Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Aug 9, 2012
  1. @spastorino

    Bump to 3.1.8

    spastorino authored
  2. @spastorino

    Do not mark strip_tags result as html_safe

    spastorino authored
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  3. @spastorino

    escape select_tag :prompt values

    spastorino authored
    CVE-2012-3463
Commits on Aug 7, 2012
  1. @spastorino
Commits on Jul 26, 2012
  1. @tenderlove

    bumping to 3.1.7

    tenderlove authored
  2. @tenderlove

    updating rails release date

    tenderlove authored
  3. @tenderlove

    updating changelog with CVE

    tenderlove authored
  4. @tenderlove
Commits on Jul 23, 2012
  1. @tenderlove

    updating changelog

    tenderlove authored
Commits on Jun 14, 2012
  1. @tenderlove

    adding a test for #6459

    tenderlove authored
Commits on Jun 12, 2012
  1. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Jun 11, 2012
  1. @tenderlove

    bumping version numbers

    tenderlove authored
  2. @tenderlove
  3. @tenderlove
  4. @tenderlove
Commits on May 31, 2012
  1. @tenderlove

    bumping to 3.1.5

    tenderlove authored
  2. @tenderlove

    updating the CHANGELOG

    tenderlove authored
  3. @tenderlove

    Merge branch '3-1-stable-sec' into 3-1-rel

    tenderlove authored
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. @tenderlove

    Strip [nil] from parameters hash.

    tenderlove authored
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
Commits on May 28, 2012
  1. @tenderlove

    bumping to 3.1.5.rc1

    tenderlove authored
Commits on May 13, 2012
  1. @rafaelfranca

    Merge pull request #3237 from sakuro/data-url-scheme

    rafaelfranca authored
    Support data: url scheme
  2. @guilleiguaran
Commits on May 10, 2012
  1. @pixeltrix
  2. @pixeltrix

    Refactor the handling of default_url_options in integration tests

    pixeltrix authored
    This commit improves the handling of default_url_options in integration
    tests by making behave closer to how a real application operates.
    
    Specifically the following issues have been addressed:
    
    * Options specified in routes.rb are used (fixes #546)
    * Options specified in controllers are used
    * Request parameters are recalled correctly
    * Tests can override default_url_options directly
Commits on May 4, 2012
  1. @route
Commits on May 2, 2012
  1. @pixeltrix

    Reset the request parameters after a constraints check

    pixeltrix authored
    A callable object passed as a constraint for a route may access the request
    parameters as part of its check. This causes the combined parameters hash
    to be cached in the environment hash. If the constraint fails then any subsequent
    access of the request parameters will be against that stale hash.
    
    To fix this we delete the cache after every call to `matches?`. This may have a
    negative performance impact if the contraint wraps a large number of routes as the
    parameters hash is built by merging GET, POST and path parameters.
    
    Fixes #2510.
    (cherry picked from commit 5603050)
Commits on Apr 30, 2012
  1. @willbryant @drogus

    fix the Flash middleware loading the session on every request (very d…

    willbryant authored drogus committed
    …angerous especially with Rack::Cache), it should only be loaded when the flash method is called
Commits on Apr 29, 2012
  1. @pixeltrix
  2. @pixeltrix

    Don't convert params if the request isn't HTML - fixes #5341

    pixeltrix authored
    (cherry picked from commit d6bbd33)
Commits on Mar 31, 2012
  1. @arunagw

    CHANGELOG entry added

    arunagw authored
  2. @arunagw

    :subdomain can now be specified with a value of false in url_for,

    arunagw authored
    allowing for subdomain(s) removal from the host during link generation. 
    
    Closes #4083
    
    cherry-picked from 
    
    de942e5
    96aa3bd
Commits on Mar 27, 2012
  1. @josevalim @drogus

    Avoid inspecting the whole route set, closes #1525

    josevalim authored drogus committed
Commits on Mar 26, 2012
  1. @carlosantoniodasilva

    Return the same session data object when setting session id

    carlosantoniodasilva authored
    Make sure to return the same hash object instead of returning a new one.
    Returning a new one causes failures on cookie store tests, where it
    tests for the 'Set-Cookie' header with the session signature.
    
    This is due to the hash ordering changes on Ruby 1.8.7-p358.
Commits on Mar 19, 2012
  1. @arunagw
Commits on Mar 15, 2012
  1. @tenderlove

    Merge pull request #5457 from brianmario/typo-fix

    tenderlove authored
    Fix typo in redirect test
Something went wrong with that request. Please try again.