Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
Checking mergeability… Don't worry, you can still create the pull request.
This comparison is big! We're only showing the most recent 250 commits
Commits on Dec 05, 2011
@tenderlove tenderlove Merge pull request #3860 from sumbach/test-return-value-from-require-…
…on-3-1-stable

Test return value from require on 3-1-stable
47bc206
@kennyj kennyj Use show create table.
Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
8d55a6d
Commits on Dec 06, 2011
@spastorino spastorino Merge pull request #3428 from adrianpike/asset_path_conflicts
Issue #3427 - asset_path_conflicts
a2f4ef1
@spastorino spastorino Add CHANGELOG entry acfa6c7
Commits on Dec 08, 2011
@fxn fxn use our own fork of sdoc while Vijay's fix is not applied to voloko/sdoc 1e001da
@josevalim josevalim Improve cache on route_key lookup.
Conflicts:

	activemodel/lib/active_model/naming.rb
3952854
@josevalim josevalim Remove NilClass whiners feature.
Removing this feature causes boost in performance when using Ruby 1.9.

Ruby 1.9 started to do implicit conversions using `to_ary` and `to_str`
in some STDLIB methods (like Array#join). To do such implicit conversions,
Ruby 1.9 always dispatches the method and rescues the NoMethodError exception
in case one is raised.

Therefore, since the whiners feature defined NilClass#method_missing, such
implicit conversions for nil became much, much slower. In fact, just defining
NilClass#method_missing (even without the whiners feature) already causes a
massive slow down. Here is a snippet that shows such slow down:

    require "benchmark"
    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }

    class NilClass
      def method_missing(*args)
        raise NoMethodError
      end
    end

    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }
4f0ff15
@vijaydev vijaydev fix a bad url 92d24b7
@jonleighton jonleighton Fix #3890. (Calling proxy_association in scope chain.)
Conflicts:

	activerecord/test/models/post.rb
63293d1
@tenderlove tenderlove load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
e568c67
Commits on Dec 10, 2011
@guilleiguaran guilleiguaran Add test to verify that therubyrhino isn't included when JRuby isn't …
…used
80b1d4d
@josevalim josevalim Merge pull request #3705 from guilleiguaran/3-1-stable-therubyrhino
Added therubyrhino to default Gemfile under JRuby
d06c3b3
@arunagw arunagw Fix broken encoding test 49bbdf2
@josevalim josevalim Merge pull request #3928 from arunagw/fix_template_test
Fix template test
25ac7e4
Commits on Dec 13, 2011
@tenderlove tenderlove use Array#join so that file encoding doesn't impact returned string.
Fixes #3957
4371be2
@dissolved dissolved Fixing typo in Routing Guide. 50ac4a3
@dissolved dissolved Replacing vague mention of an unspecified section above with a link t…
…o the actual section containing Asset Organization.
ed89235
@Mik-die Mik-die Typo in list dced6d6
Commits on Dec 14, 2011
@jonleighton jonleighton Fix #3672 again (dependent: delete_all perf)
Conflicts:

	activerecord/lib/active_record/associations/builder/has_many.rb
	activerecord/lib/active_record/associations/has_many_association.rb
b6ae05e
@fxn fxn let sdoc say which version of rdoc we depend on
Conflicts:

	Gemfile
60a91f1
Commits on Dec 15, 2011
@jonleighton jonleighton Fix #3987.
Conflicts:

	activerecord/lib/active_record/attribute_methods/primary_key.rb
	activerecord/test/cases/primary_keys_test.rb
df932c4
Commits on Dec 17, 2011
@spastorino spastorino Add campfire notifications for travis 2f7e701
Commits on Dec 18, 2011
@lest lest backport call scope within unscoped to prevent duplication of where v…
…alues
9f7fe5d
Commits on Dec 19, 2011
@jonleighton jonleighton Don't notify campfire when the build keeps passing b9aabc7
@spastorino spastorino Merge pull request #4025 from arunagw/travis_sync
Travis sync
0479789
Commits on Dec 20, 2011
@guilleiguaran guilleiguaran Skip assets options in environments files when --skip-sprockets is used
Conflicts:

	railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt
	railties/test/generators/app_generator_test.rb
47bef33
@drogus drogus Ensure that files that compile to js/css are not compiled by default …
…with `rake assets:precompile`

This case was not tested and documentation was a bit confusing
on that topic, so it was not obvious if current code
works properly or not.
80c0517
@guilleiguaran guilleiguaran Use ProcessedAsset#pathname in Sprockets helpers when debugging is on…
…. Closes #3333 #3348 #3361.

