Permalink
Commits on Aug 9, 2012
  1. Bump to 3.2.8

    spastorino committed Aug 9, 2012
  2. Do not mark strip_tags result as html_safe

    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
    spastorino committed Aug 8, 2012
  3. escape select_tag :prompt values

    CVE-2012-3463
    spastorino committed Aug 8, 2012
Commits on Aug 3, 2012
  1. Bump to 3.2.8.rc2

    spastorino committed Aug 3, 2012
  2. Add CHANGELOG entry

    spastorino committed Aug 3, 2012
Commits on Aug 2, 2012
  1. More `:rails_env` cleanup.

    `Rails.env` already use development if ENV["RAILS_ENV"] is not present.
    rafaelfranca committed with spastorino Aug 2, 2012
  2. html_escape should escape single quotes

    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/form_tag_helper_test.rb
    	actionpack/test/template/text_helper_test.rb
    	actionpack/test/template/url_helper_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    spastorino committed Aug 1, 2012
  3. Use `:data => { :confirm => "Text" }` syntax instead of `:confirm` at

    the ERB scaffold generator.
    
    We are trying to teach the data attributes as best practices and
    `:confirm` will be deprecated in 4.0.
    rafaelfranca committed with spastorino Aug 2, 2012
  4. Do not consider the numeric attribute as changed if the old value is

    zero and the new value is not a string.
    
    Before this commit this was the behavior
    
    r = Review.find_by_issue(0)
    r.issue
    => 0
    r.changes
    => {}
    r.issue = 0
    => 0
    r.changed?
    => true
    r.changes
    => {"issue"=>[0,0]}
    
    Fixes #7237
    rafaelfranca committed with spastorino Aug 2, 2012
  5. Fix ActiveSupport integration with Mocha > 0.12.1

    Mocha 0.12.2 renames the Integration module to
    MonkeyPatching. This breaks the code Rails uses
    to retrieve the assertion counter from Mocha.
    ffmike committed with spastorino Aug 2, 2012
Commits on Aug 1, 2012
  1. This entry is wrong

    spastorino committed Aug 1, 2012
  2. Bump to 3.2.8.rc1

    spastorino committed Aug 1, 2012
  3. Revert "Deprecate `:mouseover` options for `image_tag` helper."

    This reverts commit 1aff772.
    
    Conflicts:
    	actionpack/CHANGELOG.md
    rafaelfranca committed Aug 1, 2012
  4. Revert "Deprecate ActiveSupport::JSON::Variable"

    This reverts commit bcfa013.
    rafaelfranca committed Aug 1, 2012
  5. Fix CHANGELOGS

    rafaelfranca committed Aug 1, 2012
  6. removes the deprecation of update_attribute

    Applying the new policy here to not deprecate stuff in point releases.
    fxn committed Aug 1, 2012
  7. revises the deprecation warning of update_attribute

    We have decided not to drop this important method in 4.0 and give
    it a longer deprecation cycle. On the other hand we do not expect
    to have update_column around for a long time, it is going to be
    replaced in favor of update_columns.
    fxn committed Aug 1, 2012
  8. Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Tex…

    …t' }` option"
    
    Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
    
    This reverts commit fc092a9.
    This reverts commit e9051e2.
    This reverts commit d47d6e7.
    This reverts commit 21141e7.
    rafaelfranca committed Aug 1, 2012
  9. Revert "Deprecating composed_of in ActiveRecord"

    This reverts commit 44b313b.
    rafaelfranca committed Aug 1, 2012
  10. Revert "Deprecate :finder_sql, :counter_sql, :insert_sql, :delete_sql."

    This reverts commit a79bfa9.
    
    Conflicts:
    	activerecord/CHANGELOG.md
    
    We shouldn't introducing deprecations in point releases.
    It will be deprecated in 4.0 instead.
    jonleighton committed Aug 1, 2012
  11. Add missing CHANGELOG entries

    [ci skip]
    spastorino committed Aug 1, 2012
  12. Merge pull request #7070 from jmazzi/3-2-stable

    Update documentation for Rails::Application#env_config
    rafaelfranca committed Aug 1, 2012
  13. Merge pull request #7147 from pferdefleisch/scaffold_controller_docs

    Updated scaffold_controller generator docs #7146
    rafaelfranca committed Aug 1, 2012
Commits on Jul 31, 2012
Commits on Jul 30, 2012
  1. Revert "Add update_columns and the suggestion of using update_columns

    instead of update_column"
    
    This reverts commit 9fa06c3.
    
    This reverts commit 17a64de.
    
    This reverts commit def9c85, reversing
    changes made to 6b7d26c.
    
    Reason: This was supposed to be released with 3.2.7 before the
    suggestion to use update_column. Since it was not release now is not
    good to suggest to use another method because it will confusing the
    people.
    rafaelfranca committed Jul 30, 2012
Commits on Jul 28, 2012
  1. removes the AR session store from eager loaded code [fixes #7160]

    See the comment in the file activerecord/lib/active_record.rb
    added by this patch for the rationale.
    fxn committed Jul 28, 2012
  2. Merge pull request #7187 from frodsan/fix_test_help

    Backport #6995 to 3-2 stable
    rafaelfranca committed Jul 28, 2012
  3. Backport #6995 to 3-2 stable

    Update `test_help` to config properly turn natural language option.
    Last versions of Turn don't monkey patch MiniTest to setup
    the natural language option. Here is an [example](https://github.com/TwP/turn/blob/master/try/test_autorun_minitest.rb#L3).
    
    This patches the following behaviour:
    
        $ rake test:units
        `<top (required)>': undefined method `use_natural_language_case_names='
        for MiniTest::Unit:Class (NoMethodError)
    Francesco Rodriguez committed Jul 28, 2012
  4. missing require: the AR session store depends on the AP abstract store

    This require makes the dependency even more clear.
    In particular we are eager loading the session
    store but that does not work if AR is used
    outside Rails, this patch is preliminary work
    in fixing #7160.
    fxn committed Jul 28, 2012
Commits on Jul 27, 2012
  1. adds a missing require from Active Support

    This file uses mattr_accessor.
    fxn committed Jul 27, 2012
  2. Only require the `:rails_env` task where is needed.

    `:rails_env` tasks is not needed in all the tasks that depends of
    `load_config`, only in the tasks that uses `Rails.env`.
    
    Since `:rails_env` task set the `Rails.env` to be "development" if it is
    not set we don't need the `||` statements too
    
    Fix #7175.
    rafaelfranca committed Jul 27, 2012
Commits on Jul 26, 2012
  1. Merge branch '3-2-rel' into 3-2-stable

    * 3-2-rel:
      updating release date
      bumping to 3.2.7
      updating the changelog
      * Do not convert digest auth strings to symbols. CVE-2012-3424
      updating the version
      updating changelogs
    tenderlove committed Jul 26, 2012