Skip to content
This repository
  • 247 commits
  • 288 files changed
  • 101 comments
  • 80 contributors
Apr 17, 2010
Mislav Marohnić mislav cleanup `update/reset_counters`; refactor tests ef0591e
Mislav Marohnić mislav fix `reset_counters` to work even with complex class names
e.g. it guesses that a belongs_to association to Namespace::MyModel is
named "my_model", unlike before where it would look up an association
named "namespace::mymodel" and fail.
8be3e09
May 23, 2010
Jeremy Kemper jeremy Bump 2-3-stable to 2.3.7 55e88ee
Nathan Weizenbaum nex3 Mark all raw HTML being concatted as HTML-safe.
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
48fbe7b
Nathan Weizenbaum nex3 Don't always mark the argument to #concat as HTML-safe.
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
e53791f
Nathan Weizenbaum nex3 Don't incompatibly monkeypatch ERB.
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
e3f14d1
Jeremy Kemper jeremy Fix test rendering unmarked but safe HTML ca5f5d9
Jeremy Kemper jeremy Use a non-XSS-protected output buffer for view tests ab2d7c8
Jeremy Kemper jeremy Revert "Don't always mark the argument to #concat as HTML-safe."
This reverts commit e53791f.
86f0287
Santiago Pastorino spastorino Make use of safe_concat on TextHelper concat
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
b10bf83
Jeremy Kemper jeremy rails_xss handles deprecated String html safety, when installed 3ff921a
Jeremy Kemper jeremy Move tests for deprecated String#html_safe! to plugin 60e82a3
May 24, 2010
Jeremy Kemper jeremy 2.3.7 release: fix rails_xss compatibility 326188c
Jeremy Kemper jeremy Bump 2-3-stable to 2.3.8 f97da34
Mislav Marohnić mislav auto_link: support arbitrary URI schemes like "ftp:" and "file:"
recognizes all URI scheme allowed characters, such as colon and period.

[#3494 state:resolved]
bd9ca9a
Mislav Marohnić mislav avoid auto_linking already linked emails; more robust detection of li…
…nked URLs

References #1523  [#1862 state:resolved]  [#3591 state:resolved]

Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination with `raw`.
Let link text be automatically HTML-escaped

[#2017 state:resolved]
17b4fd2
Lance Ivy cainlevy Ensure auto_link does not ignore multiple trailing punctuations
[#2504 state:resolved]
9e08e19
Jeremy Kemper jeremy Fix that captured content (e.g. with form_for or div_for) would be HT…
…ML-escaped even without the rails_xss plugin installed. Rails 2.3.7, we barely knew ya...
c66013e
Yehuda Katz wycats Give the ERB String the encoding of the original template 50b7c0c
Yehuda Katz wycats Needs to work on 1.8 too 8e6a044
Santiago Pastorino spastorino Revert "translation method of TranslationHelper module returns always…
… SafeBuffer [#4194 status:resolved]"

This reverts commit 2310aef.

Signed-off-by: José Valim <jose.valim@gmail.com>
d3da1a2
Santiago Pastorino spastorino translation method of TranslationHelper module returns a SafeBuffer A…
…rray backport

[#4675 state:committed]

Signed-off-by: José Valim <jose.valim@gmail.com>
6b0616d
Jeremy Kemper jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests
9d3bd87
Jeremy Kemper jeremy Add global gem task e5af56a
Jeremy Kemper jeremy 2.3.7.pre1: fixes HTML escaping when *not* using rails_xss 4fef5af
Santiago Pastorino spastorino translate helper method using an array is deprecated
Signed-off-by: José Valim <jose.valim@gmail.com>
4986d5e
José Valim josevalim Ensure translations work with symbols. 50f3754
Jeremy Kemper jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests (ditto for other components' tests)
e8ba526
Santiago Pastorino spastorino Error messages for asserts
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
a9032c8
Jeremy Kemper jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests (for Active Model too)
aa44914
Jeremy Kemper jeremy HTML safety: fix textarea with nil content 6a9e188
Jeremy Kemper jeremy i18n: t() handles single keys returning an Array, also f7e27bd
Santiago Pastorino spastorino SQLite: forward compatibility with future driver releases
[#4633]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
240f4e9
May 25, 2010
Xavier Noria fxn get railties/README back to the home page of the API 2ed893b
Jeremy Kemper jeremy Bump 2-3-stable to 2.3.9 9da7ff8
Jeremy Kemper jeremy Shift SafeBuffer#concat responsibility over to rails_xss a815f0c
May 26, 2010
Santiago Pastorino spastorino removes an unneeded alias
Signed-off-by: José Valim <jose.valim@gmail.com>
b1a97a4
May 29, 2010
Michael Koziarski NZKoz Merge commit 'mislav/auto_link_2-3-stable' into 2-3-stable 5796a92
Michael Koziarski NZKoz Merge commit 'mislav/counter_cache_2-3-stable' into 2-3-stable b760d69
Andrew Don't rewrap system level exceptions with StatementInvalid
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#896 state:committed]
3d6ed50
Jun 05, 2010
Xavier Noria fxn deprecates Array#random_element in favor of Array#sample, backported …
…from Ruby 1.9, thanks to Marc-Andre Lafortune
ed8cabc
Jun 08, 2010
Prem Sichanugrist sikachu Make sure that rails recognized the full notation of IPv6 loopback ad…
…dress, and recognize 127.0.0.0/8 in IPv4

