Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: rails/rails
...
head fork: rails/rails
This comparison is big! We're only showing the most recent 250 commits
Commits on Dec 05, 2011
Aaron Patterson tenderlove Merge pull request #3860 from sumbach/test-return-value-from-require-…
…on-3-1-stable

Test return value from require on 3-1-stable
47bc206
Toshinori Kajihara kennyj Use show create table.
Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
8d55a6d
Commits on Dec 06, 2011
Santiago Pastorino spastorino Merge pull request #3428 from adrianpike/asset_path_conflicts
Issue #3427 - asset_path_conflicts
a2f4ef1
Santiago Pastorino spastorino Add CHANGELOG entry acfa6c7
Commits on Dec 08, 2011
Xavier Noria fxn use our own fork of sdoc while Vijay's fix is not applied to voloko/sdoc 1e001da
José Valim josevalim Improve cache on route_key lookup.
Conflicts:

	activemodel/lib/active_model/naming.rb
3952854
José Valim josevalim Remove NilClass whiners feature.
Removing this feature causes boost in performance when using Ruby 1.9.

Ruby 1.9 started to do implicit conversions using `to_ary` and `to_str`
in some STDLIB methods (like Array#join). To do such implicit conversions,
Ruby 1.9 always dispatches the method and rescues the NoMethodError exception
in case one is raised.

Therefore, since the whiners feature defined NilClass#method_missing, such
implicit conversions for nil became much, much slower. In fact, just defining
NilClass#method_missing (even without the whiners feature) already causes a
massive slow down. Here is a snippet that shows such slow down:

    require "benchmark"
    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }

    class NilClass
      def method_missing(*args)
        raise NoMethodError
      end
    end

    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }
4f0ff15
Vijay Dev vijaydev fix a bad url 92d24b7
Jon Leighton jonleighton Fix #3890. (Calling proxy_association in scope chain.)
Conflicts:

	activerecord/test/models/post.rb
63293d1
Aaron Patterson tenderlove load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
e568c67
Commits on Dec 10, 2011
Guillermo Iguaran guilleiguaran Add test to verify that therubyrhino isn't included when JRuby isn't …
…used
80b1d4d
José Valim josevalim Merge pull request #3705 from guilleiguaran/3-1-stable-therubyrhino
Added therubyrhino to default Gemfile under JRuby
d06c3b3
Arun Agrawal arunagw Fix broken encoding test 49bbdf2
José Valim josevalim Merge pull request #3928 from arunagw/fix_template_test
Fix template test
25ac7e4
Commits on Dec 13, 2011
Aaron Patterson tenderlove use Array#join so that file encoding doesn't impact returned string.
Fixes #3957
4371be2
Ryan Sandridge dissolved Fixing typo in Routing Guide. 50ac4a3
Ryan Sandridge dissolved Replacing vague mention of an unspecified section above with a link t…
…o the actual section containing Asset Organization.
ed89235
Mikhail Dieterle Mik-die Typo in list dced6d6
Commits on Dec 14, 2011
Jon Leighton jonleighton Fix #3672 again (dependent: delete_all perf)
Conflicts:

	activerecord/lib/active_record/associations/builder/has_many.rb
	activerecord/lib/active_record/associations/has_many_association.rb
b6ae05e
Xavier Noria fxn let sdoc say which version of rdoc we depend on
Conflicts:

	Gemfile
60a91f1
Commits on Dec 15, 2011
Jon Leighton jonleighton Fix #3987.
Conflicts:

	activerecord/lib/active_record/attribute_methods/primary_key.rb
	activerecord/test/cases/primary_keys_test.rb
df932c4
Commits on Dec 17, 2011
Santiago Pastorino spastorino Add campfire notifications for travis 2f7e701
Commits on Dec 18, 2011
Sergey Nartimov lest backport call scope within unscoped to prevent duplication of where v…
…alues
9f7fe5d
Commits on Dec 19, 2011
Jon Leighton jonleighton Don't notify campfire when the build keeps passing b9aabc7
Santiago Pastorino spastorino Merge pull request #4025 from arunagw/travis_sync
Travis sync
0479789
Commits on Dec 20, 2011
Guillermo Iguaran guilleiguaran Skip assets options in environments files when --skip-sprockets is used
Conflicts:

	railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt
	railties/test/generators/app_generator_test.rb
47bef33
Piotr Sarnacki drogus Ensure that files that compile to js/css are not compiled by default …
…with `rake assets:precompile`

This case was not tested and documentation was a bit confusing
on that topic, so it was not obvious if current code
works properly or not.
80c0517
Guillermo Iguaran guilleiguaran Use ProcessedAsset#pathname in Sprockets helpers when debugging is on…
…. Closes #3333 #3348 #3361.