Is wrong use ProcessedAsset#to_s since it returns the content of the file.
d7fbd63
@drogus drogus Clarify the default assets.precompile matcher behavior 169137f
@guilleiguaran guilleiguaran Skip assets groups if --skip-sprockets option is given
Conflicts:

	railties/test/generators/app_generator_test.rb
c32be81
@josevalim josevalim Merge pull request #4058 from guilleiguaran/asset-pipeline-fixes
Backport multiple fixes for asset pipeline from master to 3-1-stable
c4b13a7
@guilleiguaran guilleiguaran Fix railties tests: I broke development.rb template during last merge d545642
@josevalim josevalim Merge pull request #4065 from guilleiguaran/fix-railties-tests
Fix railties tests: I broke development.rb template during last merge
5ca308b
@arunagw arunagw It should be README.rdoc fixes #4067 41803b2
@spastorino spastorino Merge pull request #4074 from arunagw/doc_fix
doc:rails fixed
2ddedac
Commits on Dec 21, 2011
@tenderlove tenderlove adding tests for #4029 040b794
Commits on Dec 22, 2011
@tenderlove tenderlove refactoring routing tests
Conflicts:

	actionpack/test/controller/routing_test.rb
3e00e1f
@tenderlove tenderlove rack bodies should be a list d538952
Commits on Dec 23, 2011
@arunagw arunagw [docs] Added missing "}" fixes #4126 939183a
Commits on Dec 31, 2011
@hsbt hsbt upgrade rack-1.3.6 16d4bc7
@josevalim josevalim Merge pull request #4244 from hsbt/upgrade-rack-dependency
Upgrade rack dependency
8efb9e7
Commits on Jan 03, 2012
@josevalim josevalim Override respond_to? since we are also overriding method_missing. 6d5a27a
@spastorino spastorino Pass extensions to javascript_path and stylesheet_path helpers. Closes b7c7f08
Commits on Jan 10, 2012
@drogus drogus Add ORIGINAL_FULLPATH to env
This behaves similarly to REQUEST_URI, but
we need to implement it on our own because
REQUEST_URI is not reliable.

Note that since PATH_INFO does not contain
information about trailing question mark,
this is not 100% accurate, for example
`/foo?` will result in `/foo` in ORIGINAL_FULLPATH
4d872d1
@drogus drogus Add original_fullpath and original_url methods to Request c2af40b
@drogus drogus Fix http digest authentication with trailing '/' or '?' (fixes #4038
…and #3228)
238d80c
Commits on Jan 11, 2012
@spastorino spastorino Merge pull request #4412 from kennyj/fix_3743
Fix GH #3743. We must specify an encoding in rdoc_option explicitly.
efa215a
Commits on Jan 12, 2012
@tomstuart tomstuart Test ActiveRecord::Base#[]= as well as #write_attribute f22c36b
@tomstuart tomstuart Test that #[] and #[]= keep working when #read_attribute and #write_a…
…ttribute are overridden
cda5094
@tomstuart tomstuart Revert "Base#[] and Base#[]= are aliases so implement them as aliases…
… :)"

This reverts commit 21eadc1.
f707cda
@spastorino spastorino Merge pull request #4418 from tomstuart/read-and-write-attribute-alia…
…ses-3-1-stable

#[] and #[]= are no longer interchangeable with #read_attribute and #write_attribute (3-1-stable)
16f9511
@vijaydev vijaydev First attempt at providing a 'what to update' section for Rails 3.1 18d67f5
Commits on Jan 13, 2012
@guilleiguaran guilleiguaran Update actionpack Changelog in 3-1-stable 28b0050
@vijaydev vijaydev Merge pull request #4442 from guilleiguaran/3-1-changelogs
Update actionpack changelog in 3-1-stable
a677701
@josevalim josevalim config.force_ssl should mark the session as secure. d209325
@josevalim josevalim No AS::TestCase here. 98ac00c
Commits on Jan 16, 2012
@guilleiguaran guilleiguaran Mention how use config.assets.prefix to avoid conflicting with an exi…
…sting "/assets" route
f407ec5
Commits on Jan 21, 2012
@guilleiguaran guilleiguaran Add therubyracer gem commented in default Gemfile (3.1.x) bd5392c
@vijaydev vijaydev Merge pull request #4579 from guilleiguaran/add-js-runtime-to-gemfile
Add therubyracer gem commented in default Gemfile (3.1.x)
db9b1a7
Commits on Jan 23, 2012
@drogus drogus Add ActiveModel::Errors#delete, which was not available after move to…
… use delegation
f34e5a7
@pkondzior pkondzior Fix ActiveModel::Errors#dup
Since ActiveModel::Errors instance keeps all error messages as hash
we should duplicate this object as well.

