Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v3.0.19
Commits on Jan 8, 2013
  1. Aaron Patterson

    bumping version

    tenderlove authored
  2. Jeremy Kemper Aaron Patterson
  3. Aaron Patterson

    * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …

    tenderlove authored
    …* dealing with empty hashes. Thanks Damien Mathieu
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    
    Conflicts:
    	actionpack/CHANGELOG.md
    	activerecord/CHANGELOG.md
    	activerecord/lib/active_record/relation/predicate_builder.rb
Commits on Dec 23, 2012
  1. Aaron Patterson

    bumping to 3.0.18

    tenderlove authored
  2. Aaron Patterson
  3. Aaron Patterson

    updating changelogs

    tenderlove authored
Commits on Aug 28, 2012
  1. Rafael Mendonça França
Commits on Aug 9, 2012
  1. Santiago Pastorino

    Merge pull request #7308 from amerine/3-0-stable

    spastorino authored
    Add html_escape note to CHANGELOG
  2. Mark Turner
  3. Santiago Pastorino

    Bump to 3.0.17

    spastorino authored
  4. Santiago Pastorino

    Add CHANGELOG entries

    spastorino authored
  5. Santiago Pastorino

    Do not mark strip_tags result as html_safe

    spastorino authored
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  6. Santiago Pastorino

    escape select_tag :prompt values

    spastorino authored
    CVE-2012-3463
Commits on Aug 8, 2012
  1. Rafael Mendonça França
  2. Santiago Pastorino Aaron Patterson

    html_escape should escape single quotes

    spastorino authored tenderlove committed
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb
Commits on Aug 4, 2012
  1. Andrew White

    Backport of fix from #5173 - fixes #7252

    pixeltrix authored
    Rather than use the MySQL specific TINYTEXT, MEDIUMTEXT and LONGTEXT
    datatypes, Active Record migrations use TEXT(n) where n is the limit
    specified by the developer. Unfortunately how MySQL interprets n
    depends on the column's encoding so any limit above 5592405 will be
    interpreted as a LONGTEXT when the encoding is UTF-8.
    
    This commit fixes this by interpreting the limit within the adapter
    and using the specific MySQL datatype as appropriate.
Commits on Jul 26, 2012
  1. Aaron Patterson

    bumping to 3.0.16

    tenderlove authored
  2. Aaron Patterson

    updating release date

    tenderlove authored
  3. Aaron Patterson

    updating changelog with CVE

    tenderlove authored
  4. Aaron Patterson
Commits on Jul 23, 2012
  1. Aaron Patterson

    updating changelogs

    tenderlove authored
Commits on Jun 13, 2012
  1. Aaron Patterson

    3.0.15

    tenderlove authored
  2. Aaron Patterson
Commits on Jun 12, 2012
  1. Aaron Patterson

    updating changelogs

    tenderlove authored
Commits on Jun 11, 2012
  1. Aaron Patterson

    bumping to 3.0.14

    tenderlove authored
  2. Aaron Patterson
  3. Aaron Patterson
  4. Aaron Patterson

    Merge branch '3-0-stable-sec' into 3-0-stable-rel

    tenderlove authored
    * 3-0-stable-sec:
      Array parameters should not contain nil values.
      Additional fix for CVE-2012-2661
  5. Toshinori Kajihara Aaron Patterson

    Fix GH #3163. Should quote database on mysql/mysql2.

    kennyj authored tenderlove committed
    Conflicts:
    
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    
    Conflicts:
    
    	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    
    Conflicts:
    
    	activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb
    	activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
    	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
    	activerecord/test/cases/adapters/mysql2/schema_test.rb
  6. Aaron Patterson
Commits on Jun 8, 2012
  1. Ernie Miller Aaron Patterson

    Additional fix for CVE-2012-2661

    ernie authored tenderlove committed
    While the patched PredicateBuilder in 3.0.13 prevents a user
    from specifying a table name using the `table.column` format,
    it doesn't protect against the nesting of hashes changing the
    table context in the next call to build_from_hash. This fix
    covers this case as well.
Commits on May 31, 2012
  1. Aaron Patterson

    Merge branch '3-0-rel' into 3-0-stable

    tenderlove authored
    * 3-0-rel:
      bumping to 3.0.13
      updating CHANGELOGs
      bumping to 3.0.13.rc1
  2. Aaron Patterson

    Merge branch '3-0-stable-sec' into 3-0-stable

    tenderlove authored
    * 3-0-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
  3. Aaron Patterson

    bumping to 3.0.13

    tenderlove authored
  4. Aaron Patterson

    updating CHANGELOGs

    tenderlove authored
Something went wrong with that request. Please try again.