Is wrong use ProcessedAsset#to_s since it returns the content of the file.
d7fbd63
Piotr Sarnacki drogus Clarify the default assets.precompile matcher behavior 169137f
Guillermo Iguaran guilleiguaran Skip assets groups if --skip-sprockets option is given
Conflicts:

	railties/test/generators/app_generator_test.rb
c32be81
José Valim josevalim Merge pull request #4058 from guilleiguaran/asset-pipeline-fixes
Backport multiple fixes for asset pipeline from master to 3-1-stable
c4b13a7
Guillermo Iguaran guilleiguaran Fix railties tests: I broke development.rb template during last merge d545642
José Valim josevalim Merge pull request #4065 from guilleiguaran/fix-railties-tests
Fix railties tests: I broke development.rb template during last merge
5ca308b
Arun Agrawal arunagw It should be README.rdoc fixes #4067 41803b2
Santiago Pastorino spastorino Merge pull request #4074 from arunagw/doc_fix
doc:rails fixed
2ddedac
Commits on Dec 21, 2011
Aaron Patterson tenderlove adding tests for #4029 040b794
Commits on Dec 22, 2011
Aaron Patterson tenderlove refactoring routing tests
Conflicts:

	actionpack/test/controller/routing_test.rb
3e00e1f
Aaron Patterson tenderlove rack bodies should be a list d538952
Commits on Dec 23, 2011
Arun Agrawal arunagw [docs] Added missing "}" fixes #4126 939183a
Commits on Dec 31, 2011
SHIBATA Hiroshi hsbt upgrade rack-1.3.6 16d4bc7
José Valim josevalim Merge pull request #4244 from hsbt/upgrade-rack-dependency
Upgrade rack dependency
8efb9e7
Commits on Jan 03, 2012
José Valim josevalim Override respond_to? since we are also overriding method_missing. 6d5a27a
Santiago Pastorino spastorino Pass extensions to javascript_path and stylesheet_path helpers. Closes b7c7f08
Commits on Jan 10, 2012
Piotr Sarnacki drogus Add ORIGINAL_FULLPATH to env
This behaves similarly to REQUEST_URI, but
we need to implement it on our own because
REQUEST_URI is not reliable.

Note that since PATH_INFO does not contain
information about trailing question mark,
this is not 100% accurate, for example
`/foo?` will result in `/foo` in ORIGINAL_FULLPATH
4d872d1
Piotr Sarnacki drogus Add original_fullpath and original_url methods to Request c2af40b
Piotr Sarnacki drogus Fix http digest authentication with trailing '/' or '?' (fixes #4038
…and #3228)
238d80c
Commits on Jan 11, 2012
Santiago Pastorino spastorino Merge pull request #4412 from kennyj/fix_3743
Fix GH #3743. We must specify an encoding in rdoc_option explicitly.
efa215a
Commits on Jan 12, 2012
Tom Stuart tomstuart Test ActiveRecord::Base#[]= as well as #write_attribute f22c36b
Tom Stuart tomstuart Test that #[] and #[]= keep working when #read_attribute and #write_a…
…ttribute are overridden
cda5094
Tom Stuart tomstuart Revert "Base#[] and Base#[]= are aliases so implement them as aliases…
… :)"

This reverts commit 21eadc1.
f707cda
Santiago Pastorino spastorino Merge pull request #4418 from tomstuart/read-and-write-attribute-alia…
…ses-3-1-stable

#[] and #[]= are no longer interchangeable with #read_attribute and #write_attribute (3-1-stable)
16f9511
Vijay Dev vijaydev First attempt at providing a 'what to update' section for Rails 3.1 18d67f5
Commits on Jan 13, 2012
Guillermo Iguaran guilleiguaran Update actionpack Changelog in 3-1-stable 28b0050
Vijay Dev vijaydev Merge pull request #4442 from guilleiguaran/3-1-changelogs
Update actionpack changelog in 3-1-stable
a677701
José Valim josevalim config.force_ssl should mark the session as secure. d209325
José Valim josevalim No AS::TestCase here. 98ac00c
Commits on Jan 16, 2012
Guillermo Iguaran guilleiguaran Mention how use config.assets.prefix to avoid conflicting with an exi…
…sting "/assets" route
f407ec5
Commits on Jan 21, 2012
Guillermo Iguaran guilleiguaran Add therubyracer gem commented in default Gemfile (3.1.x) bd5392c
Vijay Dev vijaydev Merge pull request #4579 from guilleiguaran/add-js-runtime-to-gemfile
Add therubyracer gem commented in default Gemfile (3.1.x)
db9b1a7
Commits on Jan 23, 2012
Piotr Sarnacki drogus Add ActiveModel::Errors#delete, which was not available after move to…
… use delegation
f34e5a7
Paweł Kondzior pkondzior Fix ActiveModel::Errors#dup
Since ActiveModel::Errors instance keeps all error messages as hash
we should duplicate this object as well.