Previously ActiveModel::Errors was a subclass of ActiveSupport::OrderedHash,
which results in different behavior on dup, this may result in regression for
people relying on it.

Because Rails 3.2 stills supports Ruby 1.8.7 in order to properly fix this
regression we need to backport #initialize_dup.
5da6b6e
Commits on Jan 24, 2012
@tenderlove tenderlove Merge pull request #4514 from brainopia/update_timezone_offets
Update time zone offset information
423241c
Commits on Jan 31, 2012
@kennyj kennyj Fix GH #4754. Remove double-quote characters around PK when using sql…
…_mode=ANSI_QUOTES
daa8686
@jonleighton jonleighton Merge pull request #4787 from kennyj/fix_4754-2
[Backport][3-1-stable] Fix GH #4754. Remove double-quote characters around PK when using sql_mode=ANSI_QUOTES
27357a6
Commits on Feb 17, 2012
@arunagw arunagw fixed failing test in ruby-1.8.7-p358 0bf4dc8
@spastorino spastorino Merge pull request #5072 from arunagw/fix_failing_test_ruby187_p358_3…
…1stable

Fix failing test ruby187 p358 31stable
fd2b275
@pixeltrix pixeltrix Fix ActionDispatch::Static to serve files with unencoded PCHAR
RFC 3986[1] allows sub-delim characters in path segments unencoded,
however Rack::File requires them to be encoded so we use URI's
unescape method to leave them alone and then escape them again.

Also since the path gets passed to Dir[] we need to escape any glob
characters in the path.

[1]: http://www.ietf.org/rfc/rfc3986.txt
5fcbb94
@pixeltrix pixeltrix Simplify regexp bea34a7
Commits on Feb 18, 2012
@arunagw arunagw fixed assets test 7782a70
@josevalim josevalim Merge pull request #5079 from arunagw/fix_assets_test
Fix assets test
03db636
Commits on Feb 20, 2012
@pixeltrix pixeltrix Remove fixture files with Windows incompatible filenames
Windows doesn't allow `\ / : * ? " < > |` in filenames so create
the fixture files at runtime and ignore the incompatible ones when
running on Windows.
a786236
@tenderlove tenderlove search private / protected methods in trunk ruby da7d0a2
@lest lest fix output safety issue with select options 1be2bbe
Commits on Feb 21, 2012
@amatsuda amatsuda add AS::SafeBuffer#clone_empty baf6903
@amatsuda amatsuda use AS::SafeBuffer#clone_empty for flushing the output_buffer 2d4cdb0
@tenderlove tenderlove Merge pull request #5096 from lawso017/master
Restoring ability to derive id/sequence from tables with nonstandard sequences for primary keys
Conflicts:

	activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
	activerecord/test/cases/adapters/postgresql/schema_test.rb
f468d6e
@tenderlove tenderlove ruby 2.0 makes protected methods return false for respond_to, so pass…
… true as the second param
0032772
@tenderlove tenderlove more ruby 2.0 respond_to? changes 36c8521
@tenderlove tenderlove tag bind params with a bind param object 79f0a9b
Commits on Feb 22, 2012
@tenderlove tenderlove bumping up arel 995d792
@tenderlove tenderlove prepared statements can be disabled f290d6f
@tenderlove tenderlove fixing bad merge: adding bind substitution visitor 967b300
@tenderlove tenderlove updating RAILS_VERSION 8c677e9
Commits on Feb 25, 2012
@arunagw arunagw fixed build for ruby187-p358 406ece4
@fxn fxn Merge pull request #5165 from arunagw/build_fix_ruby187-p358-3-1-stable
Build fix ruby187 p358 3 1 stable
30a528a
@arunagw arunagw assert => assert_equal 6e49b3d
@spastorino spastorino Merge pull request #5171 from arunagw/3-1-stable
assert => assert_equal 3-1-stable
d693bd2
@glitterfang glitterfang Fix typo in match :to docs e6fca55
@noahhendrix noahhendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
b5418e7
Commits on Feb 26, 2012
@pixeltrix pixeltrix Detect optional glob params when adding non-greedy regexp - closes #4817
.
5c18b99
Commits on Feb 27, 2012
@tenderlove tenderlove Merge pull request #5179 from RalphShnelvar/Binary_mode_Window_bug
Binary mode window bug
47c3cf1
Commits on Feb 28, 2012
@kennyj kennyj Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931. 42592b4
Commits on Feb 29, 2012
@tenderlove tenderlove Merge pull request #5207 from kennyj/fix_5173-31
[3-1-stable] Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931
0d7a507
Commits on Mar 01, 2012
@josevalim josevalim Ensure [] respects the status of the buffer. 3d86727
@arunagw arunagw call binmode on the tempfile for Ruby 1.8 compatibility 63069ec
@josevalim josevalim Merge pull request #5227 from arunagw/build_fix_3-1-stable
Build fix 3 1 stable
4c8679e
@tenderlove tenderlove Merge branch '3-1-stable-security' into 3-1-4
* 3-1-stable-security:
  Ensure [] respects the status of the buffer.
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
d1fc35f
@tenderlove tenderlove bumping to 3.1.4 1aabea6
@tenderlove tenderlove Merge branch '3-1-4' into 3-1-stable
* 3-1-4:
  bumping to 3.1.4
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
11881ad
Commits on Mar 02, 2012
@carlosantoniodasilva carlosantoniodasilva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
66c6c7f
@tenderlove tenderlove only log an error if there is a logger. fixes #5226
Conflicts:

	activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_adapter.rb
b1358c8
Commits on Mar 04, 2012
@carlosantoniodasilva carlosantoniodasilva Only run binary type cast test with encode! on Ruby 1.9 24e074f
Commits on Mar 06, 2012
@mikel mikel Increasing minimum version of mail due to security vulnerability foun…
…d in Mail 2.3.0 for sendmail or exim
5aa4f52
@josevalim josevalim Use latest rack-cache. 54621f7
Commits on Mar 07, 2012
@jeremy jeremy Use 1.9 native XML escaping to speed up html_escape and shush regexp …
…warnings

        length      user     system      total        real
before  6      0.010000   0.000000   0.010000 (  0.012378)
after   6      0.010000   0.000000   0.010000 (  0.012866)
before  60     0.040000   0.000000   0.040000 (  0.046273)
after   60     0.040000   0.000000   0.040000 (  0.036421)
before  600    0.390000   0.000000   0.390000 (  0.390670)
after   600    0.210000   0.000000   0.210000 (  0.209094)
before  6000   3.750000   0.000000   3.750000 (  3.751008)
after   6000   1.860000   0.000000   1.860000 (  1.857901)
7cdfd91
@arunagw arunagw Test fix failing in 1.8.7-p358 d024ce1
@spastorino spastorino Merge pull request #5322 from arunagw/test_fix_1.8.7-3-1-stable
Test fix 1.8.7 3 1 stable
7455627
Commits on Mar 12, 2012
@tenderlove tenderlove Merge pull request #5312 from kennyj/fix_3927-31
[3-1-stable] Use 1.9 native XML escaping to speed up html_escape and shush regexp warnings
bccffc9
Commits on Mar 13, 2012
@denisj denisj fix activerecord query_method regression with offset into Fixnum
add test to show offset query_methods on mysql & mysql2

change test to cover public API
b1fe2c6
@josevalim josevalim Merge pull request #5401 from arunagw/issue_4409_3-1-stable
Issue 4409 3 1 stable
cfab216
Commits on Mar 15, 2012
@tenderlove tenderlove Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
47147a0
@tenderlove tenderlove Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
66b8ef1
Commits on Mar 19, 2012
@mikel mikel Increase minimum version of mail.
  Second security vulnerability found in mail file delivery method
  patched in version 2.3.3.
f12d76b
@arunagw arunagw fix test failing in 1.8.7 eeee6f2
@josevalim josevalim Merge pull request #5504 from arunagw/build_fix_1-8-7
Build fix 1 8 7
594d6b2
@arunagw arunagw Build fix for form_options_helper_test.rb ruby-1.8.7 c1c62e8
@josevalim josevalim Merge pull request #5506 from arunagw/build_fix_1.8.7-3-1-stable
Build fix 1.8.7 3 1 stable
fea82eb
Commits on Mar 23, 2012
@carlosantoniodasilva carlosantoniodasilva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.
51bb1c1
@carlosantoniodasilva carlosantoniodasilva Fix identity map tests c8d5680
@josevalim josevalim Merge pull request #5564 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable
dafded2
Commits on Mar 26, 2012
@carlosantoniodasilva carlosantoniodasilva Return the same session data object when setting session id
Make sure to return the same hash object instead of returning a new one.
Returning a new one causes failures on cookie store tests, where it
tests for the 'Set-Cookie' header with the session signature.