[#3257 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
0f44d37
Jun 09, 2010
James Le Cuirot chewi Don't overwrite unsaved updates when loading an association but prese…
…rve the order of the loaded records. [#4642 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
b41c3ba
Jun 10, 2010
Pratik lifo Fix AR perf script e4accde
Jun 18, 2010
Alex MasterLambaster Fix test which prevents connection reset on failing and remove hardco…
…ded connection

[#4689 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
1ac00a6
Maxime RETY Fix Yajl backend discovery in ActiveSupport::JSON
[#4897]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
c7e875a
Jun 20, 2010
James Le Cuirot chewi When not overwriting unsaved updates in nested attributes, allow alre…
…ady-saved records to be refreshed.

Signed-off-by: José Valim <jose.valim@gmail.com>
08302d2
Jun 21, 2010
Prem Sichanugrist sikachu Update bundled i18n gem to 0.4.1 to make sure every project will be w…
…arn about using deprecated %{..} interpolation.

This will also make sure that by changing {{..}} into %{..} won't break any Rails 2.3.x application, since it would load the vendored version if it's not satisfy the version requirement.

Signed-off-by: José Valim <jose.valim@gmail.com>
54a5088
Prem Sichanugrist sikachu Change all i18n interpolations from {{...}} to %{...}
This will silent all warning if there's a i18n version 0.4.x gem install on user's machine.

[#4913 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
5ed6a84
Jun 22, 2010
Jesse Storimer jstorimer CookieStore should preserve the Set-Cookie header Array [#4743 state:…
…resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
85b6d79
Jeremy Kemper jeremy CI: add i18n gem e703fc1
Jun 23, 2010
Jeff Dean zilkey remove_column should raise an ArgumentError when no columns are passed [
#4803 state:resolved]

Signed-off-by: Michael Koziarski <michael@koziarski.com>
da93d69
Michael Koziarski NZKoz make text_field and hidden_field omit the value attribute if the deve…
…loper explicitly passes in :value => nil [#4839 state:resolved]

Signed-off-by: Michael Koziarski <michael@koziarski.com>

Conflicts:

	actionpack/lib/action_view/helpers/form_helper.rb
52c922f
Michael Koziarski NZKoz Revert "make text_field and hidden_field omit the value attribute if …
…the developer explicitly passes in :value => nil [#4839 state:reopened]"

This reverts commit 52c922f
cbf36cf
Paweł Kondzior STI should identify itself inside named_scope
[#1570 state:resovled]

Signed-off-by: José Valim <jose.valim@gmail.com>
687d7f5
Neeraj Singh neerajdotname test for #1570
Signed-off-by: José Valim <jose.valim@gmail.com>
a9c69f3
Maxim Chernyak aka hakunin maxim Fix eager loading of polymorphic has_one associations nested-included…
… under polymorphic belongs_to associations. [#3233 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
844da12
Neeraj Singh neerajdotname Fragment cache not generating the proper cache key in log
[#4827 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
cc53229
George Montana Harkin harking Fixes #2415 by creating a new instance of the Model when saving attri…
…butes to that model and the associated attributes already exist. Tests included. [#2415 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
7d2173e
kane quote scoped columns in validates_uniqueness_of [#4909 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
09a23d2
Neeraj Singh neerajdotname fixes to the tests for patch #4909
Signed-off-by: José Valim <jose.valim@gmail.com>
549b2ad
José Valim josevalim Use size for Ruby 1.8.6 compatibility. 68bfd8a
Jun 24, 2010
Xavier Noria fxn deprecates load_(once_)paths in dependencies and app config in favor …
…of autolaod_(once_)paths
4a745ca
Jun 25, 2010
Prem Sichanugrist sikachu Make sure that Rails doesn't resent session_id cookie over and over a…
…gain if it's already there [#2485 state:resolved]

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <jose.valim@gmail.com>
f8f3653
Paul Mucur mudge Alias ActiveSupport::OrderedHash#update to ActiveSupport::OrderedHash…
….merge!