Previously ActiveModel::Errors was a subclass of ActiveSupport::OrderedHash,
which results in different behavior on dup, this may result in regression for
people relying on it.

Because Rails 3.2 stills supports Ruby 1.8.7 in order to properly fix this
regression we need to backport #initialize_dup.
5da6b6e
Commits on Jan 24, 2012
Aaron Patterson tenderlove Merge pull request #4514 from brainopia/update_timezone_offets
Update time zone offset information
423241c
Commits on Jan 31, 2012
Toshinori Kajihara kennyj Fix GH #4754. Remove double-quote characters around PK when using sql…
…_mode=ANSI_QUOTES
daa8686
Jon Leighton jonleighton Merge pull request #4787 from kennyj/fix_4754-2
[Backport][3-1-stable] Fix GH #4754. Remove double-quote characters around PK when using sql_mode=ANSI_QUOTES
27357a6
Commits on Feb 17, 2012
Arun Agrawal arunagw fixed failing test in ruby-1.8.7-p358 0bf4dc8
Santiago Pastorino spastorino Merge pull request #5072 from arunagw/fix_failing_test_ruby187_p358_3…
…1stable

Fix failing test ruby187 p358 31stable
fd2b275
Andrew White pixeltrix Fix ActionDispatch::Static to serve files with unencoded PCHAR
RFC 3986[1] allows sub-delim characters in path segments unencoded,
however Rack::File requires them to be encoded so we use URI's
unescape method to leave them alone and then escape them again.

Also since the path gets passed to Dir[] we need to escape any glob
characters in the path.

[1]: http://www.ietf.org/rfc/rfc3986.txt
5fcbb94
Andrew White pixeltrix Simplify regexp bea34a7
Commits on Feb 18, 2012
Arun Agrawal arunagw fixed assets test 7782a70
José Valim josevalim Merge pull request #5079 from arunagw/fix_assets_test
Fix assets test
03db636
Commits on Feb 20, 2012
Andrew White pixeltrix Remove fixture files with Windows incompatible filenames
Windows doesn't allow `\ / : * ? " < > |` in filenames so create
the fixture files at runtime and ignore the incompatible ones when
running on Windows.
a786236
Aaron Patterson tenderlove search private / protected methods in trunk ruby da7d0a2
Sergey Nartimov lest fix output safety issue with select options 1be2bbe
Commits on Feb 21, 2012
Akira Matsuda amatsuda add AS::SafeBuffer#clone_empty baf6903
Akira Matsuda amatsuda use AS::SafeBuffer#clone_empty for flushing the output_buffer 2d4cdb0
Aaron Patterson tenderlove Merge pull request #5096 from lawso017/master
Restoring ability to derive id/sequence from tables with nonstandard sequences for primary keys
Conflicts:

	activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
	activerecord/test/cases/adapters/postgresql/schema_test.rb
f468d6e
Aaron Patterson tenderlove ruby 2.0 makes protected methods return false for respond_to, so pass…
… true as the second param
0032772
Aaron Patterson tenderlove more ruby 2.0 respond_to? changes 36c8521
Aaron Patterson tenderlove tag bind params with a bind param object 79f0a9b
Commits on Feb 22, 2012
Aaron Patterson tenderlove bumping up arel 995d792
Aaron Patterson tenderlove prepared statements can be disabled f290d6f
Aaron Patterson tenderlove fixing bad merge: adding bind substitution visitor 967b300
Aaron Patterson tenderlove updating RAILS_VERSION 8c677e9
Commits on Feb 25, 2012
Arun Agrawal arunagw fixed build for ruby187-p358 406ece4
Xavier Noria fxn Merge pull request #5165 from arunagw/build_fix_ruby187-p358-3-1-stable
Build fix ruby187 p358 3 1 stable
30a528a
Arun Agrawal arunagw assert => assert_equal 6e49b3d
Santiago Pastorino spastorino Merge pull request #5171 from arunagw/3-1-stable
assert => assert_equal 3-1-stable
d693bd2
Justin Woodbridge glitterfang Fix typo in match :to docs e6fca55
Noah Hendrix noahhendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
b5418e7
Commits on Feb 26, 2012
Andrew White pixeltrix Detect optional glob params when adding non-greedy regexp - closes #4817
.
5c18b99
Commits on Feb 27, 2012
Aaron Patterson tenderlove Merge pull request #5179 from RalphShnelvar/Binary_mode_Window_bug
Binary mode window bug
47c3cf1
Commits on Feb 28, 2012
Toshinori Kajihara kennyj Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931. 42592b4
Commits on Feb 29, 2012
Aaron Patterson tenderlove Merge pull request #5207 from kennyj/fix_5173-31
[3-1-stable] Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931
0d7a507
Commits on Mar 01, 2012
José Valim josevalim Ensure [] respects the status of the buffer. 3d86727
Arun Agrawal arunagw call binmode on the tempfile for Ruby 1.8 compatibility 63069ec
José Valim josevalim Merge pull request #5227 from arunagw/build_fix_3-1-stable
Build fix 3 1 stable
4c8679e
Aaron Patterson tenderlove Merge branch '3-1-stable-security' into 3-1-4
* 3-1-stable-security:
  Ensure [] respects the status of the buffer.
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
d1fc35f
Aaron Patterson tenderlove bumping to 3.1.4 1aabea6
Aaron Patterson tenderlove Merge branch '3-1-4' into 3-1-stable
* 3-1-4:
  bumping to 3.1.4
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
11881ad
Commits on Mar 02, 2012
Carlos Antonio da Silva carlosantoniodasilva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
66c6c7f
Aaron Patterson tenderlove only log an error if there is a logger. fixes #5226
Conflicts:

	activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_adapter.rb
b1358c8
Commits on Mar 04, 2012
Carlos Antonio da Silva carlosantoniodasilva Only run binary type cast test with encode! on Ruby 1.9 24e074f
Commits on Mar 06, 2012
Mikel Lindsaar mikel Increasing minimum version of mail due to security vulnerability foun…
…d in Mail 2.3.0 for sendmail or exim
5aa4f52
José Valim josevalim Use latest rack-cache. 54621f7
Commits on Mar 07, 2012
Jeremy Kemper jeremy Use 1.9 native XML escaping to speed up html_escape and shush regexp …
…warnings

        length      user     system      total        real
before  6      0.010000   0.000000   0.010000 (  0.012378)
after   6      0.010000   0.000000   0.010000 (  0.012866)
before  60     0.040000   0.000000   0.040000 (  0.046273)
after   60     0.040000   0.000000   0.040000 (  0.036421)
before  600    0.390000   0.000000   0.390000 (  0.390670)
after   600    0.210000   0.000000   0.210000 (  0.209094)
before  6000   3.750000   0.000000   3.750000 (  3.751008)
after   6000   1.860000   0.000000   1.860000 (  1.857901)
7cdfd91
Arun Agrawal arunagw Test fix failing in 1.8.7-p358 d024ce1
Santiago Pastorino spastorino Merge pull request #5322 from arunagw/test_fix_1.8.7-3-1-stable
Test fix 1.8.7 3 1 stable
7455627
Commits on Mar 12, 2012
Aaron Patterson tenderlove Merge pull request #5312 from kennyj/fix_3927-31
[3-1-stable] Use 1.9 native XML escaping to speed up html_escape and shush regexp warnings
bccffc9
Commits on Mar 13, 2012
Denis Jean denisj fix activerecord query_method regression with offset into Fixnum
add test to show offset query_methods on mysql & mysql2

change test to cover public API
b1fe2c6
José Valim josevalim Merge pull request #5401 from arunagw/issue_4409_3-1-stable
Issue 4409 3 1 stable
cfab216
Commits on Mar 15, 2012
Aaron Patterson tenderlove Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
47147a0
Aaron Patterson tenderlove Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
66b8ef1
Commits on Mar 19, 2012
Mikel Lindsaar mikel Increase minimum version of mail.
  Second security vulnerability found in mail file delivery method
  patched in version 2.3.3.
f12d76b
Arun Agrawal arunagw fix test failing in 1.8.7 eeee6f2
José Valim josevalim Merge pull request #5504 from arunagw/build_fix_1-8-7
Build fix 1 8 7
594d6b2
Arun Agrawal arunagw Build fix for form_options_helper_test.rb ruby-1.8.7 c1c62e8
José Valim josevalim Merge pull request #5506 from arunagw/build_fix_1.8.7-3-1-stable
Build fix 1.8.7 3 1 stable
fea82eb
Commits on Mar 23, 2012
Carlos Antonio da Silva carlosantoniodasilva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.
51bb1c1
Carlos Antonio da Silva carlosantoniodasilva Fix identity map tests c8d5680
José Valim josevalim Merge pull request #5564 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable
dafded2
Commits on Mar 26, 2012
Carlos Antonio da Silva carlosantoniodasilva Return the same session data object when setting session id
Make sure to return the same hash object instead of returning a new one.
Returning a new one causes failures on cookie store tests, where it
tests for the 'Set-Cookie' header with the session signature.

