Commits on Feb 8, 2011
  1. Prepare for the 2.3.11 release

    NZKoz committed Feb 8, 2011
  2. Change the CSRF whitelisting to only apply to get requests

    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
    NZKoz committed Jan 17, 2011
  3. Be sure to javascript_escape the email address to prevent apostrophes…

    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
    NZKoz committed Dec 8, 2010
Commits on Feb 1, 2011
  1. fixing invalid yaml [#4418 state:resolved]

    Signed-off-by: Jeremy Kemper <>
    tenderlove committed Apr 16, 2010
Commits on Jan 19, 2011
  1. Revert "make TestCaseTest work for pre-1.9 rubies, too"

    This reverts commit 8378a44.
    jamis committed Jan 19, 2011
  2. Revert "scrub instance variables from test cases on teardown"

    This reverts commit b5cf2b4.
    jamis committed Jan 19, 2011
  3. Revert "rein in GC during tests by making them run (at most) once per…

    … second"
    This reverts commit a0c761d.
    jamis committed Jan 19, 2011
  4. rein in GC during tests by making them run (at most) once per second

    this can provide a significant performance boost during testing, by
    preventing the GC from running too frequently.
    jamis committed Jan 19, 2011
  5. scrub instance variables from test cases on teardown

    this prevents test state from accumulating, resulting in leaked
    objects and slow tests due to overactive GC.
    jamis committed Jan 19, 2011
  6. Fix doc for #check_box [#6311 state:resolved]

    Signed-off-by: Xavier Noria <>
    jrdioko committed with fxn Jan 18, 2011
Commits on Jan 10, 2011
  1. Revert "use Object#class instead of Object#type"

    This reverts commit 08d94d3.
    jeremy committed Jan 10, 2011
Commits on Jan 9, 2011
Commits on Jan 2, 2011
Commits on Dec 19, 2010
Commits on Dec 7, 2010
  1. Revert "In nested_attributes when association is not loaded and assoc…

    …iation record is saved then in memory record attributes should be saved"
    This reverts commit 12bbc34.
    It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3
    NZKoz committed Dec 7, 2010
  2. Don't add non-new records back to the target array after loading targ…

    …ets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on
    Signed-off-by: Michael Koziarski <>
    willbryant committed with NZKoz Sep 7, 2010
Commits on Dec 1, 2010
  1. Let Rack::Utils.set_cookie_header! create the Set-Cookie header inste…

    …ad of manually fiddling with the response headers [#4941 state:resolved]
    Signed-off-by: José Valim <>
    paukul committed with josevalim Aug 25, 2010
  2. Revert "Fix AbstractStore so that it preserves Set-Cookie header as a…

    …n array, rather than as newline separated strings"
    This reverts commit 36b91e3.
    josevalim committed Dec 1, 2010
Commits on Nov 16, 2010
Commits on Nov 3, 2010
  1. Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 st…

    This is a backport of dd15a3f.
    Signed-off-by: Andrew White <>
    tomstuart committed with pixeltrix Nov 3, 2010
Commits on Oct 27, 2010
Commits on Oct 26, 2010
  1. Don't create a deprecation proxy object if the variable was passed in…

    … local_assigns [#1671 state:resolved]
    pixeltrix committed Oct 25, 2010
Commits on Oct 21, 2010
  1. removing space errors

    tenderlove committed Oct 21, 2010
  2. Fix AbstractStore so that it preserves Set-Cookie header as an array,…

    … rather than as newline separated strings
    omarqureshi committed with tenderlove Oct 11, 2010
  3. bug 1108: yield to block provided to find_or_create_by_x

    Starting in 2.3.8 we stopped yielding to blocks passed in to
    find_or_create_by_x methods.  This patch restores that behavior and
    adds a case to test it.
    ccabot committed with tenderlove Sep 29, 2010
  4. bug 1108: fix a bug with find_or_create_by and additional values

    There was a bug with find_or_create_by_x introduced in 2.3.9 - if you
    included extra parameters for the create() then those parameters would
    confuse the find() so you'd never get to the create().  This patch
    filters the parameters so we only pass to find() the subset that it's
    interested in.  The code for the filtering was modelled on the code in
    base.rb's method_missing().
    ccabot committed with tenderlove Sep 29, 2010
Commits on Oct 14, 2010
  1. Prepare for the 2.3.10 release

    NZKoz committed Oct 14, 2010
  2. Revert 7d2173e which introduced a security vulnerability.

    This addresses  CVE-2010-3933
    NZKoz committed Oct 11, 2010
Commits on Oct 11, 2010
  1. require 'uri' in action_controller/url_rewriter [#5555 state:resolved]

    Signed-off-by: José Valim <>
    gbuesing committed with josevalim Oct 4, 2010
Commits on Oct 4, 2010
Commits on Sep 30, 2010
  1. fixing space errors

    tenderlove committed Sep 30, 2010
  2. AssociationCollection#include? working properly for objects added wit…

    …h build method [#3472 state:resolved]
    marklazz committed with tenderlove Sep 4, 2010