Permalink
Commits on Apr 22, 2013
Commits on Apr 9, 2013
  1. Merge branch '2-3-later' into 2-3-stable

    * 2-3-later:
      adding test for CVE
    tenderlove committed Apr 9, 2013
Commits on Apr 4, 2013
  1. typo

    fxn committed Apr 4, 2013
  2. removes the obsolete task pdoc

    fxn committed Apr 4, 2013
  3. Revert "Revert "Revert "Switched to newer rdoc and gem package tasks …

    …(and their requires)."""
    
    We need an old RDoc to be able to generate the API.
    
    This reverts commit af7da4d.
    fxn committed Apr 4, 2013
Commits on Mar 18, 2013
  1. bumping to 2.3.18

    tenderlove committed Mar 18, 2013
  2. Revert "Revert "Switched to newer rdoc and gem package tasks (and the…

    …ir requires).""
    
    I can't build the gems without reverting this commit.
    
    This reverts commit dad3109.
    tenderlove committed Mar 18, 2013
Commits on Mar 16, 2013
  1. fix protocol checking in sanitization [CVE-2013-1857]

    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
    	actionpack/test/controller/html-scanner/sanitizer_test.rb
    tenderlove committed Mar 15, 2013
  2. fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]

    Conflicts:
    	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
    charliesome committed with tenderlove Feb 12, 2013
Commits on Feb 15, 2013
  1. Revert "Switched to newer rdoc and gem package tasks (and their requi…

    …res)."
    
    This is a manual revert of commit 79aa54d, since the commit itself touches
    in addition some version numbers.
    
    API generation before Rails 3 uses the Jamis template, which requires an
    old version of RDoc. To generate the API you need Rake 0.8.x or 0.9.x,
    and the RDoc distributed with 1.8.7 (version 1.0.1).
    fxn committed Feb 15, 2013
Commits on Feb 11, 2013
  1. Merge branch '2-3-sec' into 2-3-stable

    * 2-3-sec:
      bumping to 2.3.17
      fix serialization vulnerability
      fixing attr_protected CVE-2013-0276
    tenderlove committed Feb 11, 2013
  2. Revert "Merge pull request #9251 from Davidslv/patch-1"

    This reverts commit d6adcb4, reversing
    changes made to 2e4aa39.
    
    Reason: merged to unmaintained branch.
    carlosantoniodasilva committed Feb 11, 2013
  3. Merge pull request #9251 from Davidslv/patch-1

    Add alias to maintain coherence with other methods, in end_of_day
    carlosantoniodasilva committed Feb 11, 2013
  4. Update activesupport/lib/active_support/core_ext/time/calculations.rb

    Just maintaining the coherence with other methods, since everything has "at_" as prefix.
    Davidslv committed Feb 11, 2013
  5. bumping to 2.3.17

    tenderlove committed Feb 11, 2013
Commits on Feb 10, 2013
  1. adding test for CVE

    tenderlove committed Feb 10, 2013
Commits on Feb 6, 2013
  1. Merge pull request #9194 from kwstannard/2-3-stable

    Docs: Fixed bad exists? documentation.
    fxn committed Feb 6, 2013
Commits on Feb 5, 2013
  1. Docs: Fixed bad exists? documentation.

    Base#exists? does not actually take options like finder methods. Trying
    to use what the documentation suggests will return a PG error because it
    will look for a column named 'conditions'.
    
    I changed the documentation to reflect how the exists? method actually
    works.
    kwstannard committed Feb 5, 2013
Commits on Feb 2, 2013
  1. use the decimal HTML escape code for single quotes instead of the hex…

    … one so webkit-based browsers properly translate the code in form fields
    morgancurrie committed with rafaelfranca Feb 1, 2013
Commits on Jan 28, 2013
  1. Merge pull request #9099 from pietro/2-3-gemspec-bump

    Bump version on 2.3 gemspecs too.
    carlosantoniodasilva committed Jan 28, 2013
  2. Bump version on gemspecs too.

    Pietro Monteiro committed Jan 28, 2013
  3. bumping version

    tenderlove committed Jan 28, 2013
  4. Add an OkJson backend and remove the YAML backend

    Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
    NZKoz committed with tenderlove Jan 23, 2013
Commits on Jan 24, 2013
  1. backporting deep_munge

    tenderlove committed Jan 24, 2013
  2. Squashed commit of the following:

    commit 9ef905f
    Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
    Date:   Tue Aug 7 22:38:40 2012 -0300
    
        Fix tests about single quote escaping
    
    commit 780a718
    Author: Santiago Pastorino <santiago@wyeworks.com>
    Date:   Tue Jul 31 22:25:54 2012 -0300
    
        html_escape should escape single quotes
    
        https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
        Closes #7215
    
        Conflicts:
        	actionpack/test/controller/new_base/render_template_test.rb
        	actionpack/test/template/asset_tag_helper_test.rb
        	actionpack/test/template/erb_util_test.rb
        	actionpack/test/template/javascript_helper_test.rb
        	actionpack/test/template/template_test.rb
        	activesupport/lib/active_support/core_ext/string/output_safety.rb
        	activesupport/test/core_ext/string_ext_test.rb
        	railties/test/application/assets_test.rb
    tenderlove committed Aug 8, 2012
  3. Do not mark strip_tags result as html_safe

    Thanks to Marek Labos & Nethemba
    spastorino committed with tenderlove Aug 8, 2012
  4. fixing load error messages

    tenderlove committed Jan 24, 2013
Commits on Jan 22, 2013
  1. Merge pull request #9030 from johndouthat/2-3-stable

    Add .gemspec files to 2-3-stable to help Bundler
    steveklabnik committed Jan 22, 2013
  2. Add gemspecs for bundler

    johndouthat committed Jan 21, 2013