*2.3.10 (October 15, 2010)* *2.3.9 (September 4, 2010)* * Version bump. *2.3.8 (May 24, 2010)* * HTML safety: fix compatibility *without* the optional rails_xss plugin. *2.3.7 (May 24, 2010)* * HTML safety: fix compatibility with the optional rails_xss plugin. [Nathan Weizenbaum, Santiago Pastorino] *2.3.6 (May 23, 2010)* * JSON: set Base.include_root_in_json = true to include a root value in the JSON: {"post": {"title": ...}}. Mirrors the Active Record option. #2584 [Matthew Moore, Joe Martinez, Elad Meidar, Santiago Pastorino] * Ruby 1.9: ERB template encoding using a magic comment at the top of the file. [Jeremy Kemper] <%# encoding: utf-8 %> * Fixed that default locale templates should be used if the current locale template is missing [DHH] * Fixed that PrototypeHelper#update_page should return html_safe [DHH] * Fixed that much of DateHelper wouldn't return html_safe? strings [DHH] * Fixed that fragment caching should return a cache hit as html_safe (or it would all just get escaped) [DHH] * Introduce String#html_safe for rails_xss plugin and forward-compatibility with Rails 3. [Michael Koziarski, Santiago Pastorino, José Ignacio Costa] * Added :alert, :notice, and :flash as options to ActionController::Base#redirect_to that'll automatically set the proper flash before the redirection [DHH]. Examples: flash[:notice] = 'Post was created' redirect_to(@post) ...becomes: redirect_to(@post, :notice => 'Post was created') * Added ActionController::Base#notice/= and ActionController::Base#alert/= as a convenience accessors in both the controller and the view for flash[:notice]/= and flash[:alert]/= [DHH] * Added cookies.permanent, cookies.signed, and cookies.permanent.signed accessor for common cookie actions [DHH]. Examples: cookies.permanent[:prefers_open_id] = true # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT cookies.signed[:discount] = 45 # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/ cookies.signed[:discount] # => 45 (if the cookie was changed, you'll get a InvalidSignature exception) cookies.permanent.signed[:remember_me] = current_user.id # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT ...to use the signed cookies, you need to set a secret to ActionController::Base.cookie_verifier_secret (automatically done in config/initializers/cookie_verification_secret.rb for new Rails applications). *2.3.5 (November 25, 2009)* * Minor Bug Fixes and deprecation warnings * Ruby 1.9 Support * Fix filtering parameters when there are Fixnum or other un-dupable values. * Improvements to ActionView::TestCase * Compatiblity with the rails_xss plugin *2.3.4 (September 4, 2009)* * Sanitize multibyte strings before escaping them with escape_once. CVE-2009-3009 * Introduce grouped_collection_select helper. #1249 [Dan Codeape, Erik Ostrom] * Ruby 1.9: fix Content-Length for multibyte send_data streaming. #2661 [Sava Chankov] *2.3.3 (July 12, 2009)* * Fixed that TestResponse.cookies was returning cookies unescaped #1867 [Doug McInnes] *2.3.2 [Final] (March 15, 2009)* * Fixed that redirection would just log the options, not the final url (which lead to "Redirected to #") [DHH] * Don't check authenticity tokens for any AJAX requests [Ross Kaffenberger/Bryan Helmkamp] * Added ability to pass in :public => true to fresh_when, stale?, and expires_in to make the request proxy cachable #2095 [Gregg Pollack] * Fixed that passing a custom form builder would be forwarded to nested fields_for calls #2023 [Eloy Duran/Nate Wiger] * Form option helpers now support disabled option tags and the use of lambdas for selecting/disabling option tags from collections #837 [Tekin] * Added partial scoping to TranslationHelper#translate, so if you call translate(".foo") from the people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo") [DHH] * Fix a syntax error in current_page?