Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on May 31, 2012
  1. @tenderlove

    bumping to 3.1.5

    tenderlove authored
  2. @tenderlove

    updating the CHANGELOG

    tenderlove authored
  3. @tenderlove

    Merge branch '3-1-stable-sec' into 3-1-rel

    tenderlove authored
    * 3-1-stable-sec:
      Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
      predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Commits on May 30, 2012
  1. @tenderlove

    Strip [nil] from parameters hash.

    tenderlove authored
    Thanks to Ben Murphy for reporting this!
    
    CVE-2012-2660
Commits on May 28, 2012
  1. @tenderlove

    bumping to 3.1.5.rc1

    tenderlove authored
Commits on May 13, 2012
  1. @rafaelfranca

    Merge pull request #3237 from sakuro/data-url-scheme

    rafaelfranca authored
    Support data: url scheme
  2. @guilleiguaran
Commits on May 10, 2012
  1. @pixeltrix
  2. @pixeltrix

    Refactor the handling of default_url_options in integration tests

    pixeltrix authored
    This commit improves the handling of default_url_options in integration
    tests by making behave closer to how a real application operates.
    
    Specifically the following issues have been addressed:
    
    * Options specified in routes.rb are used (fixes #546)
    * Options specified in controllers are used
    * Request parameters are recalled correctly
    * Tests can override default_url_options directly
Commits on May 4, 2012
  1. @route
Commits on May 2, 2012
  1. @pixeltrix

    Reset the request parameters after a constraints check

    pixeltrix authored
    A callable object passed as a constraint for a route may access the request
    parameters as part of its check. This causes the combined parameters hash
    to be cached in the environment hash. If the constraint fails then any subsequent
    access of the request parameters will be against that stale hash.
    
    To fix this we delete the cache after every call to `matches?`. This may have a
    negative performance impact if the contraint wraps a large number of routes as the
    parameters hash is built by merging GET, POST and path parameters.
    
    Fixes #2510.
    (cherry picked from commit 5603050)
Commits on Apr 30, 2012
  1. @willbryant @drogus

    fix the Flash middleware loading the session on every request (very d…

    willbryant authored drogus committed
    …angerous especially with Rack::Cache), it should only be loaded when the flash method is called
Commits on Apr 29, 2012
  1. @pixeltrix
  2. @pixeltrix

    Don't convert params if the request isn't HTML - fixes #5341

    pixeltrix authored
    (cherry picked from commit d6bbd33)
Commits on Mar 31, 2012
  1. @arunagw

    CHANGELOG entry added

    arunagw authored
  2. @arunagw

    :subdomain can now be specified with a value of false in url_for,

    arunagw authored
    allowing for subdomain(s) removal from the host during link generation. 
    
    Closes #4083
    
    cherry-picked from 
    
    de942e5
    96aa3bd
Commits on Mar 27, 2012
  1. @josevalim @drogus

    Avoid inspecting the whole route set, closes #1525

    josevalim authored drogus committed
Commits on Mar 26, 2012
  1. @carlosantoniodasilva

    Return the same session data object when setting session id

    carlosantoniodasilva authored
    Make sure to return the same hash object instead of returning a new one.
    Returning a new one causes failures on cookie store tests, where it
    tests for the 'Set-Cookie' header with the session signature.
    
    This is due to the hash ordering changes on Ruby 1.8.7-p358.
Commits on Mar 19, 2012
  1. @arunagw
Commits on Mar 15, 2012
  1. @tenderlove

    Merge pull request #5457 from brianmario/typo-fix

    tenderlove authored
    Fix typo in redirect test
  2. @tenderlove

    Merge pull request #5456 from brianmario/redirect-sanitization

    tenderlove authored
    Strip null bytes from Location header
Commits on Mar 7, 2012
  1. @arunagw
Commits on Mar 6, 2012
  1. @josevalim

    Use latest rack-cache.

    josevalim authored
Commits on Mar 1, 2012
  1. @tenderlove

    Merge branch '3-1-4' into 3-1-stable

    tenderlove authored
    * 3-1-4:
      bumping to 3.1.4
      Ensure [] respects the status of the buffer.
      updating RAILS_VERSION
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
  2. @tenderlove

    bumping to 3.1.4

    tenderlove authored
  3. @tenderlove

    Merge branch '3-1-stable-security' into 3-1-4

    tenderlove authored
    * 3-1-stable-security:
      Ensure [] respects the status of the buffer.
      use AS::SafeBuffer#clone_empty for flushing the output_buffer
      add AS::SafeBuffer#clone_empty
      fix output safety issue with select options
Commits on Feb 26, 2012
  1. @pixeltrix
Commits on Feb 25, 2012
  1. @glitterfang @vijaydev

    Fix typo in match :to docs

    glitterfang authored vijaydev committed
  2. @arunagw

    assert => assert_equal

    arunagw authored
  3. @arunagw

    fixed build for ruby187-p358

    arunagw authored
Commits on Feb 22, 2012
  1. @tenderlove

    updating RAILS_VERSION

    tenderlove authored
Commits on Feb 21, 2012
  1. @amatsuda @tenderlove
Commits on Feb 20, 2012
  1. @lest @tenderlove

    fix output safety issue with select options

    lest authored tenderlove committed
  2. @tenderlove
  3. @pixeltrix

    Remove fixture files with Windows incompatible filenames

    pixeltrix authored
    Windows doesn't allow `\ / : * ? " < > |` in filenames so create
    the fixture files at runtime and ignore the incompatible ones when
    running on Windows.
Something went wrong with that request. Please try again.