This ensures that an OrderedHash's keys are set up appropriately when using update.

[#4973 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
05defcd
Jun 26, 2010
NagaChaitanya Vellanki chaitanyav Add OrderedHash#invert to preserve order in ruby 1.8
Signed-off-by: José Valim <jose.valim@gmail.com>
449cf50
José Valim josevalim Tidy up tests in previous commit since they did not assure an Ordered…
…Hash is returned (the test would pass for an array and would pass by chance for hashes).

[#4875 state:resolved]
0e9190c
Jun 27, 2010
Ev Dolzhenko dolzenko Add module_eval missing file_name and line_number args
[#4712 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
56b35af
Jun 28, 2010
Santiago Pastorino spastorino Don't store incorrect values in zones_map backport
[#4942 state:committed]

Signed-off-by: José Valim <jose.valim@gmail.com>
70af7ef
Leigh Caplan texel test that unknown zones don't store mapping keys
[#4942]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Signed-off-by: José Valim <jose.valim@gmail.com>
80473e0
Jun 29, 2010
Prem Sichanugrist sikachu Fix [54a5088] where the i18n gem was wrongly updated to 0.4.1.
I've tested and confirm that `2-3-stable` will use the vendored `i18n` gem if there's no `i18n` gem with version >= 0.4.1 installed

Signed-off-by: José Valim <jose.valim@gmail.com>
69c4e4c
David Trasbo dtrasbo Only tell users that the Rails gem is missing if it's actually the ca…
…se [#2901 state:committed]

Signed-off-by: José Valim <jose.valim@gmail.com>
d0d10f5
David Trasbo dtrasbo Deprecate ActiveRecord::Base#class_name [#379 state:committed]
Signed-off-by: José Valim <jose.valim@gmail.com>
ac42e69
Leigh Caplan texel Rewrite the clause to pluck the existing value from zones_map before …
…performing a lookup. [#4942 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
78e4d88
Aaron Patterson tenderlove AssociationCollection#create_by_*, find_or_create_by_* work properly …
…now. [#1108 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
fad166c
Jun 30, 2010
Jan Berkel jberkel Backported patch from [#4762]
URL fragments should not have safe characters escaped. Ref: Appendix A,
  http://tools.ietf.org/rfc/rfc3986.txt

Signed-off-by: José Valim <jose.valim@gmail.com>
f8f4872
Jul 01, 2010
James Le Cuirot chewi Don't remove scheduled destroys when loading an association.
Signed-off-by: José Valim <jose.valim@gmail.com>
526f1e5
Aaron Patterson tenderlove fisting Session::AbstractStore#clear to actually clear the session. [#…
…5030 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
67e18c5
Jul 04, 2010
José Valim josevalim Use bind instead of instance_exec cause it may be causing memory leak…
…s. Also, provide a simpler and sane implementation for scoped. [#5044 state:resolved]
bfbdeea
Jul 08, 2010
Mislav Marohnić mislav add missing require to ActiveRecord "base_test.rb"
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
ba9c469
Mislav Marohnić mislav test that ActiveRecord `destroy` and `destroy_all` return destroyed r…
…ecords

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2d3bc99
Grant Ammons gammons fixes #2362, eager loading :through associations will join the :sourc…
…e model if there are :conditions

Signed-off-by: José Valim <jose.valim@gmail.com>
0963774
Ken Collins metaskills Fix the #using_limitable_reflections? helper to work correctly by not…
… examining the length of an array which contains false/true, hence always passing.

Signed-off-by: José Valim <jose.valim@gmail.com>
504f7cf
Mike Breen hardbap A generated plugin's test are not run by 'rake test'
Signed-off-by: José Valim <jose.valim@gmail.com>
046c900
Jul 14, 2010
Jacob Lewallen jlewallen Set destroyed=true in opt locking's destroy [#5058 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
8298bef
Michael Lovitt lovitt Sessions should not be created until written to and session data shou…
…ld be destroyed on reset. [#4938 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
257a29d
Jul 15, 2010
Aaron Patterson tenderlove fixing performance regression from 2.3.5 -> 2.3.8 7b6383f
Jul 16, 2010
Michael Koziarski NZKoz Only skip eager loading the code if dependency_loading is still enabled.
Otherwise rake tasks which depend on environment will get errors about missing constants.
f57ca87
Aaron Patterson tenderlove backporting a couple missing files. sorry folks! 4ae4828
Jul 17, 2010
Jon Yurek jyurek Fix for integration tests not serializing arrays in multipart forms c…
…orrectly.

