Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
Checking mergeability… Don't worry, you can still create the pull request.
Commits on Apr 17, 2010
@mislav mislav cleanup `update/reset_counters`; refactor tests ef0591e
@mislav mislav fix `reset_counters` to work even with complex class names
e.g. it guesses that a belongs_to association to Namespace::MyModel is
named "my_model", unlike before where it would look up an association
named "namespace::mymodel" and fail.
8be3e09
Commits on May 24, 2010
@mislav mislav auto_link: support arbitrary URI schemes like "ftp:" and "file:"
recognizes all URI scheme allowed characters, such as colon and period.

[#3494 state:resolved]
bd9ca9a
@mislav mislav avoid auto_linking already linked emails; more robust detection of li…
…nked URLs

References #1523  [#1862 state:resolved]  [#3591 state:resolved]

Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination with `raw`.
Let link text be automatically HTML-escaped

[#2017 state:resolved]
17b4fd2
@cainlevy cainlevy Ensure auto_link does not ignore multiple trailing punctuations
[#2504 state:resolved]
9e08e19
Commits on May 25, 2010
@fxn fxn get railties/README back to the home page of the API 2ed893b
@jeremy jeremy Bump 2-3-stable to 2.3.9 9da7ff8
@jeremy jeremy Shift SafeBuffer#concat responsibility over to rails_xss a815f0c
Commits on May 26, 2010
@spastorino spastorino removes an unneeded alias
Signed-off-by: José Valim <jose.valim@gmail.com>
b1a97a4
Commits on May 29, 2010
@NZKoz NZKoz Merge commit 'mislav/auto_link_2-3-stable' into 2-3-stable 5796a92
@NZKoz NZKoz Merge commit 'mislav/counter_cache_2-3-stable' into 2-3-stable b760d69
Andrew Don't rewrap system level exceptions with StatementInvalid
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#896 state:committed]
3d6ed50
Commits on Jun 05, 2010
@fxn fxn deprecates Array#random_element in favor of Array#sample, backported …
…from Ruby 1.9, thanks to Marc-Andre Lafortune
ed8cabc
Commits on Jun 08, 2010
@sikachu sikachu Make sure that rails recognized the full notation of IPv6 loopback ad…
…dress, and recognize 127.0.0.0/8 in IPv4

[#3257 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
0f44d37
Commits on Jun 09, 2010
@chewi chewi Don't overwrite unsaved updates when loading an association but prese…
…rve the order of the loaded records. [#4642 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
b41c3ba
@lifo lifo Fix AR perf script e4accde
Commits on Jun 18, 2010
@MasterLambaster MasterLambaster Fix test which prevents connection reset on failing and remove hardco…
…ded connection

[#4689 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
1ac00a6
Commits on Jun 19, 2010
Maxime RETY Fix Yajl backend discovery in ActiveSupport::JSON
[#4897]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
c7e875a
@chewi chewi When not overwriting unsaved updates in nested attributes, allow alre…
…ady-saved records to be refreshed.

Signed-off-by: José Valim <jose.valim@gmail.com>
08302d2
Commits on Jun 20, 2010
@sikachu sikachu Update bundled i18n gem to 0.4.1 to make sure every project will be w…
…arn about using deprecated %{..} interpolation.

This will also make sure that by changing {{..}} into %{..} won't break any Rails 2.3.x application, since it would load the vendored version if it's not satisfy the version requirement.

Signed-off-by: José Valim <jose.valim@gmail.com>
54a5088
@sikachu sikachu Change all i18n interpolations from {{...}} to %{...}
This will silent all warning if there's a i18n version 0.4.x gem install on user's machine.

[#4913 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
5ed6a84
Commits on Jun 22, 2010
@jstorimer jstorimer CookieStore should preserve the Set-Cookie header Array [#4743 state:…
…resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
85b6d79
@jeremy jeremy CI: add i18n gem e703fc1
Commits on Jun 23, 2010
@zilkey zilkey remove_column should raise an ArgumentError when no columns are passed [
#4803 state:resolved]

Signed-off-by: Michael Koziarski <michael@koziarski.com>
da93d69
@NZKoz NZKoz make text_field and hidden_field omit the value attribute if the deve…
…loper explicitly passes in :value => nil [#4839 state:resolved]

Signed-off-by: Michael Koziarski <michael@koziarski.com>

Conflicts:

	actionpack/lib/action_view/helpers/form_helper.rb
52c922f
@NZKoz NZKoz Revert "make text_field and hidden_field omit the value attribute if …
…the developer explicitly passes in :value => nil [#4839 state:reopened]"