() that was prevent matches against URL's with multiple query parameters #1385, #1868 [chris finne/Andrew White] * Added localized rescue template when I18n.locale is set (ex: public/404.da.html) #1835 [José Valim] * Make the form_for and fields_for helpers support the new Active Record nested update options. #1202 [Eloy Duran] <% form_for @person do |person_form| %> ... <% person_form.fields_for :projects do |project_fields| %> <% if project_fields.object.active? %> Name: <%= project_fields.text_field :name %> <% end %> <% end %> <% end %> * Added grouped_options_for_select helper method for wrapping option tags in optgroups. #977 [Jon Crawford] * Implement HTTP Digest authentication. #1230 [Gregg Kellogg, Pratik Naik] Example : class DummyDigestController < ActionController::Base USERS = { "lifo" => 'world' } before_filter :authenticate def index render :text => "Hello Secret" end private def authenticate authenticate_or_request_with_http_digest("Super Secret") do |username| # Return the user's password USERS[username] end end end * Improved i18n support for the number_to_human_size helper. Changes the storage_units translation data; update your translations accordingly. #1634 [Yaroslav Markin] storage_units: # %u is the storage unit, %n is the number (default: 2 MB) format: "%n %u" units: byte: one: "Byte" other: "Bytes" kb: "KB" mb: "MB" gb: "GB" tb: "TB" * Added :silence option to BenchmarkHelper#benchmark and turned log_level into a hash parameter and deprecated the old use [DHH] * Fixed the AssetTagHelper cache to use the computed asset host as part of the cache key instead of just assuming the its a string #1299 [DHH] * Make ActionController#render(string) work as a shortcut for render :file/:template/:action => string. [#1435] [Pratik Naik] Examples: # Instead of render(:action => 'other_action') render('other_action') # argument has no '/' render(:other_action) # Instead of render(:template => 'controller/action') render('controller/action') # argument must not begin with a '/', but contain a '/' # Instead of render(:file => '/Users/lifo/home.html.erb') render('/Users/lifo/home.html.erb') # argument must begin with a '/' * Add :prompt option to date/time select helpers. #561 [Sam Oliver] * Fixed that send_file shouldn't set an etag #1578 [Hongli Lai] * Allow users to opt out of the spoofing checks in Request#remote_ip. Useful for sites whose traffic regularly triggers false positives. [Darren Boyd] * Deprecated formatted_polymorphic_url. [Jeremy Kemper] * Added the option to declare an asset_host as an object that responds to call (see http://github.com/dhh/asset-hosting-with-minimum-ssl for an example) [David Heinemeier Hansson] * Added support for multiple routes.rb files (useful for plugin engines). This also means that draw will no longer clear the route set, you have to do that by hand (shouldn't make a difference to you unless you're doing some funky stuff) [David Heinemeier Hansson] * Dropped formatted_* routes in favor of just passing in :format as an option. This cuts resource routes generation in half #1359 [aaronbatalion] * Remove support for old double-encoded cookies from the cookie store. These values haven't been generated since before 2.1.0, and any users who have visited the app in the intervening 6 months will have had their cookie upgraded. [Michael Koziarski] * Allow helpers directory to be overridden via ActionController::Base.helpers_dir #1424 [Sam Pohlenz] * Remove deprecated ActionController::Base#assign_default_content_type_and_charset * Changed the default of ActionView#render to assume partials instead of files when not given an options hash [David Heinemeier Hansson]. Examples: # Instead of <%= render :partial => "account" %> <%= render "account" %> # Instead of <%= render :partial => "account", :locals => { :account => @buyer } %> <%= render "account", :account => @buyer %> # @account is an Account instance, so it uses the RecordIdentifier to replace # <%= render :partial => "accounts/account", :locals => { :account => @account } %> <%= render(@account) %> # @posts is an array of Post instances, so it uses the RecordIdentifier to replace # <%= render :partial => "posts/post", :collection => @posts %> <%= render(@posts) %> * Remove deprecated render_component. Please use the plugin from http://github.com/rails/render_component/tree/master [Pratik Naik] * Fixed RedCloth and BlueCloth shouldn't preload. Instead just assume that they're available if you want to use textilize and markdown and let autoload require them [David Heinemeier Hansson] *2.2.2 (November 21st, 2008)* * I18n: translate number_to_human_size. Add storage_units: [Bytes, KB, MB, GB, TB] to