Permalink
Commits on Feb 8, 2011
  1. Prepare for the 3.0.4 release

    NZKoz committed Feb 8, 2011
Commits on Jan 31, 2011
  1. Make rails.js include the CSRF token in the X-CSRF-Token header with …

    …every ajax request.
    NZKoz committed Jan 12, 2011
  2. Change the CSRF whitelisting to only apply to get requests

    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
    
     X-CSRF-Token: ...
    
    This fixes CVE-2011-0447
    NZKoz committed Jan 5, 2011
  3. limit() should sanitize limit values

    This fixes CVE-2011-0448
    tenderlove committed with NZKoz Dec 7, 2010
  4. Use Mime::Type references.

    josevalim committed with NZKoz Nov 28, 2010
  5. Ensure render is case sensitive even on systems with case-insensitive…

    … filesystems.
    
    This fixes CVE-2011-0449
    josevalim committed with NZKoz Nov 28, 2010
  6. Be sure to javascript_escape the email address to prevent apostrophes…

    … inadvertently causing javascript errors.
    
    This fixes CVE-2011-0446
    NZKoz committed Dec 7, 2010
Commits on Jan 30, 2011
  1. Prepare for the 3.0.4 release

    NZKoz committed Jan 30, 2011
Commits on Jan 29, 2011
Commits on Jan 28, 2011
  1. Bump mail version up

    spastorino committed Jan 28, 2011
Commits on Jan 24, 2011
  1. Merge remote branch 'jonleighton/deprecate_habtm_attributes-3-0-stabl…

    …e' into 3-0-stable
    
    * jonleighton/deprecate_habtm_attributes-3-0-stable:
      Added deprecation warning for has_and_belongs_to_many associations where the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
    tenderlove committed Jan 24, 2011
Commits on Jan 19, 2011
  1. Revert "make TestCaseTest work for pre-1.9 rubies, too"

    This reverts commit fd19ade.
    jamis committed Jan 19, 2011
  2. Revert "scrub instance variables from test cases on teardown"

    This reverts commit 1e98920.
    jamis committed Jan 19, 2011
  3. Revert "rein in GC during tests by making them run (at most) once per…

    … second"
    
    This reverts commit 35984f5.
    jamis committed Jan 19, 2011
  4. Added a testcase for bug [#5329]

    Signed-off-by: José Valim <jose.valim@gmail.com>
    Frank Fischer committed with josevalim Jan 14, 2011
  5. rein in GC during tests by making them run (at most) once per second

    this can provide a significant performance boost during testing, by
    preventing the GC from running too frequently.
    jamis committed Jan 19, 2011
  6. scrub instance variables from test cases on teardown

    this prevents test state from accumulating, resulting in leaked
    objects and slow tests due to overactive GC.
    jamis committed Jan 19, 2011
Commits on Jan 18, 2011
  1. Use the derived request_method from AD::Request rather than the raw R…

    …EQUEST_METHOD from rack.
    
    This takes _method into account so the log shows the method which ActionController sees.
    NZKoz committed Jan 18, 2011
Commits on Jan 17, 2011
Commits on Jan 16, 2011
  1. Added deprecation warning for has_and_belongs_to_many associations wh…

    …ere the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
    jonleighton committed Jan 16, 2011
Commits on Jan 13, 2011
  1. One more missing require

    spastorino committed Jan 13, 2011
  2. Add missing require

    spastorino committed Jan 13, 2011
  3. include_in_memory? should check against @target list in case of new r…

    …ecords. [#6257 state:resolved]
    tenderlove committed Jan 13, 2011
Commits on Jan 12, 2011
  1. upgrades RDoc and horo dependencies

    RDoc 2.x was missing some stuff, let's align this with master
    fxn committed Jan 12, 2011
  2. Reuse the view_context from the controller, this make the test enviro…

    …nment more similar to the code applications uses
    spastorino committed Jan 12, 2011