Signed-off-by: wycats <wycats@gmail.com>
fb615cd
Aaron Patterson tenderlove changing fixtures back to superclass_delegating_accessor until we can…
… convert them to class_attributes
c2d13a9
Jul 18, 2010
Neeraj Singh neerajdotname update_attribute and updated_attributes! are now wrapped in a transac…
…tion

[#922 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
99cdea7
Subba Rao Pasupuleti subbarao renaming test name to fix accidently override [#5076 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
dec2c4f
Jul 25, 2010
Santiago Pastorino spastorino Changes the usage of Object#returning with Object#tap
Signed-off-by: José Valim <jose.valim@gmail.com>
a5d8c95
Santiago Pastorino spastorino Deprecates Object#returning in favor of Object#tap
Signed-off-by: José Valim <jose.valim@gmail.com>
5b0f839
Santiago Pastorino spastorino Changelog update for Object#responding deprecation
Signed-off-by: José Valim <jose.valim@gmail.com>
6f38967
Santiago Pastorino spastorino Changes Object#returning with Object#tap on guides ae63d5c
Jul 26, 2010
Leigh Caplan texel Override new on proxy objects so that they never wrap nil or false. a9ef2fd
Leigh Caplan texel Test to ensure that falsy objects aren't wrapped by deprecation proxies 27651c1
Aug 01, 2010
Santiago Pastorino spastorino Makes form_helper use overriden model accessors backport 8141f08
Aug 03, 2010
Subba Rao Pasupuleti subbarao In nested_attributes when association is not loaded and association r…
…ecord is saved then in memory record attributes should be saved

[#5053 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
12bbc34
Aug 05, 2010
Xavier Noria fxn it is no longer true that load_paths are going to be removed in final 15cafbe
Aug 11, 2010
Michael Koziarski NZKoz Revert "Ruby 1.9.2: explicitly raise NoMethodError for attempts at ex…
…plicit coercion"

This reverts commit 64082b3.

This change broke compatibility with 1.8.6 and was only needed for older 1.9.2 versions

Conflicts:

	activerecord/lib/active_record/attribute_methods.rb
b154b97
Aug 15, 2010
Santiago Pastorino spastorino Making time_zone_options_for_select return a html_safe string master …
…backport
43e2bbe
Aug 18, 2010
Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
7e79889
Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
d35a67b
Aug 20, 2010
Xavier Noria fxn revises guides generation add3ccb
Xavier Noria fxn restores railties/README as home page of the API 11361a9
Aug 25, 2010
Mikel Lindsaar mikel Make ActiveResource::InvalidRequestError more user friendly
Signed-off-by: Xavier Noria <fxn@hashref.com>
0fcb430
Aug 29, 2010
Jeremy Kemper jeremy Exclude guides from gem to keep file size small bdace5d
Jeremy Kemper jeremy Prepare for Rails 2.3.9. Release 2.3.9.pre gems. b2c9198
Mikel Lindsaar mikel Updating documentation on ActiveResource HTTP Mock and also adding te…
…st coverage
881712c
Mikel Lindsaar mikel Back porting HttpMock test from Rails 3 master 56fdfeb
Mikel Lindsaar mikel Adding option to ActiveResource to allow you to not reset the previou…
…sly stored requests and responses by passing false to respond_to

Backport of commit 2a1b23f on rails/master
bac12fa
Aug 31, 2010
Jeremy Kemper jeremy require 'thread' for Mutex dependency 6f17422
Sep 03, 2010
Ken Collins metaskills Conversion of a two dimensional array that is ruby 1.8.6 safe. Fix pa…
…ren warnings too.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
b64d1fe
Sep 04, 2010
Jeremy Kemper jeremy Rails 2.3.9 a61a39e
Sep 08, 2010
Mislav Marohnić mislav fix setting session cookie with activerecord and memcache store
Commit f8f3653 broke setting the session ID cookie for requests without 'HTTP_COOKIE' header
when using activerecord or memcache store. Integration tests didn't catch this because they
always set the HTTP_COOKIE header for mock requests, so now this is changed to only set the
header if there are cookies.