your translations. #1448 [Yaroslav Markin] * Restore backwards compatible functionality for setting relative_url_root. Include deprecation * Switched the CSRF module to use the request content type to decide if the request is forgeable. #1145 [Jeff Cohen] * Added :only and :except to map.resources to let people cut down on the number of redundant routes in an application. Typically only useful for huge routesets. #1215 [Tom Stuart] map.resources :products, :only => :show do |product| product.resources :images, :except => :destroy end * Added render :js for people who want to render inline JavaScript replies without using RJS [David Heinemeier Hansson] * Fixed that polymorphic_url should compact given array #1317 [hiroshi] * Fixed the sanitize helper to avoid double escaping already properly escaped entities #683 [antonmos/Ryan McGeary] * Fixed that FormTagHelper generated illegal html if name contained square brackets #1238 [Vladimir Dobriakov] * Fix regression bug that made date_select and datetime_select raise a Null Pointer Exception when a nil date/datetime was passed and only month and year were displayed #1289 [Bernardo Padua/Tor Erik] * Simplified the logging format for parameters (don't include controller, action, and format as duplicates) [David Heinemeier Hansson] * Remove the logging of the Session ID when the session store is CookieStore [David Heinemeier Hansson] * Fixed regex in redirect_to to fully support URI schemes #1247 [Seth Fitzsimmons] * Fixed bug with asset timestamping when using relative_url_root #1265 [Joe Goldwasser] *2.2.0 [RC1] (October 24th, 2008)* * Fix incorrect closing CDATA delimiter and that HTML::Node.parse would blow up on unclosed CDATA sections [packagethief] * Added stale? and fresh_when methods to provide a layer of abstraction above request.fresh? and friends [David Heinemeier Hansson]. Example: class ArticlesController < ApplicationController def show_with_respond_to_block @article = Article.find(params[:id]) # If the request sends headers that differs from the options provided to stale?, then # the request is indeed stale and the respond_to block is triggered (and the options # to the stale? call is set on the response). # # If the request headers match, then the request is fresh and the respond_to block is # not triggered. Instead the default render will occur, which will check the last-modified # and etag headers and conclude that it only needs to send a "304 Not Modified" instead # of rendering the template. if stale?(:last_modified => @article.published_at.utc, :etag => @article) respond_to do |wants| # normal response processing end end end def show_with_implied_render @article = Article.find(params[:id]) # Sets the response headers and checks them against the request, if the request is stale # (i.e. no match of either etag or last-modified), then the default render of the template happens. # If the request is fresh, then the default render will return a "304 Not Modified" # instead of rendering the template. fresh_when(:last_modified => @article.published_at.utc, :etag => @article) end end * Added inline builder yield to atom_feed_helper tags where appropriate [Sam Ruby]. Example: entry.summary :type => 'xhtml' do |xhtml| xhtml.p pluralize(order.line_items.count, "line item") xhtml.p "Shipped to #{order.address}" xhtml.p "Paid by #{order.pay_type}" end * Make PrototypeHelper#submit_to_remote a wrapper around PrototypeHelper#button_to_remote. [Tarmo Tänav] * Set HttpOnly for the cookie session store's cookie. #1046 * Added FormTagHelper#image_submit_tag confirm option #784 [Alastair Brunton] * Fixed FormTagHelper#submit_tag with :disable_with option wouldn't submit the button's value when was clicked #633 [Jose Fernandez] * Stopped logging template compiles as it only clogs up the log [David Heinemeier Hansson] * Changed the X-Runtime header to report in milliseconds [David Heinemeier Hansson] * Changed BenchmarkHelper#benchmark to report in milliseconds [David Heinemeier Hansson] * Changed logging format to be millisecond based and skip misleading stats [David Heinemeier Hansson]. Went from: Completed in 0.10000 (4 reqs/sec) | Rendering: 0.04000 (40%) | DB: 0.00400 (4%) | 200 OK [http://example.com] ...to: Completed in 100ms (View: 