Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v2.3.11
Commits on Feb 8, 2011
  1. @NZKoz

    Prepare for the 2.3.11 release

    NZKoz authored
  2. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz authored
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  3. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz authored
    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
Commits on Feb 1, 2011
  1. @tenderlove

    fixing invalid yaml [#4418 state:resolved]

    tenderlove authored
    Signed-off-by: Jeremy Kemper <>
Commits on Jan 19, 2011
  1. @jamis

    Revert "make TestCaseTest work for pre-1.9 rubies, too"

    jamis authored
    This reverts commit 8378a44.
  2. @jamis
  3. @jamis

    Revert "rein in GC during tests by making them run (at most) once per…

    jamis authored
    … second"
    This reverts commit a0c761d.
  4. @jamis

    rein in GC during tests by making them run (at most) once per second

    jamis authored
    this can provide a significant performance boost during testing, by
    preventing the GC from running too frequently.
  5. @jamis

    scrub instance variables from test cases on teardown

    jamis authored
    this prevents test state from accumulating, resulting in leaked
    objects and slow tests due to overactive GC.
  6. @jamis
  7. @jrdioko @fxn

    Fix doc for #check_box [#6311 state:resolved]

    jrdioko authored fxn committed
    Signed-off-by: Xavier Noria <>
Commits on Jan 10, 2011
  1. @jeremy

    Revert "use Object#class instead of Object#type"

    jeremy authored
    This reverts commit 08d94d3.
Commits on Jan 9, 2011
  1. @bluetrans-deploy @jeremy

    use Object#class instead of Object#type

    bluetrans-deploy authored jeremy committed
Commits on Jan 2, 2011
  1. @mikel
  2. @mikel
Commits on Dec 19, 2010
  1. @NZKoz
Commits on Dec 7, 2010
  1. @NZKoz

    Revert "In nested_attributes when association is not loaded and assoc…

    NZKoz authored
    …iation record is saved then in memory record attributes should be saved"
    This reverts commit 12bbc34.
    It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3
  2. @willbryant @NZKoz

    Don't add non-new records back to the target array after loading targ…

    willbryant authored NZKoz committed
    …ets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on
    Signed-off-by: Michael Koziarski <>
Commits on Dec 1, 2010
  1. @paukul @josevalim

    Let Rack::Utils.set_cookie_header! create the Set-Cookie header inste…

    paukul authored josevalim committed
    …ad of manually fiddling with the response headers [#4941 state:resolved]
    Signed-off-by: José Valim <>
  2. @josevalim

    Revert "Fix AbstractStore so that it preserves Set-Cookie header as a…

    josevalim authored
    …n array, rather than as newline separated strings"
    This reverts commit 36b91e3.
Commits on Nov 16, 2010
  1. @acatighera @tenderlove
Commits on Nov 3, 2010
  1. @tomstuart @pixeltrix

    Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 st…

    tomstuart authored pixeltrix committed
    This is a backport of dd15a3f.
    Signed-off-by: Andrew White <>
Commits on Oct 27, 2010
  1. @pixeltrix
Commits on Oct 26, 2010
  1. @pixeltrix

    Don't create a deprecation proxy object if the variable was passed in…

    pixeltrix authored
    … local_assigns [#1671 state:resolved]
Commits on Oct 21, 2010
  1. @tenderlove

    removing space errors

    tenderlove authored
  2. @omarqureshi @tenderlove

    Fix AbstractStore so that it preserves Set-Cookie header as an array,…

    omarqureshi authored tenderlove committed
    … rather than as newline separated strings
  3. @ccabot @tenderlove

    bug 1108: yield to block provided to find_or_create_by_x

    ccabot authored tenderlove committed
    Starting in 2.3.8 we stopped yielding to blocks passed in to
    find_or_create_by_x methods.  This patch restores that behavior and
    adds a case to test it.
  4. @ccabot @tenderlove

    bug 1108: fix a bug with find_or_create_by and additional values

    ccabot authored tenderlove committed
    There was a bug with find_or_create_by_x introduced in 2.3.9 - if you
    included extra parameters for the create() then those parameters would
    confuse the find() so you'd never get to the create().  This patch
    filters the parameters so we only pass to find() the subset that it's
    interested in.  The code for the filtering was modelled on the code in
    base.rb's method_missing().
Commits on Oct 14, 2010
  1. @NZKoz

    Prepare for the 2.3.10 release

    NZKoz authored
  2. @NZKoz

    Revert 7d2173e which introduced a security vulnerability.

    NZKoz authored
    This addresses  CVE-2010-3933
Commits on Oct 11, 2010
  1. @gbuesing @josevalim

    require 'uri' in action_controller/url_rewriter [#5555 state:resolved]

    gbuesing authored josevalim committed
    Signed-off-by: José Valim <>
Commits on Oct 4, 2010
  1. @tenderlove
  2. @tenderlove
Commits on Sep 30, 2010
  1. @tenderlove

    fixing space errors

    tenderlove authored
  2. @marklazz @tenderlove

    AssociationCollection#include? working properly for objects added wit…

    marklazz authored tenderlove committed
    …h build method [#3472 state:resolved]
Something went wrong with that request. Please try again.