This is due to the hash ordering changes on Ruby 1.8.7-p358.
a16aa8c
@tenderlove tenderlove Merge pull request #5599 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable - return the same session hash object
4590e99
Commits on Mar 27, 2012
@tenderlove tenderlove Merge pull request #2621 from icco/master
Issue with schema dump
e95f8e8
@josevalim josevalim Avoid inspecting the whole route set, closes #1525 bef0b35
Commits on Mar 28, 2012
@arturopie arturopie Adds a test that breaks IM when using #select 488ea89
@arturopie arturopie Do not add record to identity map if the record doesn't have values f…
…or all the columns, so we don't get 'MissingAttributeError' later when trying to access other fields of the same record.
a00a42d
@arturopie arturopie refactor the checking of the attributes of the record in IdentityMap#…
…add, so it's more readable
15a2e0d
Commits on Mar 29, 2012
@arturopie arturopie refactor instantiate method in base, so we remove nesting if's which …
…make the code harder to read. Minor changes to contain_all_columns in IdentityMap.
14af116
@yahonda yahonda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-1-stable branch
53db676
@tenderlove tenderlove Merge pull request #5647 from arturopie/fixing_IM_when_using_find_select
Fixing Identity Map when using find select
eae9a07
@spastorino spastorino Merge pull request #5658 from yahonda/address_ora_00918_with_oracle_f…
…or_3_1

Address an error for test_has_many_through_polymorphic_has_one with Oracle
5cbb20d
Commits on Mar 31, 2012
@arunagw arunagw :subdomain can now be specified with a value of false in url_for,
allowing for subdomain(s) removal from the host during link generation. 

Closes #4083

cherry-picked from 

de942e5
96aa3bd
54d3645
@arunagw arunagw CHANGELOG entry added c409d06
Commits on Apr 03, 2012
@josevalim josevalim Merge pull request #5686 from arunagw/issue_4083
Issue 4083
8c3ca29
Commits on Apr 16, 2012
@arunagw arunagw multi_json is restricted to < 1.3.
Some API changes are there above 1.3.
eeba535
@jeremy jeremy Merge pull request #5862 from arunagw/multi_json_fix_3-1-stable
Restrict multi_json to >= 1.0, < 1.3 to avoid API changes in 1.3
4274a81
Commits on Apr 29, 2012
@pixeltrix pixeltrix Don't convert params if the request isn't HTML - fixes #5341
(cherry picked from commit d6bbd33)
8af2fd8
@arunagw arunagw mocha can be locked here as new version is failing
nil.stubs is not allowed in new version of mocha
94a5431
@jeremy jeremy Merge pull request #6046 from arunagw/lock_mocha_to_fix_build
Lock mocha to fix build
f00ab1d
@pixeltrix pixeltrix Escape interpolated params when redirecting - fixes #5688 78c181b
Commits on Apr 30, 2012
@willbryant willbryant fix the Flash middleware loading the session on every request (very d…
…angerous especially with Rack::Cache), it should only be loaded when the flash method is called
d625a7a
@drogus drogus Failing test for #6034 e23e684
@IamNaN IamNaN Correcting some confusion. Pago Pago is part of American Samoa, not S…
…amoa.

Further, Samoa and Tokelau jumped across the IDL from Dec 29 to Dec 31, 2011
switching from UTC-11 to UTC+13. American Samoa did not make the change and
remains at UTC-11. Pacific/Fakaofo and Pacific/Apia are in TZInfo and
documentation about the dateline change is in austalasia at IANA.

(cherry picked from commit 5fe88b1)
7b0c45d
Commits on May 01, 2012
@vijaydev vijaydev fix grammar in deprecation message [ci skip] ffd3289
Commits on May 02, 2012
@pixeltrix pixeltrix Reset the request parameters after a constraints check
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.

To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.

Fixes #2510.
(cherry picked from commit 5603050)
0cfa6b7
Commits on May 04, 2012
@route route Fix #3993 assets:precompile task does not detect index files cf42971
@route route Added test for assets:precompile for index files 29aa03a
@jeremy jeremy Merge pull request #6152 from route/assets_precompile_task_3_1
Just cherry-picked fixes for asset precompile for 3-1-stable
a33d9f4
Commits on May 10, 2012
@pixeltrix pixeltrix Refactor the handling of default_url_options in integration tests
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.