40, DB: 4) | 200 OK [http://example.com] * Add support for shallow nesting of routes. #838 [S. Brent Faulkner] Example : map.resources :users, :shallow => true do |user| user.resources :posts end - GET /users/1/posts (maps to PostsController#index action as usual) named route "user_posts" is added as usual. - GET /posts/2 (maps to PostsController#show action as if it were not nested) Additionally, named route "post" is added too. * Added button_to_remote helper. #3641 [Donald Piret, Tarmo Tänav] * Deprecate render_component. Please use render_component plugin from http://github.com/rails/render_component/tree/master [Pratik Naik] * Routes may be restricted to lists of HTTP methods instead of a single method or :any. #407 [Brennan Dunn, Gaius Centus Novus] map.resource :posts, :collection => { :search => [:get, :post] } map.session 'session', :requirements => { :method => [:get, :post, :delete] } * Deprecated implicit local assignments when rendering partials [Josh Peek] * Introduce current_cycle helper method to return the current value without bumping the cycle. #417 [Ken Collins] * Allow polymorphic_url helper to take url options. #880 [Tarmo Tänav] * Switched integration test runner to use Rack processor instead of CGI [Josh Peek] * Made AbstractRequest.if_modified_sense return nil if the header could not be parsed [Jamis Buck] * Added back ActionController::Base.allow_concurrency flag [Josh Peek] * AbstractRequest.relative_url_root is no longer automatically configured by a HTTP header. It can now be set in your configuration environment with config.action_controller.relative_url_root [Josh Peek] * Update Prototype to 1.6.0.2 #599 [Patrick Joyce] * Conditional GET utility methods. [Jeremy Kemper] response.last_modified = @post.updated_at response.etag = [:admin, @post, current_user] if request.fresh?(response) head :not_modified else # render ... end * All 2xx requests are considered successful [Josh Peek] * Fixed that AssetTagHelper#compute_public_path shouldn't cache the asset_host along with the source or per-request proc's won't run [David Heinemeier Hansson] * Removed config.action_view.cache_template_loading, use config.cache_classes instead [Josh Peek] * Get buffer for fragment cache from template's @output_buffer [Josh Peek] * Set config.action_view.warn_cache_misses = true to receive a warning if you perform an action that results in an expensive disk operation that could be cached [Josh Peek] * Refactor template preloading. New abstractions include Renderable mixins and a refactored Template class [Josh Peek] * Changed ActionView::TemplateHandler#render API method signature to render(template, local_assigns = {}) [Josh Peek] * Changed PrototypeHelper#submit_to_remote to PrototypeHelper#button_to_remote to stay consistent with link_to_remote (submit_to_remote still works as an alias) #8994 [clemens] * Add :recursive option to javascript_include_tag and stylesheet_link_tag to be used along with :all. #480 [Damian Janowski] * Allow users to disable the use of the Accept header [Michael Koziarski] The accept header is poorly implemented by browsers and causes strange errors when used on public sites where crawlers make requests too. You can use formatted urls (e.g. /people/1.xml) to support API clients in a much simpler way. To disable the header you need to set: config.action_controller.use_accept_header = false * Do not stat template files in production mode before rendering. You will no longer be able to modify templates in production mode without restarting the server [Josh Peek] * Deprecated TemplateHandler line offset [Josh Peek] * Allow caches_action to accept cache store options. #416. [José Valim]. Example: caches_action :index, :redirected, :if => Proc.new { |c| !c.request.format.json? }, :expires_in => 1.hour * Remove define_javascript_functions, javascript_include_tag and friends are far superior. [Michael Koziarski] * Deprecate :use_full_path render option. The supplying the option no longer has an effect [Josh Peek] * Add :as option to render a collection of partials with a custom local variable name. #509 [Simon Jefford, Pratik Naik] render :partial => 'other_people', :collection => @people, :as => :person This will let you access objects of @people