This reverts commit 52c922f
cbf36cf
Paweł Kondzior STI should identify itself inside named_scope
[#1570 state:resovled]

Signed-off-by: José Valim <jose.valim@gmail.com>
687d7f5
@neerajdotname neerajdotname test for #1570
Signed-off-by: José Valim <jose.valim@gmail.com>
a9c69f3
@maxim maxim Fix eager loading of polymorphic has_one associations nested-included…
… under polymorphic belongs_to associations. [#3233 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
844da12
@neerajdotname neerajdotname Fragment cache not generating the proper cache key in log
[#4827 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
cc53229
@harking harking Fixes #2415 by creating a new instance of the Model when saving attri…
…butes to that model and the associated attributes already exist. Tests included. [#2415 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
7d2173e
kane quote scoped columns in validates_uniqueness_of [#4909 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
09a23d2
@neerajdotname neerajdotname fixes to the tests for patch #4909
Signed-off-by: José Valim <jose.valim@gmail.com>
549b2ad
@josevalim josevalim Use size for Ruby 1.8.6 compatibility. 68bfd8a
@fxn fxn deprecates load_(once_)paths in dependencies and app config in favor …
…of autolaod_(once_)paths
4a745ca
Commits on Jun 25, 2010
@sikachu sikachu Make sure that Rails doesn't resent session_id cookie over and over a…
…gain if it's already there [#2485 state:resolved]

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <jose.valim@gmail.com>
f8f3653
@mudge mudge Alias ActiveSupport::OrderedHash#update to ActiveSupport::OrderedHash…
….merge!

This ensures that an OrderedHash's keys are set up appropriately when using update.

[#4973 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
05defcd
Commits on Jun 26, 2010
@chaitanyav chaitanyav Add OrderedHash#invert to preserve order in ruby 1.8
Signed-off-by: José Valim <jose.valim@gmail.com>
449cf50
@josevalim josevalim Tidy up tests in previous commit since they did not assure an Ordered…
…Hash is returned (the test would pass for an array and would pass by chance for hashes).

[#4875 state:resolved]
0e9190c
Commits on Jun 27, 2010
@dolzenko dolzenko Add module_eval missing file_name and line_number args
[#4712 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
56b35af
Commits on Jun 28, 2010
@spastorino spastorino Don't store incorrect values in zones_map backport
[#4942 state:committed]

Signed-off-by: José Valim <jose.valim@gmail.com>
70af7ef
@texel texel test that unknown zones don't store mapping keys
[#4942]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Signed-off-by: José Valim <jose.valim@gmail.com>
80473e0
Commits on Jun 29, 2010
@sikachu sikachu Fix [54a5088] where the i18n gem was wrongly updated to 0.4.1.
I've tested and confirm that `2-3-stable` will use the vendored `i18n` gem if there's no `i18n` gem with version >= 0.4.1 installed

Signed-off-by: José Valim <jose.valim@gmail.com>
69c4e4c
@dtrasbo dtrasbo Only tell users that the Rails gem is missing if it's actually the ca…
…se [#2901 state:committed]

Signed-off-by: José Valim <jose.valim@gmail.com>
d0d10f5
@dtrasbo dtrasbo Deprecate ActiveRecord::Base#class_name [#379 state:committed]
Signed-off-by: José Valim <jose.valim@gmail.com>
ac42e69
@texel texel Rewrite the clause to pluck the existing value from zones_map before …
…performing a lookup. [#4942 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
78e4d88
@tenderlove tenderlove AssociationCollection#create_by_*, find_or_create_by_* work properly …
…now. [#1108 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
fad166c
Commits on Jun 30, 2010
@jberkel jberkel Backported patch from [#4762]
URL fragments should not have safe characters escaped. Ref: Appendix A,
  http://tools.ietf.org/rfc/rfc3986.txt

Signed-off-by: José Valim <jose.valim@gmail.com>
f8f4872
@chewi chewi Don't remove scheduled destroys when loading an association.
Signed-off-by: José Valim <jose.valim@gmail.com>
526f1e5
Commits on Jul 01, 2010
@tenderlove tenderlove fisting Session::AbstractStore#clear to actually clear the session. [#…
…5030 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
67e18c5
Commits on Jul 04, 2010
@josevalim josevalim Use bind instead of instance_exec cause it may be causing memory leak…
…s. Also, provide a simpler and sane implementation for scoped. [#5044 state:resolved]
bfbdeea
Commits on Jul 08, 2010
@mislav mislav add missing require to ActiveRecord "base_test.rb"
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
ba9c469
@mislav mislav test that ActiveRecord `destroy` and `destroy_all` return destroyed r…
…ecords

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2d3bc99
@gammons gammons fixes #2362, eager loading :through associations will join the :sourc…
…e model if there are :conditions

Signed-off-by: José Valim <jose.valim@gmail.com>
0963774
@metaskills metaskills Fix the #using_limitable_reflections? helper to work correctly by not…
… examining the length of an array which contains false/true, hence always passing.

