Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tag: v3.0.4
Commits on Feb 8, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 31, 2011
  1. @NZKoz
  2. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz authored
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
    
     X-CSRF-Token: ...
    
    This fixes CVE-2011-0447
  3. @tenderlove @NZKoz

    limit() should sanitize limit values

    tenderlove authored NZKoz committed
    This fixes CVE-2011-0448
  4. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim authored NZKoz committed
  5. @josevalim @NZKoz

    Ensure render is case sensitive even on systems with case-insensitive…

    josevalim authored NZKoz committed
    … filesystems.
    
    This fixes CVE-2011-0449
  6. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz authored
    … inadvertently causing javascript errors.
    
    This fixes CVE-2011-0446
Commits on Jan 30, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 29, 2011
  1. @mikel
Commits on Jan 28, 2011
  1. @spastorino

    Bump mail version up

    spastorino authored
Commits on Jan 24, 2011
  1. @tenderlove

    Merge remote branch 'jonleighton/deprecate_habtm_attributes-3-0-stabl…

    tenderlove authored
    …e' into 3-0-stable
    
    * jonleighton/deprecate_habtm_attributes-3-0-stable:
      Added deprecation warning for has_and_belongs_to_many associations where the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
Commits on Jan 19, 2011
  1. @jamis

    Revert "make TestCaseTest work for pre-1.9 rubies, too"

    jamis authored
    This reverts commit fd19ade.
  2. @jamis
  3. @jamis

    Revert "rein in GC during tests by making them run (at most) once per…

    jamis authored
    … second"
    
    This reverts commit 35984f5.
  4. @josevalim
  5. @josevalim

    Added a testcase for bug [#5329]

    Frank Fischer authored josevalim committed
    Signed-off-by: José Valim <jose.valim@gmail.com>
  6. @jamis

    rein in GC during tests by making them run (at most) once per second

    jamis authored
    this can provide a significant performance boost during testing, by
    preventing the GC from running too frequently.
  7. @jamis

    scrub instance variables from test cases on teardown

    jamis authored
    this prevents test state from accumulating, resulting in leaked
    objects and slow tests due to overactive GC.
  8. @jamis
Commits on Jan 18, 2011
  1. @tenderlove
  2. @NZKoz

    Use the derived request_method from AD::Request rather than the raw R…

    NZKoz authored
    …EQUEST_METHOD from rack.
    
    This takes _method into account so the log shows the method which ActionController sees.
Commits on Jan 17, 2011
  1. @tenderlove
Commits on Jan 16, 2011
  1. @jonleighton

    Added deprecation warning for has_and_belongs_to_many associations wh…

    jonleighton authored
    …ere the join table has additional attributes other than the keys. Access to these attributes is removed in 3.1. Please use has_many :through instead.
  2. @tenderlove
Commits on Jan 13, 2011
  1. @spastorino
  2. @spastorino

    One more missing require

    spastorino authored
  3. @spastorino

    Add missing require

    spastorino authored
  4. @tenderlove
Commits on Jan 12, 2011
  1. @spastorino
  2. @fxn

    upgrades RDoc and horo dependencies

    fxn authored
    RDoc 2.x was missing some stuff, let's align this with master
  3. @spastorino

    Reuse the view_context from the controller, this make the test enviro…

    spastorino authored
    …nment more similar to the code applications uses
  4. @tenderlove
  5. @tenderlove
  6. @tenderlove
  7. @tenderlove
Something went wrong with that request. Please try again.