as 'person' local variable inside 'other_people' partial template. * time_zone_select: support for regexp matching of priority zones. Resolves #195 [Ernie Miller] * Made ActionView::Base#render_file private [Josh Peek] * Refactor and simplify the implementation of assert_redirected_to. Arguments are now normalised relative to the controller being tested, not the root of the application. [Michael Koziarski] This could cause some erroneous test failures if you were redirecting between controllers in different namespaces and wrote your assertions relative to the root of the application. * Remove follow_redirect from controller functional tests. If you want to follow redirects you can use integration tests. The functional test version was only useful if you were using redirect_to :id=>... * Fix polymorphic_url with singleton resources. #461 [Tammer Saleh] * Replaced TemplateFinder abstraction with ViewLoadPaths [Josh Peek] * Added block-call style to link_to [Sam Stephenson/David Heinemeier Hansson]. Example: <% link_to(@profile) do %> <%= @profile.name %> -- Check it out!! <% end %> * Performance: integration test benchmarking and profiling. [Jeremy Kemper] * Make caching more aware of mime types. Ensure request format is not considered while expiring cache. [Jonathan del Strother] * Drop ActionController::Base.allow_concurrency flag [Josh Peek] * More efficient concat and capture helpers. Remove ActionView::Base.erb_variable. [Jeremy Kemper] * Added page.reload functionality. Resolves #277. [Sean Huber] * Fixed Request#remote_ip to only raise hell if the HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR doesn't match (not just if they're both present) [Mark Imbriaco, Bradford Folkens] * Allow caches_action to accept a layout option [José Valim] * Added Rack processor [Ezra Zygmuntowicz, Josh Peek] *2.1.0 (May 31st, 2008)* * InstanceTag#default_time_from_options overflows to DateTime [Geoff Buesing] * Fixed that forgery protection can be used without session tracking (Peter Jones) [#139] * Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136] * Change the request forgery protection to go by Content-Type instead of request.format so that you can't bypass it by POSTing to "#{request.uri}.xml" [Rick Olson] * InstanceTag#default_time_from_options with hash args uses Time.current as default; respects hash settings when time falls in system local spring DST gap [Geoff Buesing] * select_date defaults to Time.zone.today when config.time_zone is set [Geoff Buesing] * Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80] * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [David Heinemeier Hansson] * Reduce number of instance variables being copied from controller to view. [Pratik Naik] * select_datetime and select_time default to Time.zone.now when config.time_zone is set [Geoff Buesing] * datetime_select defaults to Time.zone.now when config.time_zone is set [Geoff Buesing] * Remove ActionController::Base#view_controller_internals flag. [Pratik Naik] * Add conditional options to caches_page method. [Paul Horsfall] * Move missing template logic to ActionView. [Pratik Naik] * Introduce ActionView::InlineTemplate class. [Pratik Naik] * Automatically parse posted JSON content for Mime::JSON requests. [Rick Olson] POST /posts {"post": {"title": "Breaking News"}} def create @post = Post.create params[:post] # ... end * add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [Rick Olson] * Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek] e.g. ApplicationController.helpers.simple_format(text) * Improve documentation. [Xavier Noria, leethal, jerome] * Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [Josh Peek, eventualbuddha, Pratik Naik] * Support render :partial => collection of heterogeneous elements. #11491 [Zach Dennis] * Avoid remote_ip spoofing. [Brian Candler] * Added support for regexp flags like ignoring case in the :requirements part of routes declarations #11421 [NeilW] * Fixed that ActionController::Base#read_multipart would fail if boundary was exactly 10240 bytes #10886 [ariejan] * Fixed HTML::Tokenizer (used in sanitize helper) didn't handle unclosed CDATA tags #10071 [esad, packagethief] * Improve documentation. [Ryan Bigg, Jan De Poorter, Cheah Chu Yeow, Xavier