Specifically the following issues have been addressed:

* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
7336b33
@pixeltrix pixeltrix Don't ignore nil positional arguments for url helpers - fixes #6196. e98893b
Commits on May 11, 2012
@carlosantoniodasilva carlosantoniodasilva Update performance profiler to work with latest ruby-prof, fix 3-1-st…
…able build
b7080e7
@drogus drogus Merge pull request #6261 from carlosantoniodasilva/fix-build-3-1
Fix build 3-1-stable
7b7bf33
@arunagw arunagw Ruby-Prof works with 1.9.3. Let's run. 200d3da
@spastorino spastorino Merge pull request #6263 from arunagw/3-1-stable
3 1 stable
d2ae955
Commits on May 13, 2012
@guilleiguaran guilleiguaran Upgrade sprockets to 2.0.4 03e2895
@spastorino spastorino Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable
Upgrade sprockets to 2.0.4
e7f8f5f
@rafaelfranca rafaelfranca Merge pull request #3237 from sakuro/data-url-scheme
Support data: url scheme
a74b6a0
Commits on May 28, 2012
@tenderlove tenderlove bumping to 3.1.5.rc1 bd8ee8c
Commits on May 29, 2012
@floehopper floehopper Exceptions like Interrupt should not be rescued in tests.
This is a back-port of rails/rails#6525. See the commit notes there for
details.
4cd3285
@rafaelfranca rafaelfranca Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…
…gh-exceptions

Exceptions like Interrupt should not be rescued in tests.
2f42815
Commits on May 30, 2012
@tenderlove tenderlove predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
b71d4ab
@tenderlove tenderlove Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660
5b83bbf
Commits on May 31, 2012
@tenderlove tenderlove Merge branch '3-1-stable-sec' into 3-1-rel
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
a9c1898
@tenderlove tenderlove updating the CHANGELOG a7ed198
@tenderlove tenderlove bumping to 3.1.5 aa18c0c
@tenderlove tenderlove Merge branch '3-1-stable-sec' into 3-1-stable
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
aa6e56b
@tenderlove tenderlove Merge branch '3-1-rel' into 3-1-stable
* 3-1-rel:
  bumping to 3.1.5
  updating the CHANGELOG
  bumping to 3.1.5.rc1
a1a71ab
Commits on Jun 08, 2012
@ernie ernie Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.1.5 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
8355abf
Commits on Jun 11, 2012
@tenderlove tenderlove Array parameters should not contain nil values. f4174ad
@kennyj kennyj Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
023eaf8
@kennyj kennyj Change the string to use in test case.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
8e6ed58
@rafaelfranca rafaelfranca Mysql and Mysql2 adapters accepts only two arguments in the tables 3e2c00a
@tenderlove tenderlove Merge branch '3-1-stable-sec' into 3-1-stable-rel
* 3-1-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
64e30e8
@tenderlove tenderlove adding version number to changelogs 75d039f
@tenderlove tenderlove updating changelogs with security fixes bee42f3
@tenderlove tenderlove bumping version numbers 4e7d571
Commits on Jun 12, 2012
@tenderlove tenderlove updating changelogs 63dce16
Commits on Jun 14, 2012
@fxn fxn removes item in the Active Record CHANGELOG
That change to update_attribute was considered
to be too subtle and was reverted in 30ea923
just before Rails 3 shipped. Later we introduced
update_column (Rails 3.1).
666a48a
@tenderlove tenderlove adding a test for #6459 28e744d
Commits on Jul 23, 2012
@tenderlove tenderlove updating changelog a4b8a7e
Commits on Jul 26, 2012
@tenderlove tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 eb69ad2
@tenderlove tenderlove updating changelog with CVE 140a70a
@tenderlove tenderlove updating rails release date 6cf68d7
@tenderlove tenderlove bumping to 3.1.7 d314a48
Commits on Aug 07, 2012
@spastorino spastorino html_escape should escape single quotes d0c9759
Commits on Aug 09, 2012
@spastorino spastorino escape select_tag :prompt values
CVE-2012-3463
b6a0a11
@spastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
63e67ea
@spastorino spastorino Add CHANGELOG entries e8d78e7
@spastorino spastorino Bump to 3.1.8 38bf9cf
Commits on Aug 15, 2012
@carlosantoniodasilva carlosantoniodasilva Add html_escape note to CHANGELOG
This was added to all other branches, but 3-1 missed the entry.

3-0-stable: 954e262
3-2-stable: ae2383d
master: 5c07be5
8181b72
@rafaelfranca rafaelfranca Remove warning when using html_escape with Ruby 1.9.
Closes #7323
4f12e3a
Commits on Aug 17, 2012
@jonleighton jonleighton Use benchmark/ips to measure AR performance
This means we can more easily compare numbers, and we don't have to
specify a single N for all reports, which previously meant that some
tests were running many more/fewer iterations than necessary.

