Skip to content
This repository

Jan 08, 2013

  1. Jeremy Kemper

    CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.

    jeremy authored tenderlove committed

Aug 16, 2011

  1. Aaron Patterson

    fixing utf8 escape vulerability

    tenderlove authored

Sep 09, 2010

  1. Erik Michaels-Ober

    Fix typo in deprecation warning

    Object#returning should be Kernel#returning
    sferik authored wycats committed

Jul 25, 2010

  1. Santiago Pastorino

    Deprecates Object#returning in favor of Object#tap

    Signed-off-by: José Valim <jose.valim@gmail.com>
    spastorino authored josevalim committed
  2. Santiago Pastorino

    Changes the usage of Object#returning with Object#tap

    Signed-off-by: José Valim <jose.valim@gmail.com>
    spastorino authored josevalim committed

Jul 16, 2010

  1. Aaron Patterson

    backporting a couple missing files. sorry folks!

    tenderlove authored

Jul 15, 2010

  1. Aaron Patterson

    fixing performance regression from 2.3.5 -> 2.3.8

    tenderlove authored

Jun 05, 2010

  1. Xavier Noria

    deprecates Array#random_element in favor of Array#sample, backported …

    …from Ruby 1.9, thanks to Marc-Andre Lafortune
    fxn authored

May 26, 2010

  1. Santiago Pastorino

    removes an unneeded alias

    Signed-off-by: José Valim <jose.valim@gmail.com>
    spastorino authored josevalim committed

May 25, 2010

  1. Jeremy Kemper

    Shift SafeBuffer#concat responsibility over to rails_xss

    jeremy authored

May 24, 2010

  1. Jeremy Kemper

    Move tests for deprecated String#html_safe! to plugin

    jeremy authored
  2. Jeremy Kemper

    rails_xss handles deprecated String html safety, when installed

    jeremy authored

May 23, 2010

  1. Santiago Pastorino

    Make use of safe_concat on TextHelper concat

    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    spastorino authored jeremy committed
  2. Nathan Weizenbaum

    Don't incompatibly monkeypatch ERB.

    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    nex3 authored jeremy committed

May 18, 2010

  1. Xavier Noria

    1.9 compat: deprecated last_(month|year) in favor of prev_(month|year)

    fxn authored

May 17, 2010

  1. Rizwan Reza

    Deprecate Array#rand in favor of Array#random_element [#4555 stated:c…

    …ommitted]
    
    Signed-off-by: Xavier Noria <fxn@hashref.com>
    rizwanreza authored fxn committed

Apr 22, 2010

  1. Is not nessesary to have @_rails_html_safe instance var when the stri…

    …ng is unsafe, also it breaks to_yaml [#3535 state:committed]
    Sam Elliott and Santiago Pastorino authored NZKoz committed

Apr 17, 2010

  1. Mislav Marohnić

    `String#starts/ends_with?` should return false for non-string argumen…

    …t, not raise error
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    mislav authored jeremy committed

Apr 16, 2010

  1. Mislav Marohnić

    ruby 1.8.7 compat: `starts/ends_with?` doesn't cast to string

    `starts/ends_with?` methods shouldn't cast argument to string because
    ruby 1.8.7 doesn't seem to do that. for example:
    
        "foobar".ends_with?(:bar)
        # => true in ActiveSupport implementation, false in ruby 1.8.7
    
    [#3199 state:committed]
    
    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    mislav authored jeremy committed

Apr 12, 2010

  1. Anil Wadghule

    Fix for plugin not getting installed on Windows environment [#4320 st…

    …ate:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    anildigital authored josevalim committed

Apr 10, 2010

  1. Yaroslav Markin

    Fix Array#to_xml to produce valid markup when working with namespaced…

    … classes [#3624 state:resolved]
    
    Signed-off-by: José Valim <jose.valim@gmail.com>
    yaroslav authored josevalim committed

Apr 09, 2010

  1. Santiago Pastorino

    fix stack trace lines on class_eval

    Signed-off-by: José Valim <jose.valim@gmail.com>
    spastorino authored josevalim committed

Apr 01, 2010

  1. David Heinemeier Hansson

    Added Object#presence that returns the object if it's #present? other…

    …wise returns nil [DHH/Colin Kelley]
    dhh authored jeremy committed

Mar 28, 2010

  1. Santiago Pastorino

    backport of inconsistency with cattr_reader and matter_reader with so…

    …me tweaks
    
    Signed-off-by: wycats <wycats@gmail.com>
    spastorino authored wycats committed
  2. Santiago Pastorino

    flatten not needed here

    Signed-off-by: wycats <wycats@gmail.com>
    spastorino authored wycats committed
  3. Santiago Pastorino

    Time marshalling backported [#4286 state:committed]

    Signed-off-by: wycats <wycats@gmail.com>
    spastorino authored wycats committed

Mar 27, 2010

  1. Joe Rafaniello

    Marshaling a time object added an instance variable to the object whi…

    …ch affected the quoting of serialized attributes because the to_yaml of the original object did not match the to_yaml of the marshaled one. Also, Marshal.dump was modifying the source object which the client may not be aware of.
    
    Signed-off-by: wycats <wycats@gmail.com>
    jrafanie authored wycats committed

Mar 15, 2010

  1. Jeremy Kemper

    to_str works here

    jeremy authored

Mar 12, 2010

  1. Jeremy Kemper

    Be sure to pass through args to to_yaml

    jeremy authored
  2. Jeremy Kemper

    Write strings to fragment cache, not outputbuffers

    jeremy authored
  3. Jeremy Kemper

    OutputBuffer#to_yaml should return string yaml, not some custom class…

    … dump
    jeremy authored

Feb 25, 2010

  1. Jeremy Kemper

    Use Object#singleton_class instead of #metaclass. Prefer Ruby's choice.

    jeremy authored
  2. Jeremy Kemper

    Missed singleton_class

    jeremy authored

Feb 19, 2010

  1. Making SafeBuffer << an alias for concat method

    Santiago Pastorino and José Ignacio Costa authored Yehuda Katz committed

Feb 18, 2010

  1. Jeremy Kemper

    Use FileUtils.mv instead of rename to copy in case of cross-device links

    jeremy authored
Something went wrong with that request. Please try again.