actionpack 4.0.9 → 4.0.10.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +46 -0
- data/lib/abstract_controller/base.rb +1 -1
- data/lib/action_controller/metal/http_authentication.rb +4 -4
- data/lib/action_controller/metal/redirecting.rb +1 -0
- data/lib/action_controller/metal/renderers.rb +5 -2
- data/lib/action_controller/metal/strong_parameters.rb +6 -1
- data/lib/action_dispatch/http/response.rb +1 -1
- data/lib/action_dispatch/middleware/session/cache_store.rb +3 -3
- data/lib/action_dispatch/routing/mapper.rb +7 -1
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_view/base.rb +4 -0
- data/lib/action_view/helpers/asset_url_helper.rb +1 -1
- data/lib/action_view/helpers/sanitize_helper.rb +2 -2
- data/lib/action_view/helpers/translation_helper.rb +4 -4
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cd43145594399a05d255770b5f2c029e36b982ae
|
4
|
+
data.tar.gz: d2f1c113b92c0368f77926e26507eb0d2de3c4e4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac65bb134270c2bc62d9709576005fce9f406d500f060107863648d8728c5980d48fef896020a7347720aec2894793f733763e34b6f6fdc4df36603e34acadd7
|
7
|
+
data.tar.gz: 09c76ad858958fcee3ff047cf6167914bb3c242e53fbc0dff077fa259b5a18533bd9659b7ce6b49fe711f64592c9ce9ca2bdbd298304ca79b30a1023a6bd4741
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,49 @@
|
|
1
|
+
## Rails 4.0.10 (August 19, 2014) ##
|
2
|
+
|
3
|
+
* Return an absolute instead of relative path from an asset url in the case
|
4
|
+
of the `asset_host` proc returning nil
|
5
|
+
|
6
|
+
*Jolyon Pawlyn*
|
7
|
+
|
8
|
+
* Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671
|
9
|
+
("Rosetta Flash")
|
10
|
+
|
11
|
+
*Greg Campbell*
|
12
|
+
|
13
|
+
* Generate shallow paths for all children of shallow resources.
|
14
|
+
|
15
|
+
Fixes #15783.
|
16
|
+
|
17
|
+
*Seb Jacobs*
|
18
|
+
|
19
|
+
* JSONP responses are now rendered with the `text/javascript` content type
|
20
|
+
when rendering through a `respond_to` block.
|
21
|
+
|
22
|
+
Fixes #15081.
|
23
|
+
|
24
|
+
*Lucas Mazza*
|
25
|
+
|
26
|
+
* Added `config.action_view.raise_on_missing_translations` to define whether an
|
27
|
+
error should be raised for missing translations.
|
28
|
+
|
29
|
+
Fixes #13196
|
30
|
+
|
31
|
+
*Kassio Borges*
|
32
|
+
|
33
|
+
* ActionController::Parameters#require now accepts `false` values.
|
34
|
+
|
35
|
+
Fixes #15685.
|
36
|
+
|
37
|
+
*Sergio Romano*
|
38
|
+
|
39
|
+
* With authorization header `Authorization: Token token=`, `authenticate` now
|
40
|
+
recognize token as nil, instead of "token".
|
41
|
+
|
42
|
+
Fixes #14846.
