Permalink
Commits on Jan 2, 2013
  1. Merge pull request #8706 from steveklabnik/ip_precautions

    Explain the possible IP precautions
    rafaelfranca committed Jan 2, 2013
  2. Merge pull request #7980 from steveklabnik/issue_7979

    Restore original remote_ip algorithm.
    guilleiguaran committed Jan 2, 2013
  3. Restore original remote_ip algorithm.

    Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
    remove trusted IP values, and then take the last given value, assuming that
    it is the most likely to be the correct, unfaked value. See [1] for a very
    thorough discussion of why that is the best option we have at the moment.
    
    [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
    
    Fixes #7979
    indirect committed Jan 2, 2013
  4. Merge pull request #8697 from goshakkk/undup

    Remove another unnecessary dup
    rafaelfranca committed Jan 2, 2013
  5. CVE-2012-5664 options hashes should only be extracted if there are ex…

    …tra parameters
    
    Conflicts:
    	activerecord/lib/active_record/dynamic_matchers.rb
    tenderlove committed Dec 23, 2012
  6. Merge pull request #8701 from senny/8700_double_slash_with_trailing_s…

    …lash
    
    do not append a second slash when using `trailing_slash: true`
    rafaelfranca committed Jan 2, 2013
  7. Fixing closing </p>

    guilleiguaran committed Jan 2, 2013
  8. Merge pull request #8702 from rubys/master

    Fix a number of validation/style errors
    guilleiguaran committed Jan 2, 2013
  9. Fix a number of validation/style errors:

     * <pre> is not allowed to be nested inside of <p> elements in HTML
     * Indentation of </p> doesn't match corresponding <p>
     * <p> element not explicitly closed
     * One more </div> than <div>
    
    In each case, the template was fixed to match how a HTML5 parser would "see"
    the resulting page.
    rubys committed Jan 2, 2013
  10. Merge pull request #8694 from goshakkk/undup

    Remove unnecessary #dup
    carlosantoniodasilva committed Jan 2, 2013
  11. Merge pull request #8688 from goshakkk/error-page-toggle

    Allow toggling dumps on error page
    guilleiguaran committed Jan 2, 2013
  12. remove unnecessary #dup

    goshakkk committed Jan 2, 2013
  13. Merge pull request #8693 from goshakkk/flatten

    Replace #flatten with Array()
    rafaelfranca committed Jan 2, 2013
  14. Merge pull request #8692 from lucasmazza/error-page-css

    Cleanup the CSS on the new error page.
    rafaelfranca committed Jan 2, 2013
  15. replace #flatten with Array()

    goshakkk committed Jan 2, 2013
  16. Merge pull request #8691 from acapilleri/preload_association

    refactoring to_sym of Symbol in preload
    rafaelfranca committed Jan 2, 2013
  17. Merge pull request #8689 from goshakkk/error-page

    Add source code left padding on error pages
    rafaelfranca committed Jan 2, 2013
  18. add source line padding

    goshakkk committed Jan 2, 2013
  19. Make content_tag_for work without block

    This is version of #8640 for master
    rafaelfranca committed Jan 2, 2013
  20. Merge pull request #8686 from mekishizufu/changelog_entry

    Add missing changelog entry for #8676 [ci skip]
    fxn committed Jan 2, 2013
  21. Merge pull request #8682 from amatsuda/rm_as_frozen_object_error

    remove meaningless AS::FrozenObjectError
    guilleiguaran committed Jan 2, 2013