Skip to content
Commits on Aug 9, 2012
  1. @spastorino

    escape select_tag :prompt values

    spastorino committed
    CVE-2012-3463
Commits on Aug 3, 2012
  1. @spastorino

    Bump to 3.2.8.rc2

    spastorino committed
Commits on Aug 2, 2012
  1. @spastorino

    html_escape should escape single quotes

    spastorino committed
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/form_tag_helper_test.rb
    	actionpack/test/template/text_helper_test.rb
    	actionpack/test/template/url_helper_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
Commits on Aug 1, 2012
  1. @spastorino

    Bump to 3.2.8.rc1

    spastorino committed
  2. @rafaelfranca
  3. @rafaelfranca

    Revert "Deprecate `:mouseover` options for `image_tag` helper."

    rafaelfranca committed
    This reverts commit 1aff772.
    
    Conflicts:
    	actionpack/CHANGELOG.md
  4. @rafaelfranca

    Fix CHANGELOGS

    rafaelfranca committed
  5. @rafaelfranca

    Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Tex…

    rafaelfranca committed
    …t' }` option"
    
    Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
    
    This reverts commit fc092a9.
    This reverts commit e9051e2.
    This reverts commit d47d6e7.
    This reverts commit 21141e7.
  6. @spastorino

    Add missing CHANGELOG entries

    spastorino committed
    [ci skip]
Commits on Jul 27, 2012
  1. @fxn

    adds a missing require from Active Support

    fxn committed
    This file uses mattr_accessor.
Commits on Jul 26, 2012
  1. @tenderlove

    updating release date

    tenderlove committed
  2. @tenderlove

    bumping to 3.2.7

    tenderlove committed
  3. @tenderlove

    updating the changelog

    tenderlove committed
  4. @tenderlove
Commits on Jul 23, 2012
  1. @tenderlove

    updating the version

    tenderlove committed
  2. @tenderlove

    updating changelogs

    tenderlove committed
  3. @pixeltrix

    Bump Journey requirements to 1.0.4

    pixeltrix committed
    There are some Action Pack tests for regressions from 3.1 that require
    a later version of Journey to pass so bump to the current version.
Commits on Jul 17, 2012
  1. @pixeltrix

    Add support for optional root segments containing slashes

    pixeltrix committed
    Optional segments with a root scope need to have the leading slash
    outside of the parentheses, otherwise the generated url will be empty.
    However if the route has non-optional elements then the leading slash
    needs to remain inside the parentheses otherwise the generated url
    will have two leading slashes, e.g:
    
    Blog::Application.routes.draw do
      get '/(:category)', :to => 'posts#index', :as => :root
      get '/(:category)/author/:name', :to => 'posts#author', :as => :author
    end
    
    $ rake routes
      root GET /(:category)(.:format)              posts#index
    author GET (/:category)/author/:name(.:format) posts#author
    
    This change adds support for optional segments that contain a slash,
    allowing support for urls like /page/2 for the root path, e.g:
    
    Blog::Application.routes.draw do
      get '/(page/:page)', :to => 'posts#index', :as => :root
    end
    
    $ rake routes
    root GET /(page/:page)(.:format) posts#index
    
    Fixes #7073
    (cherry picked from commit d8745de)
Commits on Jul 10, 2012
  1. Fixed bug creating invalid HTML in select options

    Rusty Geldmacher committed
    When a select tag is created for a field with errors, and that select
    tag has :prompt or :include_blank options, then the inserted first
    option will errantly have a <div class="field_with_errors"> wrapping
    it.
    
    See #7017
Commits on Jul 5, 2012
  1. @route

    Show in log correct wrapped keys

    route committed
Commits on Jul 3, 2012
  1. @mjtko @carlosantoniodasilva

    Fix NumberHelper options wrapping to prevent verbatim blocks being re…

    mjtko committed with carlosantoniodasilva
    …ndered instead of line continuations. While I'm at it, wrap long comment lines consistently.
    
    Conflicts:
    	actionpack/lib/action_view/helpers/number_helper.rb
    
    There was just one conflict related to the addition of the :format
    option to number_to_percentage.
Commits on Jun 19, 2012
  1. @carlosantoniodasilva

    Merge pull request #6649 from route/logger_in_metal_3_2

    carlosantoniodasilva committed
    Logger in metal backport for 3.2
Commits on Jun 16, 2012
  1. @arunagw
  2. @rafaelfranca

    Merge pull request #6752 from steveklabnik/fix_5680

    rafaelfranca committed
    Respect absolute paths in compute_source_path.
Commits on Jun 15, 2012
  1. @route

    Added test for case when view doesn't have logger method when using A…

    route committed
    …ctionController::Metal controller.
  2. @route
Commits on Jun 14, 2012
  1. @tenderlove

    adding a test for #6459

    tenderlove committed
Commits on Jun 13, 2012
  1. @spastorino
Commits on Jun 12, 2012
  1. @tenderlove

    updating changelogs

    tenderlove committed
Commits on Jun 11, 2012
  1. @tenderlove

    bumping version numbers

    tenderlove committed
  2. @tenderlove
  3. @tenderlove
Commits on Jun 9, 2012
  1. @arunagw

    Duplicate tests removed.

    arunagw committed
Commits on Jun 7, 2012
  1. @drogus

    Fix railties test suite

    drogus committed
    Apparently asset_environment should not be invoked if it's not needed.
    This fixes broken build by getting back to the code more similar to the
    version changed here: 5b0a891
  2. @drogus

    Fix asset tags for files with more than one dot

    drogus committed
    After the fix done in 39f9f02, there are cases that will not work
    correctly. If you have file with "2 extensions", like foo.min.js and you
    reference the file without extension, like:
    
        javascript_include_tag "foo.min"
    
    it will fail because sprockets finds foo.min.js with foo.min argument.
    
    This commit fixes this case and will get the right file even when
    referrencing it without extension.
    
    (closes #6598)
Something went wrong with that request. Please try again.