Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 23, 2011
  1. @tenderlove

    updating to 3.0.5.rc1

    tenderlove committed
Commits on Feb 22, 2011
  1. @NZKoz

    Prepend the CSRF filter to make it much more difficult to execute app…

    NZKoz committed
    …lication code before it fires.
Commits on Feb 14, 2011
  1. @pixeltrix
  2. @pixeltrix
  3. @pixeltrix
Commits on Feb 13, 2011
  1. @pixeltrix
  2. @pixeltrix
Commits on Feb 12, 2011
  1. @spastorino

    Backport fix from master: fields_for with inline blocks and nested at…

    spastorino committed
    …tributes already persisted does not render properly
    Signed-off-by: Santiago Pastorino <>
  2. @carlosantoniodasilva @spastorino

    Add tests showing the LH issue #6381: fields_for with inline blocks a…

    carlosantoniodasilva committed with spastorino
    …nd nested attributes already persisted
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 11, 2011
  1. @carlosantoniodasilva @spastorino

    Add missing deprecation require

    carlosantoniodasilva committed with spastorino
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 8, 2011
  1. @NZKoz
  2. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz committed
Commits on Feb 3, 2011
  1. @spastorino

    Add a test for 'render :layout'

    Anton Astashov committed with spastorino
    To make sure it will show block contents if it is placed after 'render
    [#5557 state:resolved]
    Signed-off-by: Santiago Pastorino <>
Commits on Jan 31, 2011
  1. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz committed
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  2. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim committed with NZKoz
  3. @josevalim @NZKoz

    Ensure render is case sensitive even on systems with case-insensitive…

    josevalim committed with NZKoz
    … filesystems.
    This fixes CVE-2011-0449
  4. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz committed
    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
Commits on Jan 30, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz committed
Commits on Jan 19, 2011
  1. @josevalim
Commits on Jan 17, 2011
  1. @tenderlove
Commits on Jan 12, 2011
  1. @spastorino

    Reuse the view_context from the controller, this make the test enviro…

    spastorino committed
    …nment more similar to the code applications uses
  2. @tenderlove
  3. @tenderlove
  4. @spastorino
Commits on Jan 10, 2011
  1. @krekoten @jeremy
Commits on Jan 9, 2011
  1. @jrallison @jeremy

    Improve select helpers by allowing a selected value of false. This is…

    jrallison committed with jeremy
    … useful when using a select helper with a boolean attribute, and the attribute is false. (e.g. :allow_comments)
Commits on Jan 4, 2011
  1. @lifo

    Bump rack-test version

    lifo committed
Commits on Dec 30, 2010
  1. @apotonick @wycats
Commits on Dec 22, 2010
  1. @spastorino

    This can make make included javascripts/stylesheets from expansions t…

    spastorino committed
    …o be duplicated
    or grow forever if you call register_*_expansion more than once
    Fix a Regression introduced here 55b13c5
Commits on Dec 18, 2010
  1. @dhh
  2. @dontangg @drogus
Commits on Dec 15, 2010
  1. @asanghi @fxn
  2. @remear @fxn
  3. @radar @fxn
  4. @radar @fxn
Something went wrong with that request. Please try again.