Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v3.2.16
Commits on Dec 3, 2013
  1. @tenderlove

    updating the changelog

    tenderlove authored
Commits on Dec 2, 2013
  1. @NZKoz @tenderlove

    Deep Munge the parameters for GET and POST

    NZKoz authored tenderlove committed
    The previous implementation of this functionality could be accidentally
    subverted by instantiating a raw Rack::Request before the first Rails::Request
    was constructed.
    
    Fixes CVE-2013-6417
    
    Conflicts:
    	actionpack/lib/action_dispatch/http/request.rb
  2. @NZKoz @tenderlove

    Stop using i18n's built in HTML error handling.

    NZKoz authored tenderlove committed
    i18n doesn't depend on active support which means it can't use our html_safe
    code to do its escaping when generating the spans.  Rather than try to sanitize
    the output from i18n, just revert to our old behaviour of rescuing the error
    and constructing the tag ourselves.
    
    Fixes: CVE-2013-4491
    
    Conflicts:
    	actionpack/lib/action_view/helpers/translation_helper.rb
    
    Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
  3. @NZKoz @tenderlove

    Escape the unit value provided to number_to_currency

    NZKoz authored tenderlove committed
    Fixes CVE-2013-6415
    
    Previously the values were trusted blindly allowing for potential XSS attacks.
Commits on Dec 1, 2013
  1. @tenderlove

    Only use valid mime type symbols as cache keys

    tenderlove authored
    CVE-2013-6414
Commits on Oct 16, 2013
  1. @tenderlove

    Merge branch '3-2-sec' into 3-2-stable

    tenderlove authored
    * 3-2-sec:
      updating changelogs
      bumping to 3.2.15
      bumping to rc3
      Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
      Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
      bumping to rc2
      Merge pull request #12443 from arthurnn/add_inverse_of_add_target
      bumping version to 3.2.15.rc1
      Remove the use of String#% when formatting durations in log messages
    
    Conflicts:
    	activerecord/CHANGELOG.md
  2. @tenderlove

    updating changelogs

    tenderlove authored
Commits on Oct 15, 2013
  1. @tenderlove

    bumping to 3.2.15

    tenderlove authored
  2. @tenderlove

    Merge branch '3-2-15' into 3-2-sec

    tenderlove authored
    * 3-2-15:
      bumping to rc3
      Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
      Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
      bumping to rc2
      Merge pull request #12443 from arthurnn/add_inverse_of_add_target
      bumping version to 3.2.15.rc1
      Fix STI scopes using benolee's suggestion. Fixes #11939
Commits on Oct 11, 2013
  1. @tenderlove

    bumping to rc3

    tenderlove authored
Commits on Oct 10, 2013
  1. @rafaelfranca

    Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"

    rafaelfranca authored
    This reverts commit ccd11d5, reversing
    changes made to 54c05ac.
    
    Reason: This caused a regression when the associated record is created
    in a before_create callback. See
    #12413 (comment)
  2. @rafaelfranca

    Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_ta…

    rafaelfranca authored
    …rget"
    
    This reverts commit 7ed5bdc, reversing
    changes made to 31c79e2.
    
    Reason: this caused a regression when the associated record is creted in
    a before_create callback.
    
    See #12413 (comment)
  3. @rafaelfranca

    Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"

    rafaelfranca authored
    This reverts commit ccd11d5, reversing
    changes made to 54c05ac.
    
    Reason: This caused a regression when the associated record is created
    in a before_create callback. See
    #12413 (comment)
  4. @rafaelfranca

    Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_ta…

    rafaelfranca authored
    …rget"
    
    This reverts commit 7ed5bdc, reversing
    changes made to 31c79e2.
    
    Reason: this caused a regression when the associated record is creted in
    a before_create callback.
    
    See #12413 (comment)
Commits on Oct 4, 2013
  1. @tenderlove

    bumping to rc2

    tenderlove authored
  2. @rafaelfranca

    Merge pull request #12443 from arthurnn/add_inverse_of_add_target

    rafaelfranca authored
    Add inverse of add target
  3. @rafaelfranca

    Merge pull request #12443 from arthurnn/add_inverse_of_add_target

    rafaelfranca authored
    Add inverse of add target
  4. @arthurnn
  5. @arthurnn

    Add back set_inverse_instance on .add_to_target

    arthurnn authored
    We must have it in there too, so when an existent record is being concat to another,
    we will have the inverse relation.
Commits on Oct 3, 2013
  1. @tenderlove
  2. @tenderlove

    Merge pull request #12084 from Ben-M/3-2-stable

    tenderlove authored
    Fix STI scopes using benolee's suggestion. Fixes #11939
  3. @tenderlove

    Merge branch '3-2-stable' into 3-2-sec

    tenderlove authored
    * 3-2-stable:
      make sure both headers are set before checking for ip spoofing
      Move set_inverse_instance to association.build_record
Commits on Oct 1, 2013
  1. @pixeltrix

    Merge pull request #12410 from tamird/fix-ip-spoof-errors

    pixeltrix authored
    Fix ip spoof errors
Commits on Sep 30, 2013
  1. @NZKoz @tenderlove

    Remove the use of String#% when formatting durations in log messages

    NZKoz authored tenderlove committed
    This avoids potential format string vulnerabilities where user-provided
    data is interpolated into the log message before String#% is called.
  2. @rafaelfranca

    Merge pull request #12413 from arthurnn/inverse_of_on_build

    rafaelfranca authored
    Inverse of on build
  3. @arthurnn
Commits on Sep 29, 2013
  1. @rafaelfranca

    Merge pull request #12375 from arthurnn/inverse_after_find_or_initialize

    rafaelfranca authored
    Inverse after find or initialize
Commits on Sep 28, 2013
  1. @rafaelfranca

    Use Ruby 1.8 hash syntax

    rafaelfranca authored
Commits on Sep 26, 2013
  1. @arthurnn

    fix inverse_of when find_or_initialize_by_*

    arthurnn authored
    inverse_of relation was not being set when calling find_or_initialize_by_ and the entry was
    found on the db.
  2. @rafaelfranca

    Merge pull request #12364 from arthurnn/test_fix_validate

    rafaelfranca authored
    Fix query counters when testing with IdentityMap on 3.2
Commits on Sep 25, 2013
  1. @arthurnn
  2. @rafaelfranca

    Merge pull request #12359 from arthurnn/inverse_on_callbacks

    rafaelfranca authored
    Make sure inverse_of is visible on the has_many callbacks
    Conflicts:
    	activerecord/CHANGELOG.md
    	activerecord/test/models/company.rb
Commits on Sep 12, 2013
  1. @rafaelfranca

    Merge pull request #12196 from h-lame/fix-activesupport-cache-filesto…

    rafaelfranca authored
    …re-cleanup
    
    Fix FileStore#cleanup to no longer rely on missing each_key method
    Conflicts:
    	activesupport/CHANGELOG.md
    	activesupport/test/caching_test.rb
  2. @rafaelfranca

    Fix FinderMethods#last unscoped primary key

    Eugene Kalenkovich authored rafaelfranca committed
    Fixes table.joins(:relation).last(N) breaking on sqlite
    
    Conflicts:
    	activerecord/CHANGELOG.md
    	activerecord/test/cases/finder_test.rb
Something went wrong with that request. Please try again.