Permalink
Commits on Sep 13, 2009
Commits on Sep 12, 2009
Commits on Sep 11, 2009
  1. Remove redundant checks for valid character regexp in ActiveSupport::…

    …Multibyte#clean and #verify.
    
    [#3181 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    bohford committed with jeremy Sep 10, 2009
Commits on Sep 8, 2009
  1. 1.9 compatible secure_compare

    NZKoz committed Sep 8, 2009
  2. Revert "Ruby 1.9: fix MessageVerifier#secure_compare"

    This reverts commit 91f65b7.
    
    MessageVerifier was never in 2.2
    NZKoz committed Sep 8, 2009
  3. Fix AS test breakage

    jeremy committed Sep 8, 2009
Commits on Sep 4, 2009
Commits on Aug 31, 2009
  1. Clean tag attributes before passing through the escape_once logic.

    Addresses CVE-2009-3009
    NZKoz committed Aug 31, 2009
  2. Add verify and clean methods to ActiveSupport::Multibyte.

    When accepting character input from outside of your application you can't
    blindly trust that all strings are properly encoded. With these methods
    you can check incoming strings and clean them up if necessary.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    
    Conflicts:
    
    	activesupport/lib/active_support/multibyte/chars.rb
    NZKoz committed Aug 31, 2009
Commits on Aug 23, 2009
  1. Fix timing attack vulnerability in the Cookie Store

    Use a constant-time comparison algorithm to compare the candidate HMAC with the calculated HMAC to prevent leaking information about the calculated HMAC
    NZKoz committed Aug 23, 2009
Commits on Apr 20, 2009
  1. Ensure JoinAssociation uses aliased table name when multiple associat…

    …ions have hash conditions on the same table
    lifo committed Apr 20, 2009
Commits on Apr 1, 2009
  1. Don't use the transaction instance method so that people with has_one…

    …/belongs_to :transaction aren't fubared
    
    [#1551 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    fcheung committed with lifo Dec 10, 2008
Commits on Mar 11, 2009
Commits on Feb 25, 2009
  1. Ruby 1.9 compat: silence a warning about regexp languages

    [#2050 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    samgranieri committed with jeremy Feb 23, 2009
  2. Fixed bug that makes named_scopes _forgot_ current scope

    Signed-off-by: rick <technoweenie@gmail.com>
    [#1960 #1677 state:resolved]
    oboxodo committed with technoweenie Feb 13, 2009
Commits on Feb 22, 2009
  1. Remove hardcoded number_of_capturesin ControllerSegment to allow rege…

    …xp requirements with capturing parentheses
    pixeltrix committed with NZKoz Feb 22, 2009
  2. Fix requirements regexp for path segments

    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    pixeltrix committed with NZKoz Jan 16, 2009
Commits on Feb 21, 2009
  1. Update changelog for URI.unescape fix

    [#2033 state:committed]
    jeremy committed Feb 21, 2009
  2. Broaden URI.unescape fix to all affected 1.9.x by checking for broken…

    … behavior instead of specific patchlevel
    jeremy committed Feb 21, 2009
  3. fix test data, should specify encoding to use multibyte chars on Ruby…

    … 1.9
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    moro committed with jeremy Feb 15, 2009
  4. Ruby 1.9.1p0's URI.decode() bug fix

    backport to fix Ruby 1.9.1p0 bug on [ruby-dev:38005].
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    moro committed with jeremy Feb 15, 2009
Commits on Feb 20, 2009
  1. Make atomic_write() puts the check_file in the cache dir, not in appl…

    …ication
    
    root [#1962 state:resolved]
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
    brunetton committed with josh Feb 20, 2009
Commits on Feb 17, 2009
  1. Ruby 1.9 compat: fix JSON decoding to work properly with multibyte va…

    …lues
    
    [#1969 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    amatsuda committed with jeremy Feb 14, 2009
Commits on Feb 12, 2009
  1. Allow memcache-client versions > 1.5.x to override bundled version

    Signed-off-by: Joshua Peek <josh@joshpeek.com>
    Joshua Sierles committed with josh Feb 12, 2009
Commits on Feb 10, 2009
Commits on Feb 6, 2009
  1. Handle every error that can come out of the Iconv branch by rescuing …

    …and returning nil
    
    [#1195 state:committed]
    
    Conflicts:
    
    	activesupport/lib/active_support/inflector.rb
    NZKoz committed Feb 6, 2009
Commits on Feb 5, 2009
  1. check for template with specified extension but without template hand…

    …ler extension [#1798 state:resolved]
    
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
    dguettler committed with josh Feb 5, 2009
Commits on Jan 29, 2009