Commits on Jun 10, 2009
  1. Whitelist the methods which are called by multiparameter attribute as…

    NZKoz committed Jun 10, 2009
    This prevents users from causing NoMethodErrors and the like by editing the parameter names, and closes a potential exploit of CVE-2009-1904.
Commits on Jun 9, 2009
  1. Fix incorrect specification path in GemDependency#from_directory_name

    al2o3cr committed with NZKoz Jun 9, 2009
    Signed-off-by: Michael Koziarski <>
  2. Sanitized the id generated by text_area_tag helper method. text_area_…

    Stephen Anderson committed with NZKoz Jan 6, 2009
    …tag('item[description]') should return: <textarea id="item_description" name="item[description]"></textarea> instead of: <textarea id="item[description]" name="item[description]"></textarea> The old id was causing HTML validation failures.
    Signed-off-by: Michael Koziarski <>
  3. Made label target radio button tags with values. Radio button now res…

    dsboulder committed with NZKoz Mar 11, 2009
    …pects inherited :index options when generating id.
    Signed-off-by: Michael Koziarski <>
  4. 1.9 compatibility - don't pass an array as the from address as this e…

    Friedrich Göpel committed with NZKoz Jun 9, 2009
    …nds up generating invalid SMTP commands.
  5. Fixes #2439. ActionController::Integration::Session no longer mangles…

    steveluscher committed with NZKoz Apr 7, 2009
    … multiparameter attribute params when processing multipart requests.
    Signed-off-by: Michael Koziarski <>
  6. PostgreSQL adapter should call thread safe quote_string function

    libc committed with NZKoz Apr 23, 2009
    Signed-off-by: Michael Koziarski <>
  7. Change autoload declaration in ActionView::Helpers from JavascriptHel…

    tomafro committed with NZKoz May 22, 2009
    …per to JavascriptHelper, matching the actual helper name. Also removed require from UrlHelper which was inadvertently preventing the autoload typo from causing a failure.
    Signed-off-by: Michael Koziarski <>
  8. Revert "Ensure HasManyThroughAssociation#destroy delete orphan records"

    NZKoz committed Jun 9, 2009
    This reverts commit 7a85927.
    There's still some debate about the intended behaviour in the ticket, leaving in master but removing prior to shipping 2.3.3
  9. Fix several issues with the 2.3.2 gem loader.

    al2o3cr committed with NZKoz Jun 6, 2009
    Incorporates the following:
    - migrates back small change to gems:build:force from bfc1609 to finish closing #2266.
    - unrolls to_proc calls in gems.rake, to match the change in master.
    - fixes #2722 by passing the options hash to dependencies during build. (includes a test)
    - fixes #2721 by loading the specification directly in from_directory_name. Adds an option to opt-out of specification loading when needed (in gems:refresh_specs, for instance). Includes tests.
    - fixes #2679 by refreshing specs for all frozen gems rather than just gems loaded from the environment.
    - fixes #2678 by passing the options hash to dependencies during unpack.
    Signed-off-by: Michael Koziarski <>
  10. A test to show that http_authentication needs to fail authentication …

    nate committed with NZKoz May 26, 2009
    …if the password procedure returns nil. Also includes a fix to validate_digest_response to fail validation if the password procedure returns nil.
    Signed-off-by: Michael Koziarski <>
  11. Clearer String#first and #last edge cases. Fix that 'foo'.first(0) ==…

    jeremy committed Apr 20, 2009
    … 'foo' instead of ''
  12. Fix AR json encoding

    jeremy committed Jun 9, 2009
Commits on Jun 8, 2009
  1. Ruby 1.9: fix json encoding

    jeremy committed Jun 8, 2009
  2. Don't rely on Rails.logger

    jeremy committed Jun 8, 2009
Commits on Jun 6, 2009
  1. Work around a gem dependency edge case that prevents Rails from booti…

    knzconnor committed with jeremy May 21, 2009
    If you have a frozen gem with unfrozen dependencies (for instance if the
    dependency has native extensions so can't be frozen) you can have a
    nightmare upgrade problem, where you cannot rake gems:install, because
    rake is broken by a gem loading problem.
    If you bump up your frozen gem to a newer version that requires a newer
    dependency, everybody else on the team will have rake broken by that
    dependency mismatch, since you will have had to specify the dependency
    in your config.gems, otherwise nobody will have installed it, since the
    parent is frozen. And now the config.gems loading code will kill rake.
    [#2609 state:committed]
    Signed-off-by: Jeremy Kemper <>
Commits on Jun 1, 2009
  1. fix for IE incompatibility of :disable_with in submit_tag

    han committed with NZKoz Mar 27, 2009
    Signed-off-by: Michael Koziarski <>
  2. added a failing test case for counting has_many :through associations…

    ianterrell committed with NZKoz Mar 17, 2009
    … with scopes
    Signed-off-by: Michael Koziarski <>
  3. Revert "Ensure calculations respect scoped :select". Broke .count on …

    NZKoz committed Jun 1, 2009
    …a has_many :through association.
    This reverts commit 6543426.
Commits on May 30, 2009
  1. Revert "Only save the session if we're actually writing to it [#2703

    josh committed May 30, 2009
    This reverts commit 14edaa1.