This is due to the hash ordering changes on Ruby 1.8.7-p358.
a16aa8c
Aaron Patterson tenderlove Merge pull request #5599 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable - return the same session hash object
4590e99
Commits on Mar 27, 2012
Aaron Patterson tenderlove Merge pull request #2621 from icco/master
Issue with schema dump
e95f8e8
José Valim josevalim Avoid inspecting the whole route set, closes #1525 bef0b35
Commits on Mar 28, 2012
Arturo Pie arturopie Adds a test that breaks IM when using #select 488ea89
Arturo Pie arturopie Do not add record to identity map if the record doesn't have values f…
…or all the columns, so we don't get 'MissingAttributeError' later when trying to access other fields of the same record.
a00a42d
Arturo Pie arturopie refactor the checking of the attributes of the record in IdentityMap#…
…add, so it's more readable
15a2e0d
Commits on Mar 29, 2012
Arturo Pie arturopie refactor instantiate method in base, so we remove nesting if's which …
…make the code harder to read. Minor changes to contain_all_columns in IdentityMap.
14af116
Yasuo Honda yahonda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-1-stable branch
53db676
Aaron Patterson tenderlove Merge pull request #5647 from arturopie/fixing_IM_when_using_find_select
Fixing Identity Map when using find select
eae9a07
Santiago Pastorino spastorino Merge pull request #5658 from yahonda/address_ora_00918_with_oracle_f…
…or_3_1

Address an error for test_has_many_through_polymorphic_has_one with Oracle
5cbb20d
Commits on Mar 31, 2012
Arun Agrawal arunagw :subdomain can now be specified with a value of false in url_for,
allowing for subdomain(s) removal from the host during link generation. 

Closes #4083

cherry-picked from 

de942e5
96aa3bd
54d3645
Arun Agrawal arunagw CHANGELOG entry added c409d06
Commits on Apr 03, 2012
José Valim josevalim Merge pull request #5686 from arunagw/issue_4083
Issue 4083
8c3ca29
Commits on Apr 16, 2012
Arun Agrawal arunagw multi_json is restricted to < 1.3.
Some API changes are there above 1.3.
eeba535
Jeremy Kemper jeremy Merge pull request #5862 from arunagw/multi_json_fix_3-1-stable
Restrict multi_json to >= 1.0, < 1.3 to avoid API changes in 1.3
4274a81
Commits on Apr 29, 2012
Andrew White pixeltrix Don't convert params if the request isn't HTML - fixes #5341
(cherry picked from commit d6bbd33)
8af2fd8
Arun Agrawal arunagw mocha can be locked here as new version is failing
nil.stubs is not allowed in new version of mocha
94a5431
Jeremy Kemper jeremy Merge pull request #6046 from arunagw/lock_mocha_to_fix_build
Lock mocha to fix build
f00ab1d
Andrew White pixeltrix Escape interpolated params when redirecting - fixes #5688 78c181b
Commits on Apr 30, 2012
Will Bryant willbryant fix the Flash middleware loading the session on every request (very d…
…angerous especially with Rack::Cache), it should only be loaded when the flash method is called
d625a7a
Piotr Sarnacki drogus Failing test for #6034 e23e684
Dave Gerton IamNaN Correcting some confusion. Pago Pago is part of American Samoa, not S…
…amoa.

Further, Samoa and Tokelau jumped across the IDL from Dec 29 to Dec 31, 2011
switching from UTC-11 to UTC+13. American Samoa did not make the change and
remains at UTC-11. Pacific/Fakaofo and Pacific/Apia are in TZInfo and
documentation about the dateline change is in austalasia at IANA.

(cherry picked from commit 5fe88b1)
7b0c45d
Commits on May 01, 2012
Vijay Dev vijaydev fix grammar in deprecation message [ci skip] ffd3289
Commits on May 02, 2012
Andrew White pixeltrix Reset the request parameters after a constraints check
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.

To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.

Fixes #2510.
(cherry picked from commit 5603050)
0cfa6b7
Commits on May 04, 2012
Dmitry Vorotilin route Fix #3993 assets:precompile task does not detect index files cf42971
Dmitry Vorotilin route Added test for assets:precompile for index files 29aa03a
Jeremy Kemper jeremy Merge pull request #6152 from route/assets_precompile_task_3_1
Just cherry-picked fixes for asset precompile for 3-1-stable
a33d9f4
Commits on May 10, 2012
Andrew White pixeltrix Refactor the handling of default_url_options in integration tests
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.