[#5581 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
c6e33d3
Sep 09, 2010
Mikel Lindsaar mikel Adding documentation to redirect_to and status code option references 597fb1d
Sep 10, 2010
Erik Michaels-Ober sferik Fix typo in deprecation warning
Object#returning should be Kernel#returning
383ea02
Erik Michaels-Ober sferik Add support for mysql2 adapter e8b84ab
Andrew Kaspick akaspick Fix fixtures in integration test sessions
Signed-off-by: Michael Koziarski <michael@koziarski.com>
a159fd0
Jeremy Kemper jeremy Ruby 1.9 compat: convert Pathname to string 761c9cd
Emilio Tagua miloops Add more examples in performance script.
[#5610 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
8c049c6
Sep 14, 2010
W. Andrew Loe III loe Only send secure cookies over SSL. 17f2fb4
Sep 24, 2010
Colin Casey colincasey Test for imposed version number as last part of gem directory name fo…
…r frozen gems

[#4295 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
f299062
Colin Casey colincasey Fix for imposed version number as last part of gem directory name for…
… frozen gems

Signed-off-by: José Valim <jose.valim@gmail.com>
7240e8a
Sep 27, 2010
Andrew Kaspick akaspick memoized protected methods should remain protected
Signed-off-by: Michael Koziarski <michael@koziarski.com>
9476d62
Michael Koziarski NZKoz Revert "Makes form_helper use overriden model accessors backport"
This change introduced breakages and test failures.

This reverts commit 8141f08.
dbbf2fd
Étienne Barrié etiennebarrie Fix add_index with a symbol #4891 bc52d81
Sep 28, 2010
Ryan Wallace rywall Add test to demonstrate failure with eager loading hmt where the asso…
…ciation has an order.
515917f
marklazz marklazz Preserving :include options for hmt association with an order but wit…
…hout conditions [#5262 state:resolved]
0665182
Sep 30, 2010
Emilio Tagua miloops Use detect instead select to avoid sh [..] command not found. 1851596
Emilio Tagua miloops Add examples to performance script that were included in version 3. 5a63df2
marklazz marklazz Remove duplication of conditions generated for associations when used…
… in conjunction with named_scopes [#4634 state: resolved]
9b78af9
marklazz marklazz AssociationCollection#include? working properly for objects added wit…
…h build method [#3472 state:resolved]
96c19ff
Aaron Patterson tenderlove fixing space errors fb526a0
Oct 04, 2010
Aaron Patterson tenderlove [#5406 state:resolved] calling the correct method on minitest to obta…
…in the test name
a448e74
Aaron Patterson tenderlove calling correct method on minitest for test name when teardown callba…
…ck fails
8beb84f
Oct 12, 2010
Geoff Buesing gbuesing require 'uri' in action_controller/url_rewriter [#5555 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
f2e32e4
Oct 15, 2010
Michael Koziarski NZKoz Revert 7d2173e which introduced a security vulnerability.
This addresses  CVE-2010-3933
96183e0
Michael Koziarski NZKoz Prepare for the 2.3.10 release f5ed5c3
Oct 20, 2010
Toby Cabot ccabot bug 1108: fix a bug with find_or_create_by and additional values
There was a bug with find_or_create_by_x introduced in 2.3.9 - if you
included extra parameters for the create() then those parameters would
confuse the find() so you'd never get to the create().  This patch
filters the parameters so we only pass to find() the subset that it's
interested in.  The code for the filtering was modelled on the code in
base.rb's method_missing().
fdfc8e3
Toby Cabot ccabot bug 1108: yield to block provided to find_or_create_by_x
Starting in 2.3.8 we stopped yielding to blocks passed in to
find_or_create_by_x methods.  This patch restores that behavior and
adds a case to test it.
bdfddb0
Oct 21, 2010
Omar Qureshi omarqureshi Fix AbstractStore so that it preserves Set-Cookie header as an array,…
… rather than as newline separated strings
36b91e3
Aaron Patterson tenderlove removing space errors df78de2
Oct 26, 2010
Andrew White pixeltrix Don't create a deprecation proxy object if the variable was passed in…
… local_assigns [#1671 state:resolved]
0e52a60
Oct 27, 2010
Andrew White pixeltrix Don't write out secure cookies unless the request is secure 25139ac
Nov 03, 2010
Tom Stuart tomstuart Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 st…
…ate:resolved]

This is a backport of dd15a3f.

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
44db47c
Nov 16, 2010
Alexandru Catighera acatighera Fix ActiveRecord calculations when grouped by multiple fields 1681ede
Dec 01, 2010
José Valim josevalim Revert "Fix AbstractStore so that it preserves Set-Cookie header as a…
…n array, rather than as newline separated strings"

This reverts commit 36b91e3.

