Commits on Jan 8, 2013
Commits on Jan 3, 2013
  1. Merge pull request #6722 from adgear/2-3-stable

    Backported rails 2.3 fix for CVE-2012-2695
    tenderlove committed Jan 3, 2013
Commits on Jan 2, 2013
Commits on Dec 23, 2012
Commits on Jun 13, 2012
  1. Fix SQL injection via nested hashes in conditions

    Justin Collins committed with minaguib Jun 2, 2012
Commits on Mar 29, 2012
  1. Merge pull request #5653 from eee-c/patch-1

    Doc fixes in 2.3: validates_length_of
    fxn committed Mar 29, 2012
Commits on Dec 31, 2011
  1. Merge pull request #4247 from amatsuda/hashdos_23

    bump up rack version to the one that includes the Hash DoS fix
    josevalim committed Dec 31, 2011
Commits on Dec 29, 2011
  1. Merge pull request #4202 from dasch/request-remote-ip

    Fix bug in `ActionController::Request#remote_ip`
    tenderlove committed Dec 29, 2011
Commits on Dec 27, 2011
  1. Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty

    If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
    list of IP addresses from it.
    dasch committed Dec 27, 2011
Commits on Aug 16, 2011
  1. fixing sql injection problem

    tenderlove committed Aug 16, 2011
  2. 2.3.14. yay. :'(

    tenderlove committed Aug 16, 2011
  3. bumping to 2.3.13

    tenderlove committed Aug 16, 2011
  4. adding notification for rdoc

    tenderlove committed Aug 16, 2011
Commits on Aug 4, 2011
Commits on Jul 27, 2011
  1. contrib app minor tweak

    fxn committed Jul 27, 2011
Commits on Jun 17, 2011
  1. Merge pull request #1740 from Antiarchitect/2-3-stable

    Fix OrderedHash merging with block given.
    josevalim committed Jun 17, 2011
Commits on Jun 16, 2011
Commits on Jun 9, 2011
  1. Remove deprecation warning for ActiveRecord::Errors#generate_message.…

    … This is the same API that ActiveModel ended up using and that won't be changing.
    bcardarella committed with tenderlove Jun 9, 2011
Commits on Jun 7, 2011
Commits on May 25, 2011
  1. + Switched to newer rdoc and gem package tasks (and their requires).

    + Fixed deprecated usage in gemspecs.
    Bumped the version to 2.3.12 so I could test locally with actual
    installs. If this is bad form for this project, please beat me up and
    I'll split them out.
    zenspider committed May 25, 2011
Commits on May 12, 2011
  1. Removed the bulk of the deprecations by simply not calling refresh.

    This may cause problems. I dunno.
    The real solution is to get rid of all of this mess and use gem paths properly.
    zenspider committed May 12, 2011
  2. Fixed buggy gem activation. Don't pass a dependency to gem, pass the

    name and requirement. Better, just activate the spec for the
    dependency (1.8 only)
    zenspider committed May 12, 2011
  3. Removed buggy GemDependency#requirement override. Overrides should NE…

    …VER change the semantics of the parent (returning nil if default).
    zenspider committed May 12, 2011
Commits on Apr 28, 2011
  1. Merged pull request #198 from robdimarco/2-3-stable.

    Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
    josevalim committed Apr 28, 2011
  2. Merged pull request #331 from daphonz/2-3-stable.

    Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
    josevalim committed Apr 28, 2011
  3. Fixing dynamic finders on associations to properly send arguments to …

    …the find_by_* method. Closes issue #330.
    Commit fdfc8e3 introduced a bugfix to prevent additional values passed
    to a dynamic find_or_create_by_x methods from confusing the finder.
    This patch also broke the essential behavior of this method on an
    association by incorrectly sending arguments to the find_by_x methods.
    The finder method would always see its inputs as a single array of
    values instead of individual arguments, almost guaranteeing that the
    finder call would be incorrect, and that we'd always create a new
    record instead.
    This patch adds a splat operator to the parameter array we send along to
    the dynamic finder so that it receives its inputs correctly, and
    includes an additional test to ensure that repeated calls to
    find_or_create_by_x only creates one new record.
    daphonz committed Apr 28, 2011