Skip to content
This repository

Nov 26, 2009

  1. Gabe da Silveira

    Make sure strip_tags removes tags which start with a non-printable ch…

    …aracter
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    gtd authored NZKoz committed
  2. Eric Chapweske

    Decode http_authentication creditentials without generating abitrary …

    …symbols.
    eac authored NZKoz committed

Nov 25, 2009

  1. Michael Koziarski

    Prepare for the 2.3.5 release

    NZKoz authored

Nov 23, 2009

  1. Joshua Peek

    Revert "Prefix Internet Explorer's accepted mime types with sensible …

    …defaults."
    
    IE XHR requests are misinterpreted as HTML instead of JS.
    
    This reverts commit c680f23.
    josh authored

Nov 18, 2009

  1. Jeremy Kemper

    Extract form_authenticity_param instance method so it's overridable i…

    …n subclasses
    jeremy authored

Nov 15, 2009

  1. Will Read

    Allow explicit placement of hidden id element for nested models.

    [#3259 state:resolved]
    
    Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
    TildeWill authored alloy committed

Nov 13, 2009

  1. Jeremy Kemper

    Ruby 1.9.2: StringIO no longer has #path

    jeremy authored
  2. Jeremy Kemper

    Ruby 1.9.2: prefer Array.wrap to [foo].flatten

    jeremy authored

Nov 12, 2009

  1. David Vrensk

    Rdoc for changes introduced in 6339e5d, 542d6a0.

    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    dvrensk authored jeremy committed

Nov 09, 2009

  1. Bryan Helmkamp

    Silence warning: instance variable @selected not initialized

    brynary authored
  2. Bryan Helmkamp

    Silence warning: instance variable @integration_session not initialized

    brynary authored
  3. Bryan Helmkamp

    Silence warning: instance variable @auto_index not initialized

    brynary authored
  4. Bryan Helmkamp

    Silence warning: instance variable @real_format not initialized

    brynary authored
  5. Bryan Helmkamp

    Silence warning: instance variable @controller not initialized

    brynary authored
  6. Bryan Helmkamp

    Silence warning: instance variable @session not initialized

    brynary authored
  7. Jeremy Kemper

    Merge commit 'brynary/2-3-stable' into 2-3-stable

    jeremy authored
  8. Bryan Helmkamp

    Silence warning: method redefined; discarding old template

    brynary authored
  9. Bryan Helmkamp

    Silence warning: method redefined; discarding old filename

    brynary authored
  10. Bryan Helmkamp

    Silence warning: discarding old h

    brynary authored
  11. Jeremy Kemper

    Bump Rack to 1.0.1. Ensure integration test input is ASCII.

    jeremy authored
  12. Bryan Helmkamp

    Fix Ruby warning: instance variable @loaded not initialized

    brynary authored
  13. Bryan Helmkamp

    Fix some Ruby warnings: `*' interpreted as argument prefix

    brynary authored

Nov 06, 2009

  1. Chris Hapgood

    Share ActionView::TestCase's output_buffer with view for concat support.

    [#3467 state:resolved]
    
    Signed-off-by: Eloy Duran <eloy.de.enige@gmail.com>
    cch1 authored alloy committed

Oct 28, 2009

  1. José Valim

    Make polymorphic_url work with symbols again and refactor it [#1384 s…

    …tatus:resolved]
    
    Signed-off-by: Joshua Peek <josh@joshpeek.com>
    josevalim authored josh committed

Oct 21, 2009

  1. Yehuda Katz

    Fixed HTTP digest to properly return 401 when the Authorization heade…

    …r has no nonce specified, or the Authorization header specifies Basic auth [#2968 state:resolved]
    wycats authored

Oct 17, 2009

  1. Travis Briggs

    Ensure number_to_human_size does not strip zeros from the end [#1763

    …state:resolved]
    
    Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
    audiodude authored NZKoz committed

Oct 15, 2009

  1. Michael Koziarski

    Backport the xss_safe? method for plugin authors targetting 2.3 and m…

    …aster
    NZKoz authored

Oct 14, 2009

  1. George Ogata

    Make IntegrationTest::Runner propagate method_missing to ancestors.

    Fixes RSpec integration example groups, which mixes its Matchers
    module into ActiveSupport::TestCase.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    oggy authored NZKoz committed
  2. Jeffrey Hardy

    CookieJar#delete should return the key's value, consistent with a Hash

    Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
    packagethief authored jeremy committed

Oct 08, 2009

  1. Michael Koziarski

    field_error_proc needs to return a safe string

    NZKoz authored
  2. Michael Koziarski

    Merge the prerequisites for on-by-default XSS escaping into rails.

    This consists of:
    
    * String#html_safe! a method to mark a string as 'safe'
    * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
    * Calls to String#html_safe! throughout the rails helpers
    * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
    
    Note, this does *not* give you on-by-default XSS escaping in 2.3 applications.  To get that you'll need to install a plugin:
    
    http://github.com/nzkoz/rails_xss
    NZKoz authored

Oct 07, 2009

  1. Explicitly require ActionController's CGI extensions so they're prope…

    …rly loaded before the first request.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    pivotal authored NZKoz committed

Oct 06, 2009

  1. Pratik

    Monkey patch Rack::Lint to allow string subclass body

    lifo authored

Oct 05, 2009

  1. Joshua Peek

    Coerce all out going body parts to Strings

    josh authored

Sep 28, 2009

  1. John Trupiano

    Introduce :almost keyword for distance_of_time_in_words. Make 1.75 da…

    …ys - 2 days return '2 days'.
    
    Signed-off-by: Michael Koziarski <michael@koziarski.com>
    [#3266 state:committed]
    jtrupiano authored NZKoz committed
Something went wrong with that request. Please try again.