Conflicts:

	actionpack/test/activerecord/active_record_store_test.rb
2826324
Pascal Friederich paukul Let Rack::Utils.set_cookie_header! create the Set-Cookie header inste…
…ad of manually fiddling with the response headers [#4941 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
e0eb8e9
Dec 08, 2010
Will Bryant willbryant Don't add non-new records back to the target array after loading targ…
…ets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on

Signed-off-by: Michael Koziarski <michael@koziarski.com>
0fee359
Michael Koziarski NZKoz Revert "In nested_attributes when association is not loaded and assoc…
…iation record is saved then in memory record attributes should be saved"

This reverts commit 12bbc34.

It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3
84465a2
Dec 20, 2010
Michael Koziarski NZKoz Require thread explicitly rather than relying on rubygems to do it. 6d91632
Jan 02, 2011
Mikel Lindsaar mikel Correcting actionmailer guide for Rails 2.3 92fd824
Mikel Lindsaar mikel Updating documentation on ActionMailer base to show a multipart email…
… with attachments
10ec012
Jan 09, 2011
bluetrans-deploy bluetrans-deploy use Object#class instead of Object#type 08d94d3
Jan 10, 2011
Jeremy Kemper jeremy Revert "use Object#class instead of Object#type"
This reverts commit 08d94d3.
bc302f2
Jan 19, 2011
jrdioko jrdioko Fix doc for #check_box [#6311 state:resolved]
Signed-off-by: Xavier Noria <fxn@hashref.com>
4f0c8ef
Jamis Buck jamis make TestCaseTest work for pre-1.9 rubies, too 8378a44
Jamis Buck jamis scrub instance variables from test cases on teardown
this prevents test state from accumulating, resulting in leaked
objects and slow tests due to overactive GC.
b5cf2b4
Jamis Buck jamis rein in GC during tests by making them run (at most) once per second
this can provide a significant performance boost during testing, by
preventing the GC from running too frequently.
a0c761d
Jamis Buck jamis Revert "rein in GC during tests by making them run (at most) once per…
… second"

This reverts commit a0c761d.
cd0ecff
Jamis Buck jamis Revert "scrub instance variables from test cases on teardown"
This reverts commit b5cf2b4.
c545331
Jamis Buck jamis Revert "make TestCaseTest work for pre-1.9 rubies, too"
This reverts commit 8378a44.
3afa538
Feb 01, 2011
Aaron Patterson tenderlove fixing invalid yaml [#4418 state:resolved]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
7e0f60d
Feb 09, 2011
Michael Koziarski NZKoz Be sure to javascript_escape the email address to prevent apostrophes…
… inadvertently causing javascript errors.

This fixes CVE-2011-0446
abe9773
Michael Koziarski NZKoz Change the CSRF whitelisting to only apply to get requests
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
7e86f9b
Michael Koziarski NZKoz Prepare for the 2.3.11 release b0c3d45
Aaron Patterson tenderlove rubygems 1.5.0 compatibility. Thanks Tim Serong abc06a2
Feb 20, 2011
Vijay Dev vijaydev fix incorrect version in deprecation message
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
6c42c14
Feb 28, 2011
Rob Di Marco robdimarco Unit test that shows calling reset session twice results in an exception 589ce09
Rob Di Marco robdimarco Fixed bug 6440 by checking that destroy exists on the session 8ca8ac3
Apr 14, 2011
gmarik respect :expire_after option
- it was broken after
[commit](e0eb8e9)
- there's also
[issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option)

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114)

Signed-off-by: José Valim <jose.valim@gmail.com>
b0be721
Apr 27, 2011
Casey Dreier daphonz Fixing dynamic finders on associations to properly send arguments to …
…the find_by_* method. Closes issue #330.

Commit fdfc8e3 introduced a bugfix to prevent additional values passed
to a dynamic find_or_create_by_x methods from confusing the finder.
This patch also broke the essential behavior of this method on an
association by incorrectly sending arguments to the find_by_x methods.
The finder method would always see its inputs as a single array of
values instead of individual arguments, almost guaranteeing that the
finder call would be incorrect, and that we'd always create a new
record instead.