|
43
|
+
|
44
|
+
*Larry Lv*
|
45
|
+
|
46
|
+
|
1
47
|
## Rails 4.0.9 (August 18, 2014) ##
|
2
48
|
|
3
49
|
*No changes*
|
@@ -253,7 +253,7 @@ module AbstractController
|
|
253
253
|
|
254
254
|
# Checks if the action name is valid and returns false otherwise.
|
255
255
|
def _valid_action_name?(action_name)
|
256
|
-
action_name.to_s
|
256
|
+
!action_name.to_s.include? File::SEPARATOR
|
257
257
|
end
|
258
258
|
end
|
259
259
|
end
|
@@ -109,8 +109,8 @@ module ActionController
|
|
109
109
|
|
110
110
|
def authentication_request(controller, realm)
|
111
111
|
controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}")
|
112
|
-
controller.response_body = "HTTP Basic: Access denied.\n"
|
113
112
|
controller.status = 401
|
113
|
+
controller.response_body = "HTTP Basic: Access denied.\n"
|
114
114
|
end
|
115
115
|
end
|
116
116
|
|
@@ -244,8 +244,8 @@ module ActionController
|
|
244
244
|
def authentication_request(controller, realm, message = nil)
|
245
245
|
message ||= "HTTP Digest: Access denied.\n"
|
246
246
|
authentication_header(controller, realm)
|
247
|
-
controller.response_body = message
|
248
247
|
controller.status = 401
|
248
|
+
controller.response_body = message
|
249
249
|
end
|
250
250
|
|
251
251
|
def secret_token(request)
|
@@ -437,7 +437,7 @@ module ActionController
|
|
437
437
|
authorization_request = request.authorization.to_s
|
438
438
|
if authorization_request[TOKEN_REGEX]
|
439
439
|
params = token_params_from authorization_request
|
440
|
-
[params.shift
|
440
|
+
[params.shift[1], Hash[params].with_indifferent_access]
|
441
441
|
end
|
442
442
|
end
|
443
443
|
|
@@ -452,7 +452,7 @@ module ActionController
|
|
452
452
|
|
453
453
|
# This removes the `"` characters wrapping the value.
|
454
454
|
def rewrite_param_values(array_params)
|
455
|
-
array_params.each { |param| param.
|
455
|
+
array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
|
456
456
|
end
|
457
457
|
|
458
458
|
# This method takes an authorization body and splits up the key-value
|
@@ -64,6 +64,7 @@ module ActionController
|
|
64
64
|
# behavior for this case by rescuing ActionController::RedirectBackError.
|
65
65
|
def redirect_to(options = {}, response_status = {}) #:doc:
|
66
66
|
raise ActionControllerError.new("Cannot redirect to nil!") unless options
|
67
|
+
raise ActionControllerError.new("Cannot redirect to a parameter hash!") if options.is_a?(ActionController::Parameters)
|
67
68
|
raise AbstractController::DoubleRenderError if response_body
|
68
69
|
|
69
70
|
self.status = _extract_redirect_to_status(options, response_status)
|
@@ -90,8 +90,11 @@ module ActionController
|
|
90
90
|
json = json.to_json(options) unless json.kind_of?(String)
|
91
91
|
|
92
92
|
if options[:callback].present?
|
93
|
-
self.content_type
|
94
|
-
|
93
|
+
if self.content_type.nil? || self.content_type == Mime::JSON
|
94
|
+
self.content_type = Mime::JS
|
95
|
+
end
|
96
|
+
|
97
|
+
"/**/#{options[:callback]}(#{json})"
|
95
98
|
else
|
96
99
|
self.content_type ||= Mime::JSON
|
97
100
|
json
|
@@ -180,7 +180,12 @@ module ActionController
|
|
180
180
|
# ActionController::Parameters.new(person: {}).require(:person)
|
181
181
|
# # => ActionController::ParameterMissing: param not found: person
|
182
182
|
def require(key)
|
183
|
-
self[key]
|
183
|
+
value = self[key]
|
184
|
+
if value.present? || value == false
|
185
|
+
value
|
186
|
+
else
|
187
|
+
raise ParameterMissing.new(key)
|
188
|
+
end
|
184
189
|
end
|
185
190
|
|
186
191
|
# Alias of #require.
|
@@ -16,9 +16,9 @@ module ActionDispatch
|
|
16
16
|
|
17
17
|
# Get a session from the cache.
|
18
18
|
def get_session(env, sid)
|
19
|
-
sid
|
20
|
-
|
21
|
-
|
19
|
+
unless sid and session = @cache.read(cache_key(sid))
|
20
|
+
sid, session = generate_sid, {}
|
21
|
+
end
|
22
22
|
[sid, session]