Signed-off-by: José Valim <jose.valim@gmail.com>
504f7cf
@hardbap hardbap A generated plugin's test are not run by 'rake test'
Signed-off-by: José Valim <jose.valim@gmail.com>
046c900
Commits on Jul 14, 2010
@jlewallen jlewallen Set destroyed=true in opt locking's destroy [#5058 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
8298bef
@lovitt lovitt Sessions should not be created until written to and session data shou…
…ld be destroyed on reset. [#4938 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
257a29d
Commits on Jul 15, 2010
@tenderlove tenderlove fixing performance regression from 2.3.5 -> 2.3.8 7b6383f
Commits on Jul 16, 2010
@NZKoz NZKoz Only skip eager loading the code if dependency_loading is still enabled.
Otherwise rake tasks which depend on environment will get errors about missing constants.
f57ca87
@tenderlove tenderlove backporting a couple missing files. sorry folks! 4ae4828
Commits on Jul 17, 2010
@jyurek jyurek Fix for integration tests not serializing arrays in multipart forms c…
…orrectly.

Signed-off-by: wycats <wycats@gmail.com>
fb615cd
Commits on Jul 18, 2010
@tenderlove tenderlove changing fixtures back to superclass_delegating_accessor until we can…
… convert them to class_attributes
c2d13a9
@neerajdotname neerajdotname update_attribute and updated_attributes! are now wrapped in a transac…
…tion

[#922 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
99cdea7
@subbarao subbarao renaming test name to fix accidently override [#5076 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
dec2c4f
Commits on Jul 25, 2010
@spastorino spastorino Changes the usage of Object#returning with Object#tap
Signed-off-by: José Valim <jose.valim@gmail.com>
a5d8c95
@spastorino spastorino Deprecates Object#returning in favor of Object#tap
Signed-off-by: José Valim <jose.valim@gmail.com>
5b0f839
@spastorino spastorino Changelog update for Object#responding deprecation
Signed-off-by: José Valim <jose.valim@gmail.com>
6f38967
Commits on Jul 26, 2010
@spastorino spastorino Changes Object#returning with Object#tap on guides ae63d5c
@texel texel Override new on proxy objects so that they never wrap nil or false. a9ef2fd
@texel texel Test to ensure that falsy objects aren't wrapped by deprecation proxies 27651c1
Commits on Aug 01, 2010
@spastorino spastorino Makes form_helper use overriden model accessors backport 8141f08
Commits on Aug 03, 2010
@subbarao subbarao In nested_attributes when association is not loaded and association r…
…ecord is saved then in memory record attributes should be saved

[#5053 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
12bbc34
Commits on Aug 04, 2010
@fxn fxn it is no longer true that load_paths are going to be removed in final 15cafbe
Commits on Aug 10, 2010
@NZKoz NZKoz Revert "Ruby 1.9.2: explicitly raise NoMethodError for attempts at ex…
…plicit coercion"

This reverts commit 64082b3.

This change broke compatibility with 1.8.6 and was only needed for older 1.9.2 versions

Conflicts:

	activerecord/lib/active_record/attribute_methods.rb
b154b97
Commits on Aug 15, 2010
@spastorino spastorino Making time_zone_options_for_select return a html_safe string master …
…backport
43e2bbe
Commits on Aug 18, 2010
@Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
7e79889
@Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
d35a67b
Commits on Aug 20, 2010
@fxn fxn revises guides generation add3ccb
@fxn fxn restores railties/README as home page of the API 11361a9
Commits on Aug 25, 2010
@mikel mikel Make ActiveResource::InvalidRequestError more user friendly
Signed-off-by: Xavier Noria <fxn@hashref.com>
0fcb430
Commits on Aug 30, 2010
@jeremy jeremy Exclude guides from gem to keep file size small bdace5d
@jeremy jeremy Prepare for Rails 2.3.9. Release 2.3.9.pre gems. b2c9198
@mikel mikel Updating documentation on ActiveResource HTTP Mock and also adding te…
…st coverage
881712c
@mikel mikel Back porting HttpMock test from Rails 3 master 56fdfeb
@mikel mikel Adding option to ActiveResource to allow you to not reset the previou…
…sly stored requests and responses by passing false to respond_to

