Skip to content
Commits on Sep 11, 2009
  1. @bohford @jeremy

    Remove redundant checks for valid character regexp in ActiveSupport::…

    bohford committed with jeremy
    …Multibyte#clean and #verify.
    
    [#3181 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Sep 1, 2009
  1. @NZKoz

    Clean tag attributes before passing through the escape_once logic.

    NZKoz committed
    Addresses CVE-2009-3009
  2. @Manfred @NZKoz

    Add methods for string verification and encoding cleanup code.

    Manfred committed with NZKoz
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
Commits on Feb 12, 2009
  1. @josh

    Allow memcache-client versions > 1.5.x to override bundled version

    Joshua Sierles committed with josh
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
Commits on Jan 15, 2009
  1. @jeremy
Commits on Jan 4, 2009
  1. @gbuesing
Commits on Dec 16, 2008
  1. @jeremy

    Revert "Make constantize look into ancestors"

    jeremy committed
    [#410 state:open]
    
    This reverts commit eca79e6.
Commits on Dec 15, 2008
  1. @jeremy

    Make constantize look into ancestors

    jeremy committed
    [#410 state:resolved]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    
    Conflicts:
    
    	activesupport/lib/active_support/inflector.rb
  2. @fcheung @josh

    Fixed session related memory leak [#1558 state:resolved]

    fcheung committed with josh
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
Commits on Dec 10, 2008
  1. @jeremy

    Revert "Fix: counter_cache should decrement on deleting associated re…

    jeremy committed
    …cords."
    
    [#1196 state:open]
    
    This reverts commit 757e436.
  2. @miloops @jeremy

    Fix: counter_cache should decrement on deleting associated records.

    miloops committed with jeremy
    [#1195 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Dec 8, 2008
  1. @jeremy

    Change field_changed? method to handle the case where a nullable inte…

    Ben Symonds committed with jeremy
    …ger column is changed from 0 to '0'
    
    [#1530 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Nov 23, 2008
  1. @cwninja @jeremy

    Changed the fallback String#each_char to use valid 1.9 syntax.

    cwninja committed with jeremy
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Nov 18, 2008
  1. @NZKoz

    Verify form submissions for text/plain posts too.

    NZKoz committed
    Some browsers can POST requests with text/plain encoding, allowing attackers to  potentially subvert the request forgery prevention.
    
    http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
  2. @gbuesing
  3. @gbuesing
  4. @philr @gbuesing
  5. @gbuesing

    Update bundled TZInfo to 0.3.12

    gbuesing committed
Commits on Nov 14, 2008
  1. @lifo
  2. @lifo
  3. @lifo
Commits on Oct 26, 2008
  1. @NZKoz
Commits on Oct 25, 2008
  1. @AdamMajer @NZKoz

    Fix binary data corruption bug in PostgreSQL adaptor

    AdamMajer committed with NZKoz
      1. Move the binary escape/unescape from column to the driver - we should store binary data AR just like most other adaptors
      2. check to make sure we only unescape bytea data
         PGresult.ftype( column ) == 17
      that is passed to us in escaped format
         PGresult.fformat( column ) == 0
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    [#1063 state:committed]
Commits on Oct 24, 2008
  1. @lifo
  2. @packagethief @jeremy

    Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes.

    packagethief committed with jeremy
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  3. @packagethief @jeremy

    Fix that HTML::Node.parse would blow up on unclosed CDATA sections.

    packagethief committed with jeremy
    If an unclosed CDATA section is encountered and parsing is strict, an
    exception will be raised. Otherwise, we consider the remainder of the line to
    be the section contents. This is consistent with HTML::Tokenizer#scan_tag.
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Commits on Oct 23, 2008
  1. @dhh

    Latest release.rb script

    dhh committed
  2. @dhh
  3. @dhh

    Make ready for the 2.1.2 release

    dhh committed
Commits on Oct 21, 2008
  1. @lifo

    Fix script/generate warning

    lifo committed
Commits on Oct 20, 2008
  1. @geoffgarside @gbuesing
  2. @gbuesing
  3. @gbuesing

    Bundle TzInfo version 0.3.11

    gbuesing committed
Commits on Oct 19, 2008
  1. @NZKoz

    Sanitize the URLs passed to redirect_to to prevent a potential respon…

    NZKoz committed
    …se spli
    
    CGI.rb and mongrel don't do any sanitization of the contents of HTTP headers
Commits on Oct 17, 2008
  1. @lifo
Something went wrong with that request. Please try again.