Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tag: v3.2.8
Commits on Aug 9, 2012
  1. @spastorino

    Bump to 3.2.8

    spastorino authored
  2. @spastorino
  3. @spastorino

    Do not mark strip_tags result as html_safe

    spastorino authored
    Thanks to Marek Labos & Nethemba
    
    CVE-2012-3465
  4. @spastorino

    escape select_tag :prompt values

    spastorino authored
    CVE-2012-3463
Commits on Aug 3, 2012
  1. @spastorino

    Bump to 3.2.8.rc2

    spastorino authored
  2. @spastorino

    Add CHANGELOG entry

    spastorino authored
Commits on Aug 2, 2012
  1. @rafaelfranca @spastorino

    More `:rails_env` cleanup.

    rafaelfranca authored spastorino committed
    `Rails.env` already use development if ENV["RAILS_ENV"] is not present.
  2. @rafaelfranca @spastorino

    Fix html_escape with Ruby 1.8

    rafaelfranca authored spastorino committed
  3. @spastorino

    html_escape should escape single quotes

    spastorino authored
    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215
    
    Conflicts:
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/form_tag_helper_test.rb
    	actionpack/test/template/text_helper_test.rb
    	actionpack/test/template/url_helper_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
  4. @rafaelfranca @spastorino

    Use `:data => { :confirm => "Text" }` syntax instead of `:confirm` at

    rafaelfranca authored spastorino committed
    the ERB scaffold generator.
    
    We are trying to teach the data attributes as best practices and
    `:confirm` will be deprecated in 4.0.
  5. @rafaelfranca @spastorino

    Do not consider the numeric attribute as changed if the old value is

    rafaelfranca authored spastorino committed
    zero and the new value is not a string.
    
    Before this commit this was the behavior
    
    r = Review.find_by_issue(0)
    r.issue
    => 0
    r.changes
    => {}
    r.issue = 0
    => 0
    r.changed?
    => true
    r.changes
    => {"issue"=>[0,0]}
    
    Fixes #7237
  6. @ffmike @spastorino

    Fix ActiveSupport integration with Mocha > 0.12.1

    ffmike authored spastorino committed
    Mocha 0.12.2 renames the Integration module to
    MonkeyPatching. This breaks the code Rails uses
    to retrieve the assertion counter from Mocha.
Commits on Aug 1, 2012
  1. @spastorino

    This entry is wrong

    spastorino authored
  2. @spastorino

    Bump to 3.2.8.rc1

    spastorino authored
  3. @rafaelfranca
  4. @rafaelfranca

    Revert "Deprecate `:mouseover` options for `image_tag` helper."

    rafaelfranca authored
    This reverts commit 1aff772.
    
    Conflicts:
    	actionpack/CHANGELOG.md
  5. @rafaelfranca

    Revert "Deprecate ActiveSupport::JSON::Variable"

    rafaelfranca authored
    This reverts commit bcfa013.
  6. @rafaelfranca

    Fix CHANGELOGS

    rafaelfranca authored
  7. @fxn

    removes the deprecation of update_attribute

    fxn authored
    Applying the new policy here to not deprecate stuff in point releases.
  8. @fxn

    revises the deprecation warning of update_attribute

    fxn authored
    We have decided not to drop this important method in 4.0 and give
    it a longer deprecation cycle. On the other hand we do not expect
    to have update_column around for a long time, it is going to be
    replaced in favor of update_columns.
  9. @rafaelfranca

    Revert "Deprecate `:confirm` in favor of `:data => { :confirm => 'Tex…

    rafaelfranca authored
    …t' }` option"
    
    Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
    
    This reverts commit fc092a9.
    This reverts commit e9051e2.
    This reverts commit d47d6e7.
    This reverts commit 21141e7.
  10. @rafaelfranca

    Revert "Deprecating composed_of in ActiveRecord"

    rafaelfranca authored
    This reverts commit 44b313b.
  11. @jonleighton

    Revert "Deprecate :finder_sql, :counter_sql, :insert_sql, :delete_sql."

    jonleighton authored
    This reverts commit a79bfa9.
    
    Conflicts:
    	activerecord/CHANGELOG.md
    
    We shouldn't introducing deprecations in point releases.
    It will be deprecated in 4.0 instead.
  12. @spastorino

    Add missing CHANGELOG entries

    spastorino authored
    [ci skip]
  13. @rafaelfranca

    Merge pull request #7070 from jmazzi/3-2-stable

    rafaelfranca authored
    Update documentation for Rails::Application#env_config
  14. @rafaelfranca

    Merge pull request #7147 from pferdefleisch/scaffold_controller_docs

    rafaelfranca authored
    Updated scaffold_controller generator docs #7146
Commits on Jul 31, 2012
  1. @rafaelfranca
Commits on Jul 30, 2012
  1. @rafaelfranca

    Revert "Add update_columns and the suggestion of using update_columns

    rafaelfranca authored
    instead of update_column"
    
    This reverts commit 9fa06c3.
    
    This reverts commit 17a64de.
    
    This reverts commit def9c85, reversing
    changes made to 6b7d26c.
    
    Reason: This was supposed to be released with 3.2.7 before the
    suggestion to use update_column. Since it was not release now is not
    good to suggest to use another method because it will confusing the
    people.
Commits on Jul 28, 2012
  1. @fxn

    removes the AR session store from eager loaded code [fixes #7160]

    fxn authored
    See the comment in the file activerecord/lib/active_record.rb
    added by this patch for the rationale.
  2. @rafaelfranca

    Merge pull request #7187 from frodsan/fix_test_help

    rafaelfranca authored
    Backport #6995 to 3-2 stable
  3. @frodsan

    Backport #6995 to 3-2 stable

    frodsan authored
    Update `test_help` to config properly turn natural language option.
    Last versions of Turn don't monkey patch MiniTest to setup
    the natural language option. Here is an [example](https://github.com/TwP/turn/blob/master/try/test_autorun_minitest.rb#L3).
    
    This patches the following behaviour:
    
        $ rake test:units
        `<top (required)>': undefined method `use_natural_language_case_names='
        for MiniTest::Unit:Class (NoMethodError)
  4. @fxn

    missing require: the AR session store depends on the AP abstract store

    fxn authored
    This require makes the dependency even more clear.
    In particular we are eager loading the session
    store but that does not work if AR is used
    outside Rails, this patch is preliminary work
    in fixing #7160.
Commits on Jul 27, 2012
  1. @fxn

    adds a missing require from Active Support

    fxn authored
    This file uses mattr_accessor.
  2. @rafaelfranca

    Only require the `:rails_env` task where is needed.

    rafaelfranca authored
    `:rails_env` tasks is not needed in all the tasks that depends of
    `load_config`, only in the tasks that uses `Rails.env`.
    
    Since `:rails_env` task set the `Rails.env` to be "development" if it is
    not set we don't need the `||` statements too
    
    Fix #7175.
Commits on Jul 26, 2012
  1. @tenderlove

    Merge branch '3-2-rel' into 3-2-stable

    tenderlove authored
    * 3-2-rel:
      updating release date
      bumping to 3.2.7
      updating the changelog
      * Do not convert digest auth strings to symbols. CVE-2012-3424
      updating the version
      updating changelogs
Something went wrong with that request. Please try again.