
#
|
140
|
-
# ==== Returns
|
141
|
-
# * <tt>TrueClass</tt>, <tt>FalseClass</tt>
|
142
|
-
def action_method?(name)
|
143
|
-
self.class.action_methods.include?(name)
|
144
|
-
end
|
149
|
+
private
|
145
150
|
|
146
151
|
# Call the action. Override this in a subclass to modify the
|
147
152
|
# behavior around processing an action. This, and not #process,
|
@@ -160,8 +165,8 @@ module AbstractController
|
|
160
165
|
# If the action name was not found, but a method called "action_missing"
|
161
166
|
# was found, #method_for_action will return "_handle_action_missing".
|
162
167
|
# This method calls #action_missing with the current action name.
|
163
|
-
def _handle_action_missing
|
164
|
-
action_missing(@_action_name)
|
168
|
+
def _handle_action_missing(*args)
|
169
|
+
action_missing(@_action_name, *args)
|
165
170
|
end
|
166
171
|
|
167
172
|
# Takes an action name and returns the name of the method that will
|