Conflicts:
	Gemfile
	activerecord/examples/performance.rb
20d6f70
@jonleighton jonleighton Increase benchmark time to 20 seconds.
I think that 5 seconds was a bit low for our purposes.

Also enable it to be configured via env vars.

We also need to scale the number of records up/down depending on how
long we're running the benchmark for.

Conflicts:
	activerecord/examples/performance.rb
e08268b
Commits on Aug 28, 2012
@fxn fxn CHANGELOGs are now per branch
Check 810a50d for the rationale.
e6e9e56
@lifo lifo Ensure association preloading properly merges default scope and assoc…
…iation conditions
2d6d8a7
Commits on Oct 18, 2012
@rafaelfranca rafaelfranca Require ActionController::Railtie in the default middleware stack.
This will make possible to do a frameworkless initialization since the
the default middleware stack is self contained.
144d747
Commits on Dec 14, 2012
@tenderlove tenderlove test for 8018 92118e7
Commits on Dec 15, 2012
@tenderlove tenderlove do not install ruby-prof on Ruby 2.0 61776f5
@carlosantoniodasilva carlosantoniodasilva Update xml serialization tests to reflect a change in builder
Due to a change in builder, nil values now generates closed tags,
so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>

It generates this:

    <pseudonyms nil=\"true\"/>

Document this change in Rails so that people can track it down easily if
necessary.

Changes in Active Model, Active Record and Active Support tests.

Cherry-pick of d65adc7, 77dd3be and 146eaf3. Fix build.
9fc6c31
@carlosantoniodasilva carlosantoniodasilva Be a bit less conservative with mysql in adapter
This will allow the new mysql 2.9.0 to be used, fixing our test issues.
64e6e6a
Commits on Dec 23, 2012
@tenderlove tenderlove updating changelogs fbe436b
@tenderlove tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
c42f548
@tenderlove tenderlove bumping version to 3.1.9 f1e977c
Commits on Jan 08, 2013
@spastorino spastorino Avoid Rack security warning no secret provided
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
4d5f950
@tenderlove tenderlove * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …
…* dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md
7e5cc96
@jeremy jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 8133a81
@tenderlove tenderlove bumping version a7dd0bb
Commits on Jan 09, 2013
@carlosantoniodasilva carlosantoniodasilva Fix a few warnings of unused variables 86cf7d3
@sikachu sikachu Remove test for XML YAML parsing
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See 8133a81 for more detail.
3f3c35b
@carlosantoniodasilva carlosantoniodasilva Merge pull request #8835 from sikachu/3-1-stable-fix-ars
Remove test for XML YAML parsing
a97199d
@jeremy jeremy Merge pull request #5896 from sferik/revert_5861
Revert #5861. Feature-detect which MultiJson API to use.
Conflicts:
	activesupport/activesupport.gemspec

This backports multi_json version depedency changes as applied.

Rationale: #5861

Patch by sferik
7b9bab6
@rafaelfranca rafaelfranca Merge pull request #8846 from AlexRiedler/revert_5861
Backport multi_json dependency revert of #5861 to 3-1-stable
b816e8e
@carlosantoniodasilva carlosantoniodasilva Update changelogs with release dates and minor improvements [ci skip] 1b35a85
Commits on Jan 11, 2013
@dylanahsmith dylanahsmith Fix JSON params parsing regression for non-object JSON content.
Backports #8855.
c669a9c
@jeremy jeremy Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…
…params

3-1-stable: Fix JSON params parsing regression for non-object JSON content.
18b8f90
Commits on Jan 12, 2013
@pixeltrix pixeltrix Remove unnecessary caching of ParameterFilter 8b3109a
Commits on Jan 16, 2013
@floehopper floehopper Fix 3-1-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to
include Mocha bug fix.

A bug was fixed [1] in Mocha's integration with Test::Unit, but this
monkey-patching code was copied before the fix. We need to copy the
fixed version.

The bug meant that an unexpected invocation against a mock within the
teardown method caused a test *error* and not a test *failure*.

B) Fix for Test::Unit/Mocha compatibility.

Mocha is now using a single AssertionCounter which needs a reference to
the testcase as opposed to the result.

This change is an unfortunate consequence of the copying of a chunk of
Mocha's internal code in order to monkey-patch Test::Unit.

C) Avoid a Mocha deprecation warning.

