Skip to content
This repository
branch: 2-3-stable

Apr 22, 2013

  1. Xavier Noria

    allow the branch to be managed with a modern rake

    authored

Apr 09, 2013

  1. Aaron Patterson

    Merge branch '2-3-later' into 2-3-stable

    * 2-3-later:
      adding test for CVE
    authored

Apr 04, 2013

  1. Xavier Noria

    typo

    authored
  2. Xavier Noria

    removes the obsolete task pdoc

    authored
  3. Xavier Noria

    enforces rake 0.8.0 in the Rakefile

    authored
  4. Xavier Noria

    Revert "Revert "Revert "Switched to newer rdoc and gem package tasks …

    …(and their requires)."""
    
    We need an old RDoc to be able to generate the API.
    
    This reverts commit af7da4d.
    authored

Mar 18, 2013

  1. Aaron Patterson

    bumping to 2.3.18

    authored
  2. Aaron Patterson

    Revert "Revert "Switched to newer rdoc and gem package tasks (and the…

    …ir requires).""
    
    I can't build the gems without reverting this commit.
    
    This reverts commit dad3109.
    authored

Mar 16, 2013

  1. Aaron Patterson

    fix protocol checking in sanitization [CVE-2013-1857]

    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
    	actionpack/test/controller/html-scanner/sanitizer_test.rb
    authored
  2. Charlie Somerville

    fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
    authored tenderlove committed
  3. Aaron Patterson

    stop calling to_sym when building arel nodes [CVE-2013-1854]

    authored

Feb 15, 2013

  1. Xavier Noria

    Revert "Switched to newer rdoc and gem package tasks (and their requi…

    …res)."
    
    This is a manual revert of commit 79aa54d, since the commit itself touches
    in addition some version numbers.
    
    API generation before Rails 3 uses the Jamis template, which requires an
    old version of RDoc. To generate the API you need Rake 0.8.x or 0.9.x,
    and the RDoc distributed with 1.8.7 (version 1.0.1).
    authored

Feb 11, 2013

  1. Aaron Patterson

    Merge branch '2-3-sec' into 2-3-stable

    * 2-3-sec:
      bumping to 2.3.17
      fix serialization vulnerability
      fixing attr_protected CVE-2013-0276
    authored
  2. Carlos Antonio da Silva

    Revert "Merge pull request #9251 from Davidslv/patch-1"

    This reverts commit d6adcb4, reversing
    changes made to 2e4aa39.
    
    Reason: merged to unmaintained branch.
  3. Carlos Antonio da Silva

    Merge pull request #9251 from Davidslv/patch-1

    Add alias to maintain coherence with other methods, in end_of_day
  4. David Silva

    Update activesupport/lib/active_support/core_ext/time/calculations.rb

    Just maintaining the coherence with other methods, since everything has "at_" as prefix.
    authored
  5. Aaron Patterson

    bumping to 2.3.17

    authored
  6. Tobias Kraze

    fix serialization vulnerability

    authored tenderlove committed

Feb 10, 2013

  1. Aaron Patterson

    adding test for CVE

    authored
  2. Aaron Patterson

    fixing attr_protected CVE-2013-0276

    authored

Feb 06, 2013

  1. Xavier Noria

    Merge pull request #9194 from kwstannard/2-3-stable

    Docs: Fixed bad exists? documentation.
    authored

Feb 05, 2013

  1. Kelly Stannard

    Docs: Fixed bad exists? documentation.

    Base#exists? does not actually take options like finder methods. Trying
    to use what the documentation suggests will return a PG error because it
    will look for a column named 'conditions'.
    
    I changed the documentation to reflect how the exists? method actually
    works.
    authored

Feb 02, 2013

  1. Rafael Mendonça França

    Fix the tests related with single quotes being escaped

    Closes #9144
    Fixes #9145
    authored
  2. Morgan Currie

    use the decimal HTML escape code for single quotes instead of the hex…

    … one so webkit-based browsers properly translate the code in form fields
    authored rafaelfranca committed

Jan 28, 2013

  1. Carlos Antonio da Silva

    Merge pull request #9099 from pietro/2-3-gemspec-bump

    Bump version on 2.3 gemspecs too.
  2. pietro

    Bump version on gemspecs too.

    authored
  3. Aaron Patterson

    bumping version

    authored
  4. Michael Koziarski

    Add an OkJson backend and remove the YAML backend

    Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
    authored tenderlove committed

Jan 24, 2013

  1. Aaron Patterson

    removing [nil] from the params

    authored
  2. Aaron Patterson

    backporting deep_munge

    authored
  3. Aaron Patterson

    Squashed commit of the following:

    commit 9ef905f
    Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
    Date:   Tue Aug 7 22:38:40 2012 -0300
    
        Fix tests about single quote escaping
    
    commit 780a718
    Author: Santiago Pastorino <santiago@wyeworks.com>
    Date:   Tue Jul 31 22:25:54 2012 -0300
    
        html_escape should escape single quotes
    
        https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
        Closes #7215
    
        Conflicts:
        	actionpack/test/controller/new_base/render_template_test.rb
        	actionpack/test/template/asset_tag_helper_test.rb
        	actionpack/test/template/erb_util_test.rb
        	actionpack/test/template/javascript_helper_test.rb
        	actionpack/test/template/template_test.rb
        	activesupport/lib/active_support/core_ext/string/output_safety.rb
        	activesupport/test/core_ext/string_ext_test.rb
        	railties/test/application/assets_test.rb
    authored
  4. Santiago Pastorino

    Do not mark strip_tags result as html_safe

    Thanks to Marek Labos & Nethemba
    authored tenderlove committed
  5. Aaron Patterson

    fixing load error messages

    authored

Jan 22, 2013

  1. Steve Klabnik

    Merge pull request #9030 from johndouthat/2-3-stable

    Add .gemspec files to 2-3-stable to help Bundler
    authored
  2. John F. Douthat

    Add gemspecs for bundler

    authored
Something went wrong with that request. Please try again.