Skip to content
This repository

Apr 15, 2011

  1. Santiago Pastorino

    Prepare for the 3.0.7.rc2 release

    spastorino authored

Apr 14, 2011

  1. Santiago Pastorino

    Prepare for the 3.0.7.rc1 release

    spastorino authored

Apr 05, 2011

  1. Aaron Patterson

    Merge branch '3-0-6' into 3-0-stable

    * 3-0-6:
      bumping version to 3.0.6
      updating CHANGELOG
      updating CHANGELOG for actionpack
      do not return html safe strings from auto_link
      bumping to 3.0.6.rc2
      Support both conventions for translations for namespaced models.
      Added back the use of the Reflection module's cached sanitized_conditions in an AssociationProxy. This was recently removed and when a has_one association with conditions is eager loaded the conditions would be sanitized once for every result row, causing a database hit to fetch the columns.
      Bring back i18n_key to avoid regression
      Revert "Improve testing of cookies in functional tests:"
      bumping version to 3.0.6.rc1
      updating AR changelog
    tenderlove authored
  2. Aaron Patterson

    bumping version to 3.0.6

    tenderlove authored
  3. Aaron Patterson

    do not return html safe strings from auto_link

    tenderlove authored

Mar 31, 2011

  1. Aaron Patterson

    bumping to 3.0.6.rc2

    tenderlove authored

Mar 29, 2011

  1. Aaron Patterson

    Revert "Improve testing of cookies in functional tests:"

    This reverts commit e2523ff.
    tenderlove authored
  2. José Valim

    Pass the proper method_name instead of hardcoding to action_name.

    josevalim authored

Mar 28, 2011

  1. Aaron Patterson

    bumping version to 3.0.6.rc1

    tenderlove authored
  2. Prem Sichanugrist

    Do not show optional (.:format) block for wildcard route [#6605 state…

    …:resolved]
    
    This will make the output of `rake routes` to be correctly match to the behavior of the application, as the regular expression used to match the path is greedy and won't capture the format part by default
    
    This commit is the second attempt on fixing the issue, as the regular expression on another commit on `master` was invalid.
    sikachu authored tenderlove committed

Mar 24, 2011

  1. Josh Kalderimis

    correction to the outputted controller name in the diagnostics error …

    …template, test included
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    joshk authored spastorino committed

Mar 23, 2011

  1. Andrew White

    Fix filter :only and :except with implicit actions

    The method_name argument is "default_render" for implicit actions
    so use the action_name attribute to determine which callbacks to run.
    
    [#5673 state:resolved]
    pixeltrix authored

Mar 16, 2011

  1. Josh Kalderimis

    fixes an issue with number_to_human when converting values which are …

    …less than 1 but greater than -1 [#6576 state:resolved]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    joshk authored spastorino committed

Mar 10, 2011

  1. Xavier Noria

    Filter sensitive query string parameters in the log [#6244 state:comm…

    …itted]
    
    This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens.
    
    Signed-off-by: Xavier Noria <fxn@hashref.com>
    fxn authored

Mar 09, 2011

  1. Andrew White

    Filter params that return nil for to_param

    pixeltrix authored

Mar 06, 2011

  1. Andrew White

    Improve testing of cookies in functional tests:

    - cookies can be set using string or symbol keys
    - cookies are preserved across calls to get, post, etc.
    - cookie names and values are escaped
    - cookies can be cleared using @request.cookies.clear
    
    [#6272 state:resolved]
    pixeltrix authored
  2. Andrew White

    Raise ArgumentError if route name is invalid [#6517 state:resolved]

    pixeltrix authored

Mar 02, 2011

  1. Cheah Chu Yeow

    Fix Action caching bug where an action that has a non-cacheable respo…

    …nse always renders a nil response body. It now correctly renders the response body.
    
    Note that only GET and HTTP 200 responses can be cached.
    
    [#6480 state:committed]
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    chuyeow authored spastorino committed

Feb 28, 2011

  1. Santiago Pastorino

    javascript_include_tag shouldn't raise if you register an expansion k…

    …ey with nil or [] value
    spastorino authored
  2. Sven Fuchs

    Make TranslationHelper#translate use the :rescue_format option in I18…

    …n 0.5.0 (backports 896e25e)
    
    Don't catch exceptions here. Instead only declare that we want exceptions to be rescued as :html, but also let users configure reactions to exceptions in I18n.
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    svenfuchs authored spastorino committed

Feb 27, 2011

  1. Aaron Patterson

    prepping for 3.0.5 release

    tenderlove authored

Feb 23, 2011

  1. Aaron Patterson

    updating to 3.0.5.rc1

    tenderlove authored

Feb 22, 2011

  1. Michael Koziarski

    Prepend the CSRF filter to make it much more difficult to execute app…

    …lication code before it fires.
    NZKoz authored

Feb 14, 2011

  1. Andrew White

    Fix named route helper for routes nested inside deeply nested resources

    [#6416 state:resolved]
    pixeltrix authored
  2. Andrew White

    Add notes on how to override the default :id constraint [#5994 state:…

    …resolved]
    pixeltrix authored

Feb 13, 2011

  1. Andrew White

    Remove incorrect assert_recognizes example

    pixeltrix authored
  2. Andrew White

    Fix assert_recognizes with block constraints [#5805 state:resolved]

    pixeltrix authored

Feb 12, 2011

  1. Santiago Pastorino

    Backport fix from master: fields_for with inline blocks and nested at…

    …tributes already persisted does not render properly
    
    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    spastorino authored

Feb 11, 2011

  1. Carlos Antonio da Silva

    Add missing deprecation require

    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    carlosantoniodasilva authored spastorino committed

Feb 08, 2011

  1. Michael Koziarski

    Prepare for the 3.0.4 release

    NZKoz authored

Jan 31, 2011

  1. Michael Koziarski

    Change the CSRF whitelisting to only apply to get requests

    Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:
    
     X-CSRF-Token: ...
    
    This fixes CVE-2011-0447
    NZKoz authored
  2. José Valim

    Use Mime::Type references.

    josevalim authored NZKoz committed
  3. José Valim

    Ensure render is case sensitive even on systems with case-insensitive…

    … filesystems.
    
    This fixes CVE-2011-0449
    josevalim authored NZKoz committed
  4. Michael Koziarski

    Be sure to javascript_escape the email address to prevent apostrophes…

    … inadvertently causing javascript errors.
    
    This fixes CVE-2011-0446
    NZKoz authored

Jan 30, 2011

  1. Michael Koziarski

    Prepare for the 3.0.4 release

    NZKoz authored
Something went wrong with that request. Please try again.