Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Apr 14, 2011
  1. @spastorino
Commits on Apr 5, 2011
  1. @tenderlove

    Merge branch '3-0-6' into 3-0-stable

    tenderlove authored
    * 3-0-6:
      bumping version to 3.0.6
      updating CHANGELOG
      updating CHANGELOG for actionpack
      do not return html safe strings from auto_link
      bumping to 3.0.6.rc2
      Support both conventions for translations for namespaced models.
      Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns.
      Bring back i18n_key to avoid regression
      Revert "Improve testing of cookies in functional tests:"
      bumping version to 3.0.6.rc1
      updating AR changelog
  2. @tenderlove

    bumping version to 3.0.6

    tenderlove authored
  3. @tenderlove
Commits on Mar 31, 2011
  1. @tenderlove

    bumping to 3.0.6.rc2

    tenderlove authored
Commits on Mar 29, 2011
  1. @tenderlove
  2. @josevalim
Commits on Mar 28, 2011
  1. @tenderlove
  2. @sikachu @tenderlove

    Do not show optional (.:format) block for wildcard route [#6605 state…

    sikachu authored tenderlove committed
    …:resolved]
    
    This will make the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default
    
    This commit is the second attempt on fixing the issue, as the regular expression on another commit on `master` was invalid.
Commits on Mar 24, 2011
  1. @joshk @spastorino

    correction to the outputted controller name in the diagnostics error …

    joshk authored spastorino committed
    …template, test included
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Mar 23, 2011
  1. @pixeltrix

    Fix filter :only and :except with implicit actions

    pixeltrix authored
    The method_name argument is "default_render" for implicit actions
    so use the action_name attribute to determine which callbacks to run.
    
    [#5673 state:resolved]
Commits on Mar 16, 2011
  1. @joshk @spastorino

    fixes an issue with number_to_human when converting values which are …

    joshk authored spastorino committed
    …less than 1 but greater than -1 [#6576 state:resolved]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Mar 10, 2011
  1. @fxn

    Filter sensitive query string parameters in the log [#6244 state:comm…

    fxn authored
    …itted]
    
    This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
    
    Signed-off-by: Xavier Noria <fxn@hashref.com>
Commits on Mar 9, 2011
  1. @pixeltrix
Commits on Mar 6, 2011
  1. @pixeltrix

    Improve testing of cookies in functional tests:

    pixeltrix authored
    - cookies can be set using string or symbol keys
    - cookies are preserved across calls to get, post, etc.
    - cookie names and values are escaped
    - cookies can be cleared using @request.cookies.clear
    
    [#6272 state:resolved]
  2. @pixeltrix
Commits on Mar 2, 2011
  1. @chuyeow @spastorino

    Fix Action caching bug where an action that has a non-cacheable respo…

    chuyeow authored spastorino committed
    …nse always renders a nil response body. It now correctly renders the response body.
    
    Note that only GET and HTTP 200 responses can be cached.
    
    [#6480 state:committed]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Feb 28, 2011
  1. @spastorino
  2. @svenfuchs @spastorino

    Make TranslationHelper#translate use the :rescue_format option in I18…

    svenfuchs authored spastorino committed
    …n 0.5.0 (backports 896e25e)
    
    Don't catch exceptions here. Instead only declare that we want exceptions to be rescued as :html, but also let users configure reactions to exceptions in I18n.
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Feb 27, 2011
  1. @tenderlove

    prepping for 3.0.5 release

    tenderlove authored
Commits on Feb 23, 2011
  1. @tenderlove

    updating to 3.0.5.rc1

    tenderlove authored
Commits on Feb 22, 2011
  1. @NZKoz

    Prepend the CSRF filter to make it much more difficult to execute app…

    NZKoz authored
    …lication code before it fires.
Commits on Feb 14, 2011
  1. @pixeltrix
  2. @pixeltrix
Commits on Feb 13, 2011
  1. @pixeltrix
  2. @pixeltrix
Commits on Feb 12, 2011
  1. @spastorino

    Backport fix from master: fields_for with inline blocks and nested at…

    spastorino authored
    …tributes already persisted does not render properly
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Feb 11, 2011
  1. @carlosantoniodasilva @spastorino

    Add missing deprecation require

    carlosantoniodasilva authored spastorino committed
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Commits on Feb 8, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 31, 2011
  1. @NZKoz

    Change the CSRF whitelisting to only apply to get requests

    NZKoz authored
    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
    
     X-CSRF-Token: ...
    
    This fixes CVE-2011-0447
  2. @josevalim @NZKoz

    Use Mime::Type references.

    josevalim authored NZKoz committed
  3. @josevalim @NZKoz

    Ensure render is case sensitive even on systems with case-insensitive…

    josevalim authored NZKoz committed
    … filesystems.
    
    This fixes CVE-2011-0449
  4. @NZKoz

    Be sure to javascript_escape the email address to prevent apostrophes…

    NZKoz authored
    … inadvertently causing javascript errors.
    
    This fixes CVE-2011-0446
Commits on Jan 30, 2011
  1. @NZKoz

    Prepare for the 3.0.4 release

    NZKoz authored
Commits on Jan 19, 2011
  1. @josevalim
Something went wrong with that request. Please try again.