Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 23, 2011
  1. Aaron Patterson

    updating to 3.0.5.rc1

    tenderlove authored
Commits on Feb 22, 2011
  1. Michael Koziarski

    Prepend the CSRF filter to make it much more difficult to execute app…

    NZKoz authored
    …lication code before it fires.
Commits on Feb 14, 2011
  1. Andrew White
  2. Andrew White
  3. Andrew White
Commits on Feb 13, 2011
  1. Andrew White
  2. Andrew White
Commits on Feb 12, 2011
  1. Santiago Pastorino

    Backport fix from master: fields_for with inline blocks and nested at…

    spastorino authored
    …tributes already persisted does not render properly
    Signed-off-by: Santiago Pastorino <>
  2. Carlos Antonio da Silva Santiago Pastorino

    Add tests showing the LH issue #6381: fields_for with inline blocks a…

    carlosantoniodasilva authored spastorino committed
    …nd nested attributes already persisted
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 11, 2011
  1. Carlos Antonio da Silva Santiago Pastorino

    Add missing deprecation require

    carlosantoniodasilva authored spastorino committed
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 8, 2011
  1. Michael Koziarski
  2. Michael Koziarski

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Feb 3, 2011
  1. Santiago Pastorino

    Add a test for 'render :layout'

    Anton Astashov authored spastorino committed
    To make sure it will show block contents if it is placed after 'render
    [#5557 state:resolved]
    Signed-off-by: Santiago Pastorino <>
Commits on Jan 31, 2011
  1. Michael Koziarski

    Change the CSRF whitelisting to only apply to get requests

    NZKoz authored
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  2. José Valim Michael Koziarski

    Use Mime::Type references.

    josevalim authored NZKoz committed
  3. José Valim Michael Koziarski

    Ensure render is case sensitive even on systems with case-insensitive…

    josevalim authored NZKoz committed
    … filesystems.
    This fixes CVE-2011-0449
  4. Michael Koziarski

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz authored
    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
Commits on Jan 30, 2011
  1. Michael Koziarski

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 19, 2011
  1. José Valim
Commits on Jan 17, 2011
  1. Aaron Patterson
Commits on Jan 12, 2011
  1. Santiago Pastorino

    Reuse the view_context from the controller, this make the test enviro…

    spastorino authored
    …nment more similar to the code applications uses
  2. Aaron Patterson
  3. Aaron Patterson
  4. Santiago Pastorino
Commits on Jan 10, 2011
  1. Мар'ян Крекотень (Marjan Krekoteń) Jeremy Kemper
Commits on Jan 9, 2011
  1. John Allison Jeremy Kemper

    Improve select helpers by allowing a selected value of false. This is…

    jrallison authored jeremy committed
    … useful when using a select helper with a boolean attribute, and the attribute is false. (e.g. :allow_comments)
Commits on Jan 4, 2011
  1. Pratik

    Bump rack-test version

    lifo authored
Commits on Dec 30, 2010
  1. Nick Sutterer Yehuda Katz

    process_action accepts multiple args, even with Callbacks.

    apotonick authored wycats committed
Commits on Dec 22, 2010
  1. Santiago Pastorino

    This can make make included javascripts/stylesheets from expansions t…

    spastorino authored
    …o be duplicated
    or grow forever if you call register_*_expansion more than once
    Fix a Regression introduced here 55b13c5
Commits on Dec 18, 2010
  1. David Heinemeier Hansson
  2. Don Wilson Piotr Sarnacki
Commits on Dec 15, 2010
  1. Aditya Sanghi Xavier Noria

    eternal confusion! fixed doco to inform correctly

    asanghi authored fxn committed
  2. Ben Mills Xavier Noria

    Added :placeholder option to ActionView::Helpers::FormTagHelper text_…

    remear authored fxn committed
  3. Ryan Bigg Xavier Noria

    Fix indentation on the namespace method's documentation

    radar authored fxn committed
  4. Ryan Bigg Xavier Noria

    Remove nodoc from FormBuilder because the methods inside are public A…

    radar authored fxn committed
    …PI methods
Something went wrong with that request. Please try again.