|
23
23
|
end
|
24
24
|
|
@@ -395,6 +395,12 @@ module ActionDispatch
|
|
395
395
|
# [:action]
|
396
396
|
# The route's action.
|
397
397
|
#
|
398
|
+
# [:param]
|
399
|
+
# Overrides the default resource identifier `:id` (name of the
|
400
|
+
# dynamic segment used to generate the routes).
|
401
|
+
# You can access that segment from your controller using
|
402
|
+
# <tt>params[<:param>]</tt>.
|
403
|
+
#
|
398
404
|
# [:path]
|
399
405
|
# The path prefix for the routes.
|
400
406
|
#
|
@@ -1372,7 +1378,7 @@ module ActionDispatch
|
|
1372
1378
|
end
|
1373
1379
|
|
1374
1380
|
with_scope_level(:nested) do
|
1375
|
-
if shallow? && shallow_nesting_depth
|
1381
|
+
if shallow? && shallow_nesting_depth >= 1
|
1376
1382
|
shallow_scope(parent_resource.nested_scope, nested_options) { yield }
|
1377
1383
|
else
|
1378
1384
|
scope(parent_resource.nested_scope, nested_options) { yield }
|
data/lib/action_pack/version.rb
CHANGED
data/lib/action_view/base.rb
CHANGED
@@ -149,6 +149,10 @@ module ActionView #:nodoc:
|
|
149
149
|
# Specify default_formats that can be rendered.
|
150
150
|
cattr_accessor :default_formats
|
151
151
|
|
152
|
+
# Specify whether an error should be raised for missing translations
|
153
|
+
cattr_accessor :raise_on_missing_translations
|
154
|
+
@@raise_on_missing_translations = false
|
155
|
+
|
152
156
|
class_attribute :_routes
|
153
157
|
class_attribute :logger
|
154
158
|
|
@@ -192,7 +192,6 @@ module ActionView
|
|
192
192
|
def compute_asset_host(source = "", options = {})
|
193
193
|
request = self.request if respond_to?(:request)
|
194
194
|
host = config.asset_host if defined? config.asset_host
|
195
|
-
host ||= request.base_url if request && options[:protocol] == :request
|
196
195
|
|
197
196
|
if host.respond_to?(:call)
|
198
197
|
arity = host.respond_to?(:arity) ? host.arity : host.method(:call).arity
|
@@ -203,6 +202,7 @@ module ActionView
|
|
203
202
|
host = host % (Zlib.crc32(source) % 4)
|
204
203
|
end
|
205
204
|
|
205
|
+
host ||= request.base_url if request && options[:protocol] == :request
|
206
206
|
return unless host
|
207
207
|
|
208
208
|
if host =~ URI_REGEXP
|
@@ -48,7 +48,7 @@ module ActionView
|
|
48
48
|
# Change allowed default attributes
|
49
49
|
#
|
50
50
|
# class Application < Rails::Application
|
51
|
-
# config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
|
51
|
+
# config.action_view.sanitized_allowed_attributes = ['id', 'class', 'style']
|
52
52
|
# end
|
53
53
|
#
|
54
54
|
# Please note that sanitizing user-provided text does not guarantee that the
|
@@ -204,7 +204,7 @@ module ActionView
|
|
204
204
|
# Adds to the Set of allowed HTML attributes for the +sanitize+ helper.
|
205
205
|
#
|
206
206
|
# class Application < Rails::Application
|
207
|
-
# config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
|
207
|
+
# config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc']
|
208
208
|
# end
|
209
209
|
#
|
210
210
|
def sanitized_allowed_attributes=(attributes)
|
@@ -38,10 +38,10 @@ module ActionView
|
|
38
38
|
|
39
39
|
# If the user has specified rescue_format then pass it all through, otherwise use
|
40
40
|
# raise and do the work ourselves
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
41
|
+
options[:raise] ||= ActionView::Base.raise_on_missing_translations
|
42
|
+
|
43
|
+
raise_error = options[:raise] || options.key?(:rescue_format)
|
44
|
+
unless raise_error
|
45
45
|
options[:raise] = true
|
46
46
|
end
|
47
47
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.10.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-08-
|
11
|
+
date: 2014-08-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 4.0.
|
19
|
+
version: 4.0.10.rc1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 4.0.
|
26
|
+
version: 4.0.10.rc1
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: builder
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -86,14 +86,14 @@ dependencies:
|
|
86
86
|
requirements:
|
87
87
|
- - '='
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 4.0.
|
89
|
+
version: 4.0.10.rc1
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - '='
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 4.0.
|
96
|
+
version: 4.0.10.rc1
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
98
|
name: tzinfo
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -375,9 +375,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
375
375
|
version: 1.9.3
|
376
376
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
377
377
|
requirements:
|
378
|
-
- - "
|
378
|
+
- - ">"
|
379
379
|
- !ruby/object:Gem::Version
|
380
|
-
version:
|
380
|
+
version: 1.3.1
|
381
381
|
requirements:
|
382
382
|
- none
|
383
383
|
rubyforge_project:
|