Specifically the following issues have been addressed:

* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
7336b33
Andrew White pixeltrix Don't ignore nil positional arguments for url helpers - fixes #6196. e98893b
Commits on May 11, 2012
Carlos Antonio da Silva carlosantoniodasilva Update performance profiler to work with latest ruby-prof, fix 3-1-st…
…able build
b7080e7
Piotr Sarnacki drogus Merge pull request #6261 from carlosantoniodasilva/fix-build-3-1
Fix build 3-1-stable
7b7bf33
Arun Agrawal arunagw Ruby-Prof works with 1.9.3. Let's run. 200d3da
Santiago Pastorino spastorino Merge pull request #6263 from arunagw/3-1-stable
3 1 stable
d2ae955
Commits on May 13, 2012
Guillermo Iguaran guilleiguaran Upgrade sprockets to 2.0.4 03e2895
Santiago Pastorino spastorino Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable
Upgrade sprockets to 2.0.4
e7f8f5f
Rafael Mendonça França rafaelfranca Merge pull request #3237 from sakuro/data-url-scheme
Support data: url scheme
a74b6a0
Commits on May 28, 2012
Aaron Patterson tenderlove bumping to 3.1.5.rc1 bd8ee8c
Commits on May 29, 2012
James Mead floehopper Exceptions like Interrupt should not be rescued in tests.
This is a back-port of rails/rails#6525. See the commit notes there for
details.
4cd3285
Rafael Mendonça França rafaelfranca Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…
…gh-exceptions

Exceptions like Interrupt should not be rescued in tests.
2f42815
Commits on May 30, 2012
Aaron Patterson tenderlove predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
b71d4ab
Aaron Patterson tenderlove Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660
5b83bbf
Commits on May 31, 2012
Aaron Patterson tenderlove Merge branch '3-1-stable-sec' into 3-1-rel
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
a9c1898
Aaron Patterson tenderlove updating the CHANGELOG a7ed198
Aaron Patterson tenderlove bumping to 3.1.5 aa18c0c
Aaron Patterson tenderlove Merge branch '3-1-stable-sec' into 3-1-stable
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
aa6e56b
Aaron Patterson tenderlove Merge branch '3-1-rel' into 3-1-stable
* 3-1-rel:
  bumping to 3.1.5
  updating the CHANGELOG
  bumping to 3.1.5.rc1
a1a71ab
Commits on Jun 08, 2012
Ernie Miller ernie Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.1.5 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
8355abf
Commits on Jun 11, 2012
Aaron Patterson tenderlove Array parameters should not contain nil values. f4174ad
Toshinori Kajihara kennyj Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
023eaf8
Toshinori Kajihara kennyj Change the string to use in test case.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
8e6ed58
Rafael Mendonça França rafaelfranca Mysql and Mysql2 adapters accepts only two arguments in the tables 3e2c00a
Aaron Patterson tenderlove Merge branch '3-1-stable-sec' into 3-1-stable-rel
* 3-1-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
64e30e8
Aaron Patterson tenderlove adding version number to changelogs 75d039f
Aaron Patterson tenderlove updating changelogs with security fixes bee42f3
Aaron Patterson tenderlove bumping version numbers 4e7d571
Commits on Jun 12, 2012
Aaron Patterson tenderlove updating changelogs 63dce16
Commits on Jun 14, 2012
Xavier Noria fxn removes item in the Active Record CHANGELOG
That change to update_attribute was considered
to be too subtle and was reverted in 30ea923
just before Rails 3 shipped. Later we introduced
update_column (Rails 3.1).
666a48a
Aaron Patterson tenderlove adding a test for #6459 28e744d
Commits on Jul 23, 2012
Aaron Patterson tenderlove updating changelog a4b8a7e
Commits on Jul 26, 2012
Aaron Patterson tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 eb69ad2
Aaron Patterson tenderlove updating changelog with CVE 140a70a
Aaron Patterson tenderlove updating rails release date 6cf68d7
Aaron Patterson tenderlove bumping to 3.1.7 d314a48
Commits on Aug 07, 2012
Santiago Pastorino spastorino html_escape should escape single quotes d0c9759
Commits on Aug 09, 2012
Santiago Pastorino spastorino escape select_tag :prompt values
CVE-2012-3463
b6a0a11
Santiago Pastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
63e67ea
Santiago Pastorino spastorino Add CHANGELOG entries e8d78e7
Santiago Pastorino spastorino Bump to 3.1.8 38bf9cf
Commits on Aug 15, 2012
Carlos Antonio da Silva carlosantoniodasilva Add html_escape note to CHANGELOG
This was added to all other branches, but 3-1 missed the entry.

3-0-stable: 954e262
3-2-stable: ae2383d
master: 5c07be5
8181b72
Rafael Mendonça França rafaelfranca Remove warning when using html_escape with Ruby 1.9.
Closes #7323
4f12e3a
Commits on Aug 17, 2012
Jon Leighton jonleighton Use benchmark/ips to measure AR performance
This means we can more easily compare numbers, and we don't have to
specify a single N for all reports, which previously meant that some
tests were running many more/fewer iterations than necessary.