Backport of commit 2a1b23f851ea3d4634fc68b74fe6b1afed23d3ef on rails/master
bac12fa
Commits on Aug 31, 2010
@jeremy jeremy require 'thread' for Mutex dependency 6f17422
Commits on Sep 03, 2010
@metaskills metaskills Conversion of a two dimensional array that is ruby 1.8.6 safe. Fix pa…
…ren warnings too.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
b64d1fe
Commits on Sep 04, 2010
@jeremy jeremy Rails 2.3.9 a61a39e
Commits on Sep 08, 2010
@mislav mislav fix setting session cookie with activerecord and memcache store
Commit f8f3653 broke setting the session ID cookie for requests without 'HTTP_COOKIE' header
when using activerecord or memcache store. Integration tests didn't catch this because they
always set the HTTP_COOKIE header for mock requests, so now this is changed to only set the
header if there are cookies.

[#5581 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
c6e33d3
Commits on Sep 09, 2010
@mikel mikel Adding documentation to redirect_to and status code option references 597fb1d
@sferik sferik Fix typo in deprecation warning
Object#returning should be Kernel#returning
383ea02
@sferik sferik Add support for mysql2 adapter e8b84ab
@akaspick akaspick Fix fixtures in integration test sessions
Signed-off-by: Michael Koziarski <michael@koziarski.com>
a159fd0
Commits on Sep 10, 2010
@jeremy jeremy Ruby 1.9 compat: convert Pathname to string 761c9cd
@miloops miloops Add more examples in performance script.
[#5610 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
8c049c6
Commits on Sep 14, 2010
@loe loe Only send secure cookies over SSL. 17f2fb4
Commits on Sep 24, 2010
@colincasey colincasey Test for imposed version number as last part of gem directory name fo…
…r frozen gems

[#4295 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
f299062
@colincasey colincasey Fix for imposed version number as last part of gem directory name for…
… frozen gems

Signed-off-by: José Valim <jose.valim@gmail.com>
7240e8a
Commits on Sep 26, 2010
@akaspick akaspick memoized protected methods should remain protected
Signed-off-by: Michael Koziarski <michael@koziarski.com>
9476d62
@NZKoz NZKoz Revert "Makes form_helper use overriden model accessors backport"
This change introduced breakages and test failures.

This reverts commit 8141f08.
dbbf2fd
Commits on Sep 27, 2010
@etiennebarrie etiennebarrie Fix add_index with a symbol #4891 bc52d81
Commits on Sep 28, 2010
@rywall rywall Add test to demonstrate failure with eager loading hmt where the asso…
…ciation has an order.
515917f
@marklazz marklazz Preserving :include options for hmt association with an order but wit…
…hout conditions [#5262 state:resolved]
0665182
Commits on Sep 30, 2010
@miloops miloops Use detect instead select to avoid sh [..] command not found. 1851596
@miloops miloops Add examples to performance script that were included in version 3. 5a63df2
@marklazz marklazz Remove duplication of conditions generated for associations when used…
… in conjunction with named_scopes [#4634 state: resolved]
9b78af9
@marklazz marklazz AssociationCollection#include? working properly for objects added wit…
…h build method [#3472 state:resolved]
96c19ff
@tenderlove tenderlove fixing space errors fb526a0
Commits on Oct 04, 2010
@tenderlove tenderlove [#5406 state:resolved] calling the correct method on minitest to obta…
…in the test name
a448e74
@tenderlove tenderlove calling correct method on minitest for test name when teardown callba…
…ck fails
8beb84f
Commits on Oct 11, 2010
@gbuesing gbuesing require 'uri' in action_controller/url_rewriter [#5555 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
f2e32e4
Commits on Oct 14, 2010
@NZKoz NZKoz Revert 7d2173e which introduced a security vulnerability.
This addresses  CVE-2010-3933
96183e0
@NZKoz NZKoz Prepare for the 2.3.10 release f5ed5c3
Commits on Oct 21, 2010
@ccabot ccabot bug 1108: fix a bug with find_or_create_by and additional values
There was a bug with find_or_create_by_x introduced in 2.3.9 - if you
included extra parameters for the create() then those parameters would
confuse the find() so you'd never get to the create().  This patch
filters the parameters so we only pass to find() the subset that it's
interested in.  The code for the filtering was modelled on the code in
base.rb's method_missing().
fdfc8e3
@ccabot ccabot bug 1108: yield to block provided to find_or_create_by_x
Starting in 2.3.8 we stopped yielding to blocks passed in to
find_or_create_by_x methods.  This patch restores that behavior and
adds a case to test it.
bdfddb0
@omarqureshi omarqureshi Fix AbstractStore so that it preserves Set-Cookie header as an array,…
… rather than as newline separated strings
36b91e3
@tenderlove tenderlove removing space errors df78de2
Commits on Oct 26, 2010
@pixeltrix pixeltrix Don't create a deprecation proxy object if the variable was passed in…
… local_assigns [#1671 state:resolved]
0e52a60
Commits on Oct 27, 2010
@pixeltrix pixeltrix Don't write out secure cookies unless the request is secure 25139ac
Commits on Nov 03, 2010
@tomstuart tomstuart Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 st…
…ate:resolved]

