* 3-2-stable-security: Ensure  respects the status of the buffer. delete vulnerable AS::SafeBuffer# use AS::SafeBuffer#clone_empty for flushing the output_buffer add AS::SafeBuffer#clone_empty fix output safety issue with select options
Remove reference to rails_legacy_mapper, which isn't compatible with 3.2...
…mplate is being rendered Closes #5025 part 2
Windows doesn't allow `\ / : * ? " < > |` in filenames so create the fixture files at runtime and ignore the incompatible ones when running on Windows.
RFC 3986 allows sub-delim characters in path segments unencoded, however Rack::File requires them to be encoded so we use URI's unescape method to leave them alone and then escape them again. Also since the path gets passed to Dir we need to escape any glob characters in the path. : http://www.ietf.org/rfc/rfc3986.txt
…given by googlebot
This fixes undef `to_str' for Rack::Chunked::Body when using caches_action + streaming on an action Closes #5027
Fix GH #4720. Routing problem with nested namespace and already camelized controller option.
ActionDispatch::Routing::RouteSet.url_for now handles passing params through to ActionDispatch::Http::Url.url_for
`ActionController.force_ssl` redirects http URLs to their https equivalent; however, when a URL contains a query string, the resulting redirect lacked the original query string.
Fix url_for method's behavior. GH #3684.
Fix override API response bug in respond_with
Fix GH #4873. Allow swapping same class middleware.
Default responder was only using the given respond block when user requested for HTML format, or JSON/XML format with valid resource. This fix the responder so that it will use the given block regardless of the validity of the resource. Note that in this case you'll have to check for object's validity by yourself in the controller. Fixes #4796
Re-launch assets:precompile task using original $0 if $0 is batch file so it works on Windows
…hidden-backport' into 3-2-stable