Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 27, 2011
  1. @tenderlove

    prepping for 3.0.5 release

    tenderlove authored
Commits on Feb 23, 2011
  1. @tenderlove

    updating to 3.0.5.rc1

    tenderlove authored
Commits on Feb 22, 2011
  1. @NZKoz

    Prepend the CSRF filter to make it much more difficult to execute app…

    NZKoz authored
    …lication code before it fires.
Commits on Feb 14, 2011
  1. @pixeltrix
  2. @pixeltrix
  3. @pixeltrix
Commits on Feb 13, 2011
  1. @pixeltrix
  2. @pixeltrix
Commits on Feb 12, 2011
  1. @spastorino

    Backport fix from master: fields_for with inline blocks and nested at…

    spastorino authored
    …tributes already persisted does not render properly
    Signed-off-by: Santiago Pastorino <>
  2. @carlosantoniodasilva @spastorino

    Add tests showing the LH issue #6381: fields_for with inline blocks a…

    carlosantoniodasilva authored spastorino committed
    …nd nested attributes already persisted
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 11, 2011
  1. @carlosantoniodasilva @spastorino

    Add missing deprecation require

    carlosantoniodasilva authored spastorino committed
    Signed-off-by: Santiago Pastorino <>
Commits on Feb 8, 2011
  1. @NZKoz
  2. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Feb 3, 2011
  1. @spastorino

    Add a test for 'render :layout'

    Anton Astashov authored spastorino committed
    To make sure it will show block contents if it is placed after 'render
    [#5557 state:resolved]
    Signed-off-by: Santiago Pastorino <>
Commits on Jan 31, 2011
  1. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz authored
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
     X-CSRF-Token: ...
    This fixes CVE-2011-0447
  2. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim authored NZKoz committed
  3. @josevalim @NZKoz

    Ensure render is case sensitive even on systems with case-insensitive…

    josevalim authored NZKoz committed
    … filesystems.
    This fixes CVE-2011-0449
  4. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz authored
    … inadvertently causing javascript errors.
    This fixes CVE-2011-0446
Commits on Jan 30, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 19, 2011
  1. @josevalim
Commits on Jan 17, 2011
  1. @tenderlove
Commits on Jan 12, 2011
  1. @spastorino

    Reuse the view_context from the controller, this make the test enviro…

    spastorino authored
    …nment more similar to the code applications uses
  2. @tenderlove
  3. @tenderlove
  4. @spastorino
Commits on Jan 10, 2011
  1. @krekoten @jeremy
Commits on Jan 9, 2011
  1. @jrallison @jeremy

    Improve select helpers by allowing a selected value of false. This is…

    jrallison authored jeremy committed
    … useful when using a select helper with a boolean attribute, and the attribute is false. (e.g. :allow_comments)
Commits on Jan 4, 2011
  1. @lifo

    Bump rack-test version

    lifo authored
Commits on Dec 30, 2010
  1. @apotonick @wycats

    process_action accepts multiple args, even with Callbacks.

    apotonick authored wycats committed
Commits on Dec 22, 2010
  1. @spastorino

    This can make make included javascripts/stylesheets from expansions t…

    spastorino authored
    …o be duplicated
    or grow forever if you call register_*_expansion more than once
    Fix a Regression introduced here 55b13c5
Commits on Dec 18, 2010
  1. @dhh
  2. @dontangg @drogus
Commits on Dec 15, 2010
  1. @asanghi @fxn

    eternal confusion! fixed doco to inform correctly

    asanghi authored fxn committed
  2. @remear @fxn

    Added :placeholder option to ActionView::Helpers::FormTagHelper text_…

    remear authored fxn committed
  3. @radar @fxn

    Fix indentation on the namespace method's documentation

    radar authored fxn committed
Something went wrong with that request. Please try again.