Skip to content
Commits on Feb 18, 2014
  1. @guilleiguaran

    Fix render plain docs example in AM::Base

    guilleiguaran committed Feb 18, 2014
    The errors were introduced in e220a34
  2. @guilleiguaran

    Merge pull request #14099 from robertomiranda/render-text-2-plain

    guilleiguaran committed Feb 18, 2014
    Update Docs in favor to use render plain instead of text option
  3. @robertomiranda
  4. @arthurnn

    Merge pull request #14098 from Amit-Thawait/master

    arthurnn committed Feb 18, 2014
    Typo fix for unscope [ci skip]
  5. @Amit-Thawait

    Typo fix for unscope

    Amit-Thawait committed Feb 18, 2014
  6. @rafaelfranca

    Use the reference for the mime type to get the format

    rafaelfranca committed Feb 18, 2014
    Before we were calling to_sym in the mime type, even when it is unknown
    what can cause denial of service since symbols are not removed by the
    garbage collector.
    
    Fixes: CVE-2014-0082
  7. @rafaelfranca

    Merge branch '4-1-0-beta2'

    rafaelfranca committed Feb 18, 2014
    Conflicts:
    	actionview/CHANGELOG.md
    	activerecord/CHANGELOG.md
  8. @rafaelfranca
  9. @tenderlove @rafaelfranca

    Correctly escape PostgreSQL arrays.

    tenderlove committed with rafaelfranca Feb 12, 2014
    Thanks Godfrey Chan for reporting this!
    
    Fixes: CVE-2014-0080
  10. @rafaelfranca

    Escape format, negative_format and units options of number helpers

    rafaelfranca committed Feb 11, 2014
    Previously the values of these options were trusted leading to
    potential XSS vulnerabilities.
    
    Fixes: CVE-2014-0081
  11. @chancancode

    Merge pull request #14097 from chancancode/sync_4_1_release_notes

    chancancode committed Feb 18, 2014
    Sync 4.1 release notes with changes since 7f648bc
  12. @chancancode
  13. @rafaelfranca

    Merge pull request #14062 from sikachu/ps-render-format

    rafaelfranca committed Feb 18, 2014
    Introduce `:plain`, `:html`, and `:body` render options.
  14. @sikachu
  15. @sikachu

    Add `#no_content_type` attribute to `AD::Response`

    sikachu committed Feb 14, 2014
    Setting this attribute to `true` will remove the content type header
    from the request. This is use in `render :body` feature.
  16. @sikachu
  17. @sikachu

    Update guides for new rendering options

    sikachu committed Feb 14, 2014
    * Introduces `:plain`, `:html`, `:body` render option.
    * Update guide to use `render :plain` instead of `render :text`.
  18. @sikachu
  19. @sikachu

    Fix a fragile test on `action_view/render`

    sikachu committed Feb 14, 2014
    This test were assuming that the list of render options will always be
    the same. Fixing that so this doesn't break when we add/remove render
    option in the future.
  20. @sikachu

    Introduce `render :html` for render HTML string

    sikachu committed Feb 14, 2014
    This is an option for to HTML content with a content type of
    `text/html`. This rendering option calls `ERB::Util.html_escape`
    internally to escape unsafe HTML string, so you will have to mark your
    string as html safe if you have any HTML tag in it.
    
    Please see #12374 for more detail.
  21. @sikachu

    Introduce `render :plain` for render plain text

    sikachu committed Feb 7, 2014
    This is as an option to render content with a content type of
    `text/plain`. This is the preferred option if you are planning to render
    a plain text content.
    
    Please see #12374 for more detail.
  22. @sikachu
  23. @sikachu

    Introduce `render :body` for render raw content

    sikachu committed Jan 31, 2014
    This is an option for sending a raw content back to browser. Note that
    this rendering option will unset the default content type and does not
    include "Content-Type" header back in the response.
    
    You should only use this option if you are expecting the "Content-Type"
    header to not be set. More information on "Content-Type" header can be
    found on RFC 2616, section 7.2.1.
    
    Please see #12374 for more detail.
  24. @rafaelfranca

    Merge pull request #14095 from rails/rm-scopes

    rafaelfranca committed Feb 18, 2014
    Document `default_scope` changes
  25. @rafaelfranca
  26. @rafaelfranca
  27. @rafaelfranca

    Document the default scopes change on the release notes, CHANGELOG

    rafaelfranca committed Feb 18, 2014
    and upgrating guides
    
    [ci skip]
  28. @carlosantoniodasilva

    Merge pull request #14094 from kalabiyau/fix_parameters_naming

    carlosantoniodasilva committed Feb 18, 2014
    Fix parameter naming in RemoteIp middleware constructor method [ci skip]
  29. @carlosantoniodasilva
  30. @carlosantoniodasilva
  31. @dhh
  32. @guilleiguaran

    Merge pull request #14096 from arthurnn/precompile_all

    guilleiguaran committed Feb 18, 2014
    Upgrade Doc: assets:precompile:all was removed on 4
  33. @dhh
  34. @arthurnn
  35. @rafaelfranca

    Aesthetic [ci skip]

    rafaelfranca committed Feb 18, 2014
Something went wrong with that request. Please try again.