This is a backport of dd15a3f.

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
44db47c
Commits on Nov 16, 2010
@acatighera acatighera Fix ActiveRecord calculations when grouped by multiple fields 1681ede
Commits on Dec 01, 2010
@josevalim josevalim Revert "Fix AbstractStore so that it preserves Set-Cookie header as a…
…n array, rather than as newline separated strings"

This reverts commit 36b91e3.

Conflicts:

	actionpack/test/activerecord/active_record_store_test.rb
2826324
@paukul paukul Let Rack::Utils.set_cookie_header! create the Set-Cookie header inste…
…ad of manually fiddling with the response headers [#4941 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
e0eb8e9
Commits on Dec 07, 2010
@willbryant willbryant Don't add non-new records back to the target array after loading targ…
…ets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on

Signed-off-by: Michael Koziarski <michael@koziarski.com>
0fee359
@NZKoz NZKoz Revert "In nested_attributes when association is not loaded and assoc…
…iation record is saved then in memory record attributes should be saved"

This reverts commit 12bbc34.

It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3
84465a2
Commits on Dec 19, 2010
@NZKoz NZKoz Require thread explicitly rather than relying on rubygems to do it. 6d91632
Commits on Jan 02, 2011
@mikel mikel Correcting actionmailer guide for Rails 2.3 92fd824
@mikel mikel Updating documentation on ActionMailer base to show a multipart email…
… with attachments
10ec012
Commits on Jan 09, 2011
@bluetrans-deploy bluetrans-deploy use Object#class instead of Object#type 08d94d3
Commits on Jan 10, 2011
@jeremy jeremy Revert "use Object#class instead of Object#type"
This reverts commit 08d94d3.
bc302f2
Commits on Jan 19, 2011
@jrdioko jrdioko Fix doc for #check_box [#6311 state:resolved]
Signed-off-by: Xavier Noria <fxn@hashref.com>
4f0c8ef
@jamis jamis make TestCaseTest work for pre-1.9 rubies, too 8378a44
@jamis jamis scrub instance variables from test cases on teardown
this prevents test state from accumulating, resulting in leaked
objects and slow tests due to overactive GC.
b5cf2b4
@jamis jamis rein in GC during tests by making them run (at most) once per second
this can provide a significant performance boost during testing, by
preventing the GC from running too frequently.
a0c761d
@jamis jamis Revert "rein in GC during tests by making them run (at most) once per…
… second"

This reverts commit a0c761d.
cd0ecff
@jamis jamis Revert "scrub instance variables from test cases on teardown"
This reverts commit b5cf2b4.
c545331
@jamis jamis Revert "make TestCaseTest work for pre-1.9 rubies, too"
This reverts commit 8378a44.
3afa538
Commits on Feb 01, 2011
@tenderlove tenderlove fixing invalid yaml [#4418 state:resolved]
Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
7e0f60d
Commits on Feb 08, 2011
@NZKoz NZKoz Be sure to javascript_escape the email address to prevent apostrophes…
… inadvertently causing javascript errors.

This fixes CVE-2011-0446
abe9773
@NZKoz NZKoz Change the CSRF whitelisting to only apply to get requests
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
7e86f9b
@NZKoz NZKoz Prepare for the 2.3.11 release b0c3d45
Commits on Feb 09, 2011
@tenderlove tenderlove rubygems 1.5.0 compatibility. Thanks Tim Serong abc06a2
Commits on Feb 20, 2011
@vijaydev vijaydev fix incorrect version in deprecation