This patch adds a splat operator to the parameter array we send along to
the dynamic finder so that it receives its inputs correctly, and
includes an additional test to ensure that repeated calls to
find_or_create_by_x only creates one new record.
9f7ff62
Apr 28, 2011
José Valim josevalim Merged pull request #331 from daphonz/2-3-stable.
Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
f424efe
José Valim josevalim Merged pull request #198 from robdimarco/2-3-stable.
Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
d793a56
May 12, 2011
Ryan Davis zenspider Fix stupid emacsisms. Just makes things more readable. 8d4ca9e
Ryan Davis zenspider Fix broken GemDependency#==. You should ALWAYS check the class! 01a9fbb
Ryan Davis zenspider Removed buggy GemDependency#requirement override. Overrides should NE…
…VER change the semantics of the parent (returning nil if default).
c20a4d1
Ryan Davis zenspider Fixed buggy gem activation. Don't pass a dependency to gem, pass the
name and requirement. Better, just activate the spec for the
dependency (1.8 only)
4c37257
Ryan Davis zenspider Removed the bulk of the deprecations by simply not calling refresh.
This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.
3ad5fd1
May 25, 2011
Ryan Davis zenspider + Switched to newer rdoc and gem package tasks (and their requires).
+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.
79aa54d
Jun 06, 2011
Aaron Patterson tenderlove find the spec from the source index, then activate it a2a3413
Jun 09, 2011
Brian Cardarella bcardarella Remove deprecation warning for ActiveRecord::Errors#generate_message.…
… This is the same API that ActiveModel ended up using and that won't be changing.
1aae5e7
Jun 16, 2011
Andrey Voronkov Antiarchitect Fix OrderedHash merging with block given. b2d4142
Andrey Voronkov Antiarchitect Added tests for OrderedHash merging with block. b1c36b7
Jun 17, 2011
José Valim josevalim Merge pull request #1740 from Antiarchitect/2-3-stable
Fix OrderedHash merging with block given.
8d02083
Jul 27, 2011
Xavier Noria fxn contrib app minor tweak 78a1fda
Aug 04, 2011
Aaron Patterson tenderlove we should not ignore all gems in here b132992
Aug 16, 2011
Aaron Patterson tenderlove adding notification for rdoc bb99aa1
Aaron Patterson tenderlove fixing response splitting problem 11dafea
Aaron Patterson tenderlove bumping to 2.3.13 dea5a10
Aaron Patterson tenderlove 2.3.14. yay. :'( fb1588c
Aaron Patterson tenderlove fixing sql injection problem 6b46d65
Aaron Patterson tenderlove fixing strip tags vulnerability 60f783d
Aaron Patterson tenderlove fixing utf8 escape vulerability e0774e4
Dec 27, 2011
Daniel Schierbeck dasch Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty
If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
cd2136a
Dec 29, 2011
Aaron Patterson tenderlove Merge pull request #4202 from dasch/request-remote-ip
Fix bug in `ActionController::Request#remote_ip`
2eb197e
Dec 31, 2011
Akira Matsuda amatsuda bump up rack version to the one that includes the Hash DoS fix 27a508c
José Valim josevalim Merge pull request #4247 from amatsuda/hashdos_23
bump up rack version to the one that includes the Hash DoS fix
8fff8f0
Mar 29, 2012
Chris Strom eee-c Better minimum validates_length_of examples (adapted from master). 2229a7e
Xavier Noria fxn Merge pull request #5653 from eee-c/patch-1
Doc fixes in 2.3: validates_length_of
e8c0597
Jun 13, 2012
Justin Collins Fix SQL injection via nested hashes in conditions 62f81f4
Dec 23, 2012
Aaron Patterson tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
9de9b35
Jan 02, 2013
Mina Naguib Merge remote-tracking branch 'rails/2-3-stable' into 2-3-stable 9baab1f
Aaron Patterson tenderlove Merge pull request #6722 from adgear/2-3-stable
Backported rails 2.3 fix for CVE-2012-2695
5b8db45
Jan 08, 2013
Jeremy Kemper jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 70adb96
Aaron Patterson tenderlove bumping to 2.3.15 :cry::gun: 709af05
Jan 17, 2013
Jeremy Kemper jeremy Revert "bump up rack version to the one that includes the Hash DoS fix"
Rack 1.1.3 also changes the Set-Cookie header to expects a
newline-delimited string instead of an Array, which breaks Rails 2.3's
expectations in a variety of ways.

This reverts commit 27a508c.

