Permalink
Switch branches/tags
Commits on Sep 11, 2009
  1. Remove redundant checks for valid character regexp in ActiveSupport::…

    bohford authored and jeremy committed Sep 10, 2009
    …Multibyte#clean and #verify.
    
    [#3181 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Sep 1, 2009
  1. Clean tag attributes before passing through the escape_once logic.

    NZKoz committed Aug 31, 2009
    Addresses CVE-2009-3009
  2. Add methods for string verification and encoding cleanup code.

    Manfred authored and NZKoz committed Sep 1, 2009
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
Commits on Feb 12, 2009
  1. Allow memcache-client versions > 1.5.x to override bundled version

    Joshua Sierles authored and josh committed Feb 12, 2009
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
Commits on Jan 15, 2009
Commits on Jan 4, 2009
Commits on Dec 16, 2008
  1. Revert "Make constantize look into ancestors"

    jeremy committed Dec 16, 2008
    [#410 state:open]
    
    This reverts commit eca79e6.
Commits on Dec 15, 2008
  1. Make constantize look into ancestors

    jeremy committed Dec 15, 2008
    [#410 state:resolved]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    
    Conflicts:
    
    	activesupport/lib/active_support/inflector.rb
  2. Fixed session related memory leak [#1558 state:resolved]

    fcheung authored and josh committed Dec 11, 2008
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
Commits on Dec 10, 2008
  1. Revert "Fix: counter_cache should decrement on deleting associated re…

    jeremy committed Dec 10, 2008
    …cords."
    
    [#1196 state:open]
    
    This reverts commit 757e436.
  2. Fix: counter_cache should decrement on deleting associated records.

    miloops authored and jeremy committed Dec 2, 2008
    [#1195 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Dec 8, 2008
  1. Change field_changed? method to handle the case where a nullable inte…

    Ben Symonds authored and jeremy committed Dec 8, 2008
    …ger column is changed from 0 to '0'
    
    [#1530 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Nov 23, 2008
  1. Changed the fallback String#each_char to use valid 1.9 syntax.

    tomlea authored and jeremy committed Aug 14, 2008
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Nov 18, 2008
  1. Verify form submissions for text/plain posts too.

    NZKoz committed Nov 16, 2008
    Some browsers can POST requests with text/plain encoding, allowing attackers to  potentially subvert the request forgery prevention.
    
    http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
Commits on Nov 14, 2008
Commits on Oct 26, 2008
Commits on Oct 25, 2008
  1. Fix binary data corruption bug in PostgreSQL adaptor

    AdamMajer authored and NZKoz committed Sep 20, 2008
      1. Move the binary escape/unescape from column to the driver - we should store binary data AR just like most other adaptors
      2. check to make sure we only unescape bytea data
         PGresult.ftype( column ) == 17
      that is passed to us in escaped format
         PGresult.fformat( column ) == 0
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    [#1063 state:committed]
Commits on Oct 24, 2008
  1. Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes.

    packagethief authored and jeremy committed Oct 22, 2008
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  2. Fix that HTML::Node.parse would blow up on unclosed CDATA sections.

    packagethief authored and jeremy committed Oct 22, 2008
    If an unclosed CDATA section is encountered and parsing is strict, an
    exception will be raised. Otherwise, we consider the remainder of the line to
    be the section contents. This is consistent with HTML::Tokenizer#scan_tag.
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Oct 23, 2008
  1. Latest release.rb script

    dhh committed Oct 23, 2008
  2. Make ready for the 2.1.2 release

    dhh committed Oct 23, 2008
Commits on Oct 21, 2008
  1. Fix script/generate warning

    lifo committed Oct 21, 2008
Commits on Oct 20, 2008
  1. Bundle TzInfo version 0.3.11

    gbuesing committed Oct 20, 2008
Commits on Oct 19, 2008
  1. Sanitize the URLs passed to redirect_to to prevent a potential respon…

    NZKoz committed Oct 14, 2008
    …se spli
    
    CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
Commits on Oct 17, 2008