Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Jun 12, 2012
  1. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Jun 11, 2012
  1. @tenderlove

    bumping version numbers

    tenderlove authored
  2. @tenderlove
  3. @tenderlove
  4. @tenderlove

    Merge branch '3-1-stable-sec' into 3-1-stable-rel

    tenderlove authored
    * 3-1-stable-sec:
      Array parameters should not contain nil values.
      Additional fix for CVE-2012-2661
  5. @rafaelfranca
  6. @kennyj @tenderlove

    Change the string to use in test case.

    kennyj authored tenderlove committed
    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    	activerecord/test/cases/adapters/mysql2/schema_test.rb
  7. @kennyj @tenderlove

    Fix GH #3163. Should quote database on mysql/mysql2.

    kennyj authored tenderlove committed
    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    
    Conflicts:
    
    	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
  8. @tenderlove
Commits on Jun 8, 2012
  1. @ernie @tenderlove

    Additional fix for CVE-2012-2661

    ernie authored tenderlove committed
    While the patched PredicateBuilder in 3.1.5 prevents a user
    from specifying a table name using the `table.column` format,
    it doesn't protect against the nesting of hashes changing the
    table context in the next call to build_from_hash. This fix
    covers this case as well.
Commits on May 31, 2012
  1. @tenderlove

    Merge branch '3-1-rel' into 3-1-stable

    tenderlove authored
    * 3-1-rel:
      bumping to 3.1.5
      updating the CHANGELOG
      bumping to 3.1.5.rc1
  2. @tenderlove

    Merge branch '3-1-stable-sec' into 3-1-stable

    tenderlove authored
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
  3. @tenderlove

    bumping to 3.1.5

    tenderlove authored
  4. @tenderlove

    updating the CHANGELOG

    tenderlove authored
  5. @tenderlove

    Merge branch '3-1-stable-sec' into 3-1-rel

    tenderlove authored
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. @tenderlove

    Strip [nil] from parameters hash.

    tenderlove authored
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
  2. @tenderlove

    predicate builder should not recurse for determining where columns.

    tenderlove authored
    Thanks to Ben Murphy for reporting this
    
    CVE-2012-2661
Commits on May 29, 2012
  1. @rafaelfranca

    Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…

    rafaelfranca authored
    …gh-exceptions
    
    Exceptions like Interrupt should not be rescued in tests.
  2. @floehopper

    Exceptions like Interrupt should not be rescued in tests.

    floehopper authored
    This is a back-port of rails/rails#6525. See the commit notes there for
    details.
Commits on May 28, 2012
  1. @tenderlove

    bumping to 3.1.5.rc1

    tenderlove authored
Commits on May 13, 2012
  1. @rafaelfranca

    Merge pull request #3237 from sakuro/data-url-scheme

    rafaelfranca authored
    Support data: url scheme
  2. @spastorino
  3. @guilleiguaran
Commits on May 11, 2012
  1. @spastorino
  2. @arunagw
  3. @drogus

    Merge pull request #6261 from carlosantoniodasilva/fix-build-3-1

    drogus authored
    Fix build 3-1-stable
  4. @carlosantoniodasilva
Commits on May 10, 2012
  1. @pixeltrix
  2. @pixeltrix

    Refactor the handling of default_url_options in integration tests

    pixeltrix authored
    This commit improves the handling of default_url_options in integration
    tests by making behave closer to how a real application operates.
    
    Specifically the following issues have been addressed:
    
    * Options specified in routes.rb are used (fixes #546)
    * Options specified in controllers are used
    * Request parameters are recalled correctly
    * Tests can override default_url_options directly
Commits on May 4, 2012
  1. @jeremy

    Merge pull request #6152 from route/assets_precompile_task_3_1

    jeremy authored
    Just cherry-picked fixes for asset precompile for 3-1-stable
  2. @route
  3. @route
Commits on May 2, 2012
  1. @pixeltrix

    Reset the request parameters after a constraints check

    pixeltrix authored
    A callable object passed as a constraint for a route may access the request
    parameters as part of its check. This causes the combined parameters hash
    to be cached in the environment hash. If the constraint fails then any subsequent
    access of the request parameters will be against that stale hash.
    
    To fix this we delete the cache after every call to `matches?`. This may have a
    negative performance impact if the contraint wraps a large number of routes as the
    parameters hash is built by merging GET, POST and path parameters.
    
    Fixes #2510.
    (cherry picked from commit 5603050)
Commits on May 1, 2012
  1. @vijaydev
Commits on Apr 30, 2012
  1. @IamNaN @pixeltrix

    Correcting some confusion. Pago Pago is part of American Samoa, not S…

    IamNaN authored pixeltrix committed
    …amoa.
    
    Further, Samoa and Tokelau jumped across the IDL from Dec 29 to Dec 31, 2011
    switching from UTC-11 to UTC+13. American Samoa did not make the change and
    remains at UTC-11. Pacific/Fakaofo and Pacific/Apia are in TZInfo and
    documentation about the dateline change is in austalasia at IANA.
    
    (cherry picked from commit 5fe88b1)
Something went wrong with that request. Please try again.