Conflicts:
	actionpack/Rakefile
28cfd79
Jan 20, 2013
Ernie Miller ernie Fix for CVE-2013-0155 7763f39
Jan 22, 2013
John F. Douthat johndouthat Add gemspecs for bundler 06b33a8
Steve Klabnik steveklabnik Merge pull request #9030 from johndouthat/2-3-stable
Add .gemspec files to 2-3-stable to help Bundler
3b75781
Jan 24, 2013
Aaron Patterson tenderlove fixing load error messages 3dc0cd3
Santiago Pastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba
cf48c9c
Aaron Patterson tenderlove Squashed commit of the following:
commit 9ef905f
Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
Date:   Tue Aug 7 22:38:40 2012 -0300

    Fix tests about single quote escaping

commit 780a718
Author: Santiago Pastorino <santiago@wyeworks.com>
Date:   Tue Jul 31 22:25:54 2012 -0300

    html_escape should escape single quotes

    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215

    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb
d549df7
Aaron Patterson tenderlove backporting deep_munge 61eed87
Aaron Patterson tenderlove removing [nil] from the params ac94515
Jan 28, 2013
Michael Koziarski NZKoz Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
bd6dee9
Aaron Patterson tenderlove bumping version 1169552
pietro pietro Bump version on gemspecs too. 40fdc15
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #9099 from pietro/2-3-gemspec-bump
Bump version on 2.3 gemspecs too.
d868a80
Feb 02, 2013
Morgan Currie morgancurrie use the decimal HTML escape code for single quotes instead of the hex…
… one so webkit-based browsers properly translate the code in form fields
88331c5
Rafael Mendonça França rafaelfranca Fix the tests related with single quotes being escaped
Closes #9144
Fixes #9145
c774a46
Feb 05, 2013
Kelly Stannard kwstannard Docs: Fixed bad exists? documentation.
Base#exists? does not actually take options like finder methods. Trying
to use what the documentation suggests will return a PG error because it
will look for a column named 'conditions'.

I changed the documentation to reflect how the exists? method actually
works.
d61f83d
Feb 06, 2013
Xavier Noria fxn Merge pull request #9194 from kwstannard/2-3-stable
Docs: Fixed bad exists? documentation.
2e4aa39
Feb 09, 2013
Aaron Patterson tenderlove fixing attr_protected CVE-2013-0276 9a48f4c
Aaron Patterson tenderlove adding test for CVE f8a2ec2
Feb 10, 2013
Tobias Kraze kratob fix serialization vulnerability 5cfe833
Aaron Patterson tenderlove bumping to 2.3.17 02d553d
Feb 11, 2013
David Silva Davidslv Update activesupport/lib/active_support/core_ext/time/calculations.rb
Just maintaining the coherence with other methods, since everything has "at_" as prefix.
41cf359
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #9251 from Davidslv/patch-1
Add alias to maintain coherence with other methods, in end_of_day
d6adcb4
Carlos Antonio da Silva carlosantoniodasilva Revert "Merge pull request #9251 from Davidslv/patch-1"
This reverts commit d6adcb4, reversing
changes made to 2e4aa39.

Reason: merged to unmaintained branch.
ae61bf4
Aaron Patterson tenderlove Merge branch '2-3-sec' into 2-3-stable
* 2-3-sec:
  bumping to 2.3.17
  fix serialization vulnerability
  fixing attr_protected CVE-2013-0276
1737f94
Feb 16, 2013
Xavier Noria fxn Revert "Switched to newer rdoc and gem package tasks (and their requi…
…res)."

This is a manual revert of commit 79aa54d, since the commit itself touches
in addition some version numbers.

API generation before Rails 3 uses the Jamis template, which requires an
old version of RDoc. To generate the API you need Rake 0.8.x or 0.9.x,
and the RDoc distributed with 1.8.7 (version 1.0.1).
dad3109
Mar 15, 2013
Aaron Patterson tenderlove stop calling to_sym when building arel nodes [CVE-2013-1854] ef9f053
Charlie Somerville charliesome fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
f67851a
Aaron Patterson tenderlove fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
	actionpack/test/controller/html-scanner/sanitizer_test.rb
10f0e6f
Mar 18, 2013
Aaron Patterson tenderlove Revert "Revert "Switched to newer rdoc and gem package tasks (and the…
…ir requires).""

I can't build the gems without reverting this commit.

This reverts commit dad3109.
af7da4d
Aaron Patterson tenderlove bumping to 2.3.18 3773c2f
Apr 04, 2013
Xavier Noria fxn Revert "Revert "Revert "Switched to newer rdoc and gem package tasks …
…(and their requires)."""

We need an old RDoc to be able to generate the API.

This reverts commit af7da4d.
b662deb
Xavier Noria fxn enforces rake 0.8.0 in the Rakefile 3229a51
Xavier Noria fxn removes the obsolete task pdoc c1def53
Xavier Noria fxn typo 08d83a9
Apr 09, 2013
Aaron Patterson tenderlove Merge branch '2-3-later' into 2-3-stable
* 2-3-later:
  adding test for CVE
4d47885
Apr 22, 2013
Xavier Noria fxn allow the branch to be managed with a modern rake 89322cd