Skip to content
Commits on Aug 16, 2011
  1. @tenderlove
  2. @tenderlove
  3. @tenderlove

    fixing sql injection problem

    tenderlove committed
  4. @tenderlove

    2.3.14. yay. :'(

    tenderlove committed
  5. @tenderlove

    bumping to 2.3.13

    tenderlove committed
  6. @tenderlove
  7. @tenderlove

    adding notification for rdoc

    tenderlove committed
Commits on Aug 4, 2011
  1. @tenderlove
Commits on Jul 27, 2011
  1. @fxn

    contrib app minor tweak

    fxn committed
Commits on Jun 17, 2011
  1. @josevalim

    Merge pull request #1740 from Antiarchitect/2-3-stable

    josevalim committed
    Fix OrderedHash merging with block given.
  2. @Antiarchitect
Commits on Jun 16, 2011
  1. @Antiarchitect
Commits on Jun 9, 2011
  1. @bcardarella @tenderlove

    Remove deprecation warning for ActiveRecord::Errors#generate_message.…

    bcardarella committed with tenderlove
    … This is the same API that ActiveModel ended up using and that won't be changing.
Commits on Jun 7, 2011
  1. @tenderlove
Commits on May 25, 2011
  1. @zenspider

    + Switched to newer rdoc and gem package tasks (and their requires).

    zenspider committed
    + Fixed deprecated usage in gemspecs.
    Bumped the version to 2.3.12 so I could test locally with actual
    installs. If this is bad form for this project, please beat me up and
    I'll split them out.
Commits on May 12, 2011
  1. @zenspider

    Removed the bulk of the deprecations by simply not calling refresh.

    zenspider committed
    This may cause problems. I dunno.
    The real solution is to get rid of all of this mess and use gem paths properly.
  2. @zenspider

    Fixed buggy gem activation. Don't pass a dependency to gem, pass the

    zenspider committed
    name and requirement. Better, just activate the spec for the
    dependency (1.8 only)
  3. @zenspider

    Removed buggy GemDependency#requirement override. Overrides should NE…

    zenspider committed
    …VER change the semantics of the parent (returning nil if default).
  4. @zenspider
  5. @zenspider
Commits on Apr 28, 2011
  1. @josevalim

    Merged pull request #198 from robdimarco/2-3-stable.

    josevalim committed
    Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
  2. @josevalim

    Merged pull request #331 from daphonz/2-3-stable.

    josevalim committed
    Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
  3. @daphonz

    Fixing dynamic finders on associations to properly send arguments to …

    daphonz committed
    …the find_by_* method. Closes issue #330.
    Commit fdfc8e3 introduced a bugfix to prevent additional values passed
    to a dynamic find_or_create_by_x methods from confusing the finder.
    This patch also broke the essential behavior of this method on an
    association by incorrectly sending arguments to the find_by_x methods.
    The finder method would always see its inputs as a single array of
    values instead of individual arguments, almost guaranteeing that the
    finder call would be incorrect, and that we'd always create a new
    record instead.
    This patch adds a splat operator to the parameter array we send along to
    the dynamic finder so that it receives its inputs correctly, and
    includes an additional test to ensure that repeated calls to
    find_or_create_by_x only creates one new record.
Commits on Apr 14, 2011
  1. @gmarik @josevalim

    respect :expire_after option

    gmarik committed with josevalim
    - it was broken after
    - there's also
    - also: maybe it worth making Rack understand :expire_after as we
    duplicate same logic in [cookie_store](
    Signed-off-by: José Valim <>
Commits on Mar 1, 2011
  1. @robdimarco
  2. @robdimarco
Commits on Feb 20, 2011
  1. @vijaydev @spastorino

    fix incorrect version in deprecation message

    vijaydev committed with spastorino
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 9, 2011
  1. @tenderlove
Commits on Feb 8, 2011
  1. @NZKoz

    Prepare for the 2.3.11 release

    NZKoz committed
  2. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz committed
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  3. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz committed
    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
Commits on Feb 1, 2011
  1. @tenderlove

    fixing invalid yaml [#4418 state:resolved]

    tenderlove committed
    Signed-off-by: Jeremy Kemper <>
Commits on Jan 19, 2011
  1. @jamis

    Revert "make TestCaseTest work for pre-1.9 rubies, too"

    jamis committed
    This reverts commit 8378a44.
  2. @jamis
  3. @jamis

    Revert "rein in GC during tests by making them run (at most) once per…

    jamis committed
    … second"
    This reverts commit a0c761d.
Something went wrong with that request. Please try again.