[1]
freerange/mocha@f1ff647#diff-5
0591f6d
@rafaelfranca rafaelfranca Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes
Fix 3-1-stable to work with Mocha >= v0.13.0
b0a2c67
@carlosantoniodasilva carlosantoniodasilva Update mocha version to 0.13.0 and change requires
Conflicts:
	Gemfile
	railties/test/application/route_inspect_test.rb
	railties/test/generators_test.rb
ae6864e
Commits on Jan 26, 2013
@dmathieu dmathieu remove the warning when testing whiny_nil d72c25e
@kennyj kennyj Fix build. It seems that the Mocha's behavior were changed. 4ebe101
Commits on Feb 07, 2013
@dylanahsmith dylanahsmith active_record: Quote numeric values compared to string columns. 26e13c3
Commits on Feb 08, 2013
@guilleiguaran guilleiguaran Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric
[3.1] active_record: Quote numeric values compared to string columns.
ecfc26d
@robertomiranda robertomiranda Fix test failure for ruby 1.8 2372a1f
@guilleiguaran guilleiguaran Merge pull request #9226 from robertomiranda/fix-bigdecimal-test
[3.1] Fix test failure for ruby 1.8
c470941
Commits on Feb 10, 2013
@joernchen joernchen Fix issue with attr_protected where malformed input could circumvent
protection

Fixes: CVE-2013-0276
647afdb
@tenderlove tenderlove adding test for CVE b0bf30c
Commits on Feb 11, 2013
@tenderlove tenderlove bumping to 3.1.11 415bf3d
Commits on Feb 12, 2013
@carlosantoniodasilva carlosantoniodasilva Update changelogs with version/release dates [ci skip]
Also add note about attr_protected change.
16ed3d5
Commits on Feb 14, 2013
@carlosantoniodasilva carlosantoniodasilva Fix changelog typos [ci skip]
Thanks to @jmccartie.
967591b
Commits on Feb 16, 2013
@joernchen joernchen Update activemodel/CHANGELOG.md
Fixed a typo ;)
b7ee5ca
@fxn fxn Merge pull request #9309 from joernchen/patch-2
Update activemodel/CHANGELOG.md
7e90a8e
Commits on Feb 27, 2013
@steveklabnik steveklabnik Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-nu…
…meric"

This reverts commit 921a296.
2821f95
@queso queso Update gemspec to get mail 2.4 as the main version, 2.3.3 has securit…
…y issues.
d3dc2a7
Commits on Feb 28, 2013
@guilleiguaran guilleiguaran Merge pull request #9475 from queso/update-mail
Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
3f8eb4e
Commits on Mar 16, 2013
@tenderlove tenderlove stop calling to_sym when building arel nodes [CVE-2013-1854] 5ff6012
@charliesome charliesome fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] 36bcc93
@benmmurphy benmmurphy JDOM XXE Protection [CVE-2013-1856]
Conflicts:
	activesupport/test/xml_mini/jdom_engine_test.rb
a7d252b
@tenderlove tenderlove fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
735bb98
Commits on Mar 18, 2013
@tenderlove tenderlove bumping to 3.1.12 0c510c7
@sikachu sikachu Add in missing requires bd34e5c
Commits on Apr 09, 2013
@tenderlove tenderlove Merge branch '3-1-later' into 3-1-stable
* 3-1-later:
  adding test for CVE
46c26e8
Commits on Dec 01, 2013
@tenderlove tenderlove Only use valid mime type symbols as cache keys
CVE-2013-6414

Conflicts:
	actionpack/lib/action_view/lookup_context.rb
e97530f
Commits on Dec 04, 2013
@NZKoz NZKoz Escape the unit value provided to number_to_currency
Fixes CVE-2013-6415

Previously the values were trusted blindly allowing for potential XSS attacks.
6db2623
@NZKoz NZKoz Stop using i18n's built in HTML error handling.
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans.  Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.

Fixes: CVE-2013-4491

Conflicts:
	actionpack/lib/action_view/helpers/translation_helper.rb

Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
31cfb3c
@NZKoz NZKoz Deep Munge the parameters for GET and POST
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.

Fixes CVE-2013-6417

Conflicts:
	actionpack/lib/action_dispatch/http/request.rb
1c00768
@tenderlove tenderlove Merge pull request #13151 from hone/3-1-stable
Backport Rails 3.2.16 Security Fixes to Rails 3.1.x
ace0322
Commits on Feb 18, 2014
@rafaelfranca rafaelfranca Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
06cbb8a
Commits on Oct 10, 2014
@tenderlove tenderlove FileHandler should not be called for files outside the root
FileHandler#matches? should return false for files that are outside the
"root" path.

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb
	actionpack/test/dispatch/static_test.rb
9c37d8e
Commits on Nov 16, 2014
@tenderlove tenderlove correctly escape backslashes in request path globs
Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

make sure that unreadable files are also not leaked

CVE-2014-7829

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb
4dacedf