Conflicts:
	Gemfile
	activerecord/examples/performance.rb
20d6f70
Jon Leighton jonleighton Increase benchmark time to 20 seconds.
I think that 5 seconds was a bit low for our purposes.

Also enable it to be configured via env vars.

We also need to scale the number of records up/down depending on how
long we're running the benchmark for.

Conflicts:
	activerecord/examples/performance.rb
e08268b
Commits on Aug 28, 2012
Xavier Noria fxn CHANGELOGs are now per branch
Check 810a50d for the rationale.
e6e9e56
Pratik lifo Ensure association preloading properly merges default scope and assoc…
…iation conditions
2d6d8a7
Commits on Oct 18, 2012
Rafael Mendonça França rafaelfranca Require ActionController::Railtie in the default middleware stack.
This will make possible to do a frameworkless initialization since the
the default middleware stack is self contained.
144d747
Commits on Dec 14, 2012
Aaron Patterson tenderlove test for 8018 92118e7
Commits on Dec 15, 2012
Aaron Patterson tenderlove do not install ruby-prof on Ruby 2.0 61776f5
Carlos Antonio da Silva carlosantoniodasilva Update xml serialization tests to reflect a change in builder
Due to a change in builder, nil values now generates closed tags,
so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>

It generates this:

    <pseudonyms nil=\"true\"/>

Document this change in Rails so that people can track it down easily if
necessary.

Changes in Active Model, Active Record and Active Support tests.

Cherry-pick of d65adc7, 77dd3be and 146eaf3. Fix build.
9fc6c31
Carlos Antonio da Silva carlosantoniodasilva Be a bit less conservative with mysql in adapter
This will allow the new mysql 2.9.0 to be used, fixing our test issues.
64e6e6a
Commits on Dec 23, 2012
Aaron Patterson tenderlove updating changelogs fbe436b
Aaron Patterson tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
c42f548
Aaron Patterson tenderlove bumping version to 3.1.9 f1e977c
Commits on Jan 08, 2013
Santiago Pastorino spastorino Avoid Rack security warning no secret provided
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
4d5f950
Aaron Patterson tenderlove * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …
…* dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md
7e5cc96
Jeremy Kemper jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 8133a81
Aaron Patterson tenderlove bumping version a7dd0bb
Commits on Jan 09, 2013
Carlos Antonio da Silva carlosantoniodasilva Fix a few warnings of unused variables 86cf7d3
Prem Sichanugrist sikachu Remove test for XML YAML parsing
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See 8133a81 for more detail.
3f3c35b
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #8835 from sikachu/3-1-stable-fix-ars
Remove test for XML YAML parsing
a97199d
Jeremy Kemper jeremy Merge pull request #5896 from sferik/revert_5861
Revert #5861. Feature-detect which MultiJson API to use.
Conflicts:
	activesupport/activesupport.gemspec

This backports multi_json version depedency changes as applied.

Rationale: #5861

Patch by sferik
7b9bab6
Rafael Mendonça França rafaelfranca Merge pull request #8846 from AlexRiedler/revert_5861
Backport multi_json dependency revert of #5861 to 3-1-stable
b816e8e
Carlos Antonio da Silva carlosantoniodasilva Update changelogs with release dates and minor improvements [ci skip] 1b35a85
Commits on Jan 11, 2013
Dylan Thacker-Smith dylanahsmith Fix JSON params parsing regression for non-object JSON content.
Backports #8855.
c669a9c
Jeremy Kemper jeremy Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…
…params

3-1-stable: Fix JSON params parsing regression for non-object JSON content.
18b8f90
Commits on Jan 12, 2013
Andrew White pixeltrix Remove unnecessary caching of ParameterFilter 8b3109a
Commits on Jan 16, 2013
James Mead floehopper Fix 3-1-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to
include Mocha bug fix.

A bug was fixed [1] in Mocha's integration with Test::Unit, but this
monkey-patching code was copied before the fix. We need to copy the
fixed version.

The bug meant that an unexpected invocation against a mock within the
teardown method caused a test *error* and not a test *failure*.

B) Fix for Test::Unit/Mocha compatibility.

Mocha is now using a single AssertionCounter which needs a reference to
the testcase as opposed to the result.

This change is an unfortunate consequence of the copying of a chunk of
Mocha's internal code in order to monkey-patch Test::Unit.

C) Avoid a Mocha deprecation warning.

