Permalink
Commits on Jan 28, 2013
  1. bumping version

    tenderlove committed Jan 28, 2013
  2. Add an OkJson backend and remove the YAML backend

    Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
    NZKoz committed with tenderlove Jan 23, 2013
Commits on Jan 24, 2013
  1. backporting deep_munge

    tenderlove committed Jan 24, 2013
  2. Squashed commit of the following:

    commit 9ef905f
    Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
    Date:   Tue Aug 7 22:38:40 2012 -0300
    
        Fix tests about single quote escaping
    
    commit 780a718
    Author: Santiago Pastorino <santiago@wyeworks.com>
    Date:   Tue Jul 31 22:25:54 2012 -0300
    
        html_escape should escape single quotes
    
        https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
        Closes #7215
    
        Conflicts:
        	actionpack/test/controller/new_base/render_template_test.rb
        	actionpack/test/template/asset_tag_helper_test.rb
        	actionpack/test/template/erb_util_test.rb
        	actionpack/test/template/javascript_helper_test.rb
        	actionpack/test/template/template_test.rb
        	activesupport/lib/active_support/core_ext/string/output_safety.rb
        	activesupport/test/core_ext/string_ext_test.rb
        	railties/test/application/assets_test.rb
    tenderlove committed Aug 8, 2012
  3. Do not mark strip_tags result as html_safe

    Thanks to Marek Labos & Nethemba
    spastorino committed with tenderlove Aug 8, 2012
  4. fixing load error messages

    tenderlove committed Jan 24, 2013
Commits on Jan 22, 2013
  1. Merge pull request #9030 from johndouthat/2-3-stable

    Add .gemspec files to 2-3-stable to help Bundler
    steveklabnik committed Jan 22, 2013
  2. Add gemspecs for bundler

    johndouthat committed Jan 21, 2013
Commits on Jan 20, 2013
  1. Fix for CVE-2013-0155

    ernie committed with guilleiguaran Jan 8, 2013
Commits on Jan 17, 2013
  1. Revert "bump up rack version to the one that includes the Hash DoS fix"

    Rack 1.1.3 also changes the Set-Cookie header to expects a
    newline-delimited string instead of an Array, which breaks Rails 2.3's
    expectations in a variety of ways.
    
    This reverts commit 27a508c.
    
    Conflicts:
    	actionpack/Rakefile
    jeremy committed Jan 17, 2013
Commits on Jan 8, 2013
Commits on Jan 3, 2013
  1. Merge pull request #6722 from adgear/2-3-stable

    Backported rails 2.3 fix for CVE-2012-2695
    tenderlove committed Jan 3, 2013
Commits on Jan 2, 2013
Commits on Dec 23, 2012
Commits on Jun 13, 2012
  1. Fix SQL injection via nested hashes in conditions

    Justin Collins committed with Mina Naguib Jun 2, 2012
Commits on Mar 29, 2012
  1. Merge pull request #5653 from eee-c/patch-1

    Doc fixes in 2.3: validates_length_of
    fxn committed Mar 29, 2012
Commits on Dec 31, 2011
  1. Merge pull request #4247 from amatsuda/hashdos_23

    bump up rack version to the one that includes the Hash DoS fix
    josevalim committed Dec 31, 2011
Commits on Dec 29, 2011
  1. Merge pull request #4202 from dasch/request-remote-ip

    Fix bug in `ActionController::Request#remote_ip`
    tenderlove committed Dec 29, 2011
Commits on Dec 27, 2011
  1. Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty

    If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
    list of IP addresses from it.
    dasch committed Dec 27, 2011
Commits on Aug 16, 2011
  1. fixing sql injection problem

    tenderlove committed Aug 16, 2011
  2. 2.3.14. yay. :'(

    tenderlove committed Aug 16, 2011
  3. bumping to 2.3.13

    tenderlove committed Aug 16, 2011
  4. adding notification for rdoc

    tenderlove committed Aug 16, 2011
Commits on Aug 4, 2011
Commits on Jul 27, 2011
  1. contrib app minor tweak

    fxn committed Jul 27, 2011
Commits on Jun 17, 2011
  1. Merge pull request #1740 from Antiarchitect/2-3-stable

    Fix OrderedHash merging with block given.
    josevalim committed Jun 17, 2011
Commits on Jun 16, 2011