Shay, Jack Danger Canty, Emilio Tagua, Xavier Noria, Sunny Ripert] * Fixed that FormHelper#radio_button would produce invalid ids #11298 [harlancrystal] * Added :confirm option to submit_tag #11415 [Emilio Tagua] * Fixed NumberHelper#number_with_precision to properly round in a way that works equally on Mac, Windows, Linux (closes #11409, #8275, #10090, #8027) [zhangyuanyi] * Allow the #simple_format text_helper to take an html_options hash for each paragraph. #2448 [François Beausoleil, Chris O'Sullivan] * Fix regression from filter refactoring where re-adding a skipped filter resulted in it being called twice. [Rick Olson] * Refactor filters to use Active Support callbacks. #11235 [Josh Peek] * Fixed that polymorphic routes would modify the input array #11363 [thomas.lee] * Added :format option to NumberHelper#number_to_currency to enable better localization support #11149 [lylo] * Fixed that TextHelper#excerpt would include one character too many #11268 [Irfy] * Fix more obscure nested parameter hash parsing bug. #10797 [thomas.lee] * Added ActionView::Helpers::register_javascript/stylesheet_expansion to make it easier for plugin developers to inject multiple assets. #10350 [lotswholetime] * Fix nested parameter hash parsing bug. #10797 [thomas.lee] * Allow using named routes in ActionController::TestCase before any request has been made. Closes #11273 [Eloy Duran] * Fixed that sweepers defined by cache_sweeper will be added regardless of the perform_caching setting. Instead, control whether the sweeper should be run with the perform_caching setting. This makes testing easier when you want to turn perform_caching on/off [David Heinemeier Hansson] * Make MimeResponds::Responder#any work without explicit types. Closes #11140 [jaw6] * Better error message for type conflicts when parsing params. Closes #7962 [spicycode, matt] * Remove unused ActionController::Base.template_class. Closes #10787 [Pratik Naik] * Moved template handlers related code from ActionView::Base to ActionView::Template. [Pratik Naik] * Tests for div_for and content_tag_for helpers. Closes #11223 [Chris O'Sullivan] * Allow file uploads in Integration Tests. Closes #11091 [RubyRedRick] * Refactor partial rendering into a PartialTemplate class. [Pratik Naik] * Added that requests with JavaScript as the priority mime type in the accept header and no format extension in the parameters will be treated as though their format was :js when it comes to determining which template to render. This makes it possible for JS requests to automatically render action.js.rjs files without an explicit respond_to block [David Heinemeier Hansson] * Tests for distance_of_time_in_words with TimeWithZone instances. Closes #10914 [Ernesto Jimenez] * Remove support for multivalued (e.g., '&'-delimited) cookies. [Jamis Buck] * Fix problem with render :partial collections, records, and locals. #11057 [lotswholetime] * Added support for naming concrete classes in sweeper declarations [David Heinemeier Hansson] * Remove ERB trim variables from trace template in case ActionView::Base.erb_trim_mode is changed in the application. #10098 [Tim Pope, Chris Kampmeier] * Fix typo in form_helper documentation. #10650 [Xavier Shay, Chris Kampmeier] * Fix bug with setting Request#format= after the getter has cached the value. #10889 [cch1] * Correct inconsistencies in RequestForgeryProtection docs. #11032 [Mislav Marohnić] * Introduce a Template class to ActionView. #11024 [Pratik Naik] * Introduce the :index option for form_for and fields_for to simplify multi-model forms (see http://railscasts.com/episodes/75). #9883 [rmm5t] * Introduce map.resources :cards, :as => 'tarjetas' to use a custom resource name in the URL: cards_path == '/tarjetas'. #10578 [blj] * TestSession supports indifferent access. #7372 [tamc, Arsen7, mhackett, julik, jean.helou] * Make assert_routing aware of the HTTP method used. #8039 [mpalmer] e.g. assert_routing({ :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" }) * Make map.root accept a single symbol as an argument to declare an alias. #10818 [bscofield] e.g. map.dashboard '/dashboard', :controller=>'dashboard' map.root :dashboard * Handle corner case with image_tag when passed 'messed up' image names. #9018 [Duncan Beevers, mpalmer] * Add label_tag helper for generating elements. #10802 [DefV] * Introduce TemplateFinder to handle view paths and lookups. #10800 [Pratik Naik] * Performance: optimize route recognition. Large speedup for apps with many resource routes. #10835 [oleganza] * Make render :partial recognise form builders and use the _form partial. #10814 [Damian Janowski] * Allow users to declare other namespaces when using the atom feed helpers. #10304 [david.calavera] * Introduce send_file :x_sendfile => true to send an X-Sendfile response header. [Jeremy Kemper] * Fixed ActionView::Helpers::ActiveRecordHelper::form for when protect_from_forgery is used #10739 [Jeremy Evans] * Provide nicer access to HTTP Headers. Instead of request.env["HTTP_REFERRER"] you can now use request.headers["Referrer"]. [Michael Koziarski] * UrlWriter respects relative_url_root. #10748 [Cheah Chu Yeow] * The asset_host block takes the controller request as an optional second argument. Example: use a single asset host for SSL requests. #10549 [Cheah Chu Yeow, Peter B, Tom Taylor] * Support render :text => nil. #6684 [tjennings, PotatoSalad, Cheah Chu Yeow] * assert_response failures include the exception message. #10688 [Seth Rasmussen] * All fragment cache keys are now by default prefixed with the "views/" namespace [David Heinemeier Hansson] * Moved the caching stores from ActionController::Caching::Fragments::* to ActiveSupport::Cache::*. If you're explicitly referring to a store, like ActionController::Caching::Fragments::MemoryStore, you need to update that reference with ActiveSupport::Cache::MemoryStore [David Heinemeier Hansson] * Deprecated ActionController::Base.fragment_cache_store for ActionController::Base.cache_store [David Heinemeier Hansson] * Made fragment caching in views work for rjs and builder as well #6642 [Dee Zsombor] * Fixed rendering of partials with layout when done from site layout #9209 [antramm] * Fix atom_feed_helper to comply with the atom spec. Closes #10672 [Xavier Shay] * The tags created do not contain a date (http://feedvalidator.org/docs/error/InvalidTAG.html) * IDs are not guaranteed unique * A default self link was not provided, contrary to the documentation * NOTE: This changes tags for existing atom entries, but at least they validate now. * Correct indentation in tests. Closes #10671 [Luca Guidi] * Fix that auto_link looks for ='s in url paths (Amazon urls have them). Closes #10640 [Brad Greenlee] * Ensure that test case setup is run even if overridden. #10382 [Josh Peek] * Fix HTML Sanitizer to allow trailing spaces in CSS style attributes. Closes #10566 [wesley.moxam] * Add :default option to time_zone_select. #10590 [Matt Aimonetti] *2.0.2* (December 16th, 2007) * Added delete_via_redirect and put_via_redirect to integration testing #10497 [philodespotos] * Allow headers['Accept'] to be set by hand when calling xml_http_request #10461 [BMorearty] * Added OPTIONS to list of default accepted HTTP methods #10449 [holoway] * Added option to pass proc to ActionController::Base.asset_host for maximum configurability #10521 [Cheah Chu Yeow]. Example: ActionController::Base.asset_host = Proc.new { |source| if source.starts_with?('/images') "http://images.example.com" else "http://assets.example.com" end } * Fixed that ActionView#file_exists? would be incorrect if @first_render is set #10569 [dbussink] * Added that Array#to_param calls to_param on all it's elements #10473 [brandon] * Ensure asset cache directories are automatically created. #10337 [Josh Peek, Cheah Chu Yeow] * render :xml and :json preserve custom content types. #10388 [jmettraux, Cheah Chu Yeow] * Refactor Action View template handlers. #10437, #10455 [Josh Peek] * Fix DoubleRenderError message and leave out mention of returning false from filters. Closes #10380 [Frederick Cheung] * Clean up some cruft around ActionController::Base#head. Closes #10417 [ssoroka] *2.0.1* (December 7th, 2007) * Fixed send_file/binary_content for testing #8044 [tolsen] * When a NonInferrableControllerError is raised, make the proposed fix clearer in the error message. Closes #10199 [Jack Danger Canty] * Update Prototype to 1.6.0.1. [sam] * Update script.aculo.us to 1.8.0.1. [madrobby] * Add 'disabled' attribute to