[1]
freerange/mocha@f1ff647#diff-5
0591f6d
Rafael Mendonça França rafaelfranca Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes
Fix 3-1-stable to work with Mocha >= v0.13.0
b0a2c67
Carlos Antonio da Silva carlosantoniodasilva Update mocha version to 0.13.0 and change requires
Conflicts:
	Gemfile
	railties/test/application/route_inspect_test.rb
	railties/test/generators_test.rb
ae6864e
Commits on Jan 26, 2013
Damien Mathieu dmathieu remove the warning when testing whiny_nil d72c25e
Toshinori Kajihara kennyj Fix build. It seems that the Mocha's behavior were changed. 4ebe101
Commits on Feb 07, 2013
Dylan Thacker-Smith dylanahsmith active_record: Quote numeric values compared to string columns. 26e13c3
Commits on Feb 08, 2013
Guillermo Iguaran guilleiguaran Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric
[3.1] active_record: Quote numeric values compared to string columns.
ecfc26d
Roberto Miranda robertomiranda Fix test failure for ruby 1.8 2372a1f
Guillermo Iguaran guilleiguaran Merge pull request #9226 from robertomiranda/fix-bigdecimal-test
[3.1] Fix test failure for ruby 1.8
c470941
Commits on Feb 10, 2013
joernchen of Phenoelit joernchen Fix issue with attr_protected where malformed input could circumvent
protection

Fixes: CVE-2013-0276
647afdb
Aaron Patterson tenderlove adding test for CVE b0bf30c
Commits on Feb 11, 2013
Aaron Patterson tenderlove bumping to 3.1.11 415bf3d
Commits on Feb 12, 2013
Carlos Antonio da Silva carlosantoniodasilva Update changelogs with version/release dates [ci skip]
Also add note about attr_protected change.
16ed3d5
Commits on Feb 14, 2013
Carlos Antonio da Silva carlosantoniodasilva Fix changelog typos [ci skip]
Thanks to @jmccartie.
967591b
Commits on Feb 16, 2013
joernchen of Phenoelit joernchen Update activemodel/CHANGELOG.md
Fixed a typo ;)
b7ee5ca
Xavier Noria fxn Merge pull request #9309 from joernchen/patch-2
Update activemodel/CHANGELOG.md
7e90a8e
Commits on Feb 27, 2013
Steve Klabnik steveklabnik Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-nu…
…meric"

This reverts commit 921a296.
2821f95
Josh Owens queso Update gemspec to get mail 2.4 as the main version, 2.3.3 has securit…
…y issues.
d3dc2a7
Commits on Feb 28, 2013
Guillermo Iguaran guilleiguaran Merge pull request #9475 from queso/update-mail
Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
3f8eb4e
Commits on Mar 16, 2013
Aaron Patterson tenderlove stop calling to_sym when building arel nodes [CVE-2013-1854] 5ff6012
Charlie Somerville charliesome fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] 36bcc93
benmmurphy benmmurphy JDOM XXE Protection [CVE-2013-1856]
Conflicts:
	activesupport/test/xml_mini/jdom_engine_test.rb
a7d252b
Aaron Patterson tenderlove fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
735bb98
Commits on Mar 18, 2013
Aaron Patterson tenderlove bumping to 3.1.12 0c510c7
Prem Sichanugrist sikachu Add in missing requires bd34e5c
Commits on Apr 09, 2013
Aaron Patterson tenderlove Merge branch '3-1-later' into 3-1-stable
* 3-1-later:
  adding test for CVE
46c26e8
Commits on Dec 01, 2013
Aaron Patterson tenderlove Only use valid mime type symbols as cache keys
CVE-2013-6414

Conflicts:
	actionpack/lib/action_view/lookup_context.rb
e97530f
Commits on Dec 04, 2013
Michael Koziarski NZKoz Escape the unit value provided to number_to_currency
Fixes CVE-2013-6415

Previously the values were trusted blindly allowing for potential XSS attacks.
6db2623
Michael Koziarski NZKoz Stop using i18n's built in HTML error handling.
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans.  Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.

Fixes: CVE-2013-4491

Conflicts:
	actionpack/lib/action_view/helpers/translation_helper.rb

Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
31cfb3c
Michael Koziarski NZKoz Deep Munge the parameters for GET and POST
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.

Fixes CVE-2013-6417

Conflicts:
	actionpack/lib/action_dispatch/http/request.rb
1c00768
Aaron Patterson tenderlove Merge pull request #13151 from hone/3-1-stable
Backport Rails 3.2.16 Security Fixes to Rails 3.1.x
ace0322
Commits on Feb 18, 2014
Rafael Mendonça França rafaelfranca Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
06cbb8a
Commits on Oct 10, 2014
Aaron Patterson tenderlove FileHandler should not be called for files outside the root
FileHandler#matches? should return false for files that are outside the
"root" path.

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb
	actionpack/test/dispatch/static_test.rb
9c37d8e
Commits on Nov 16, 2014
Aaron Patterson tenderlove correctly escape backslashes in request path globs
Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

make sure that unreadable files are also not leaked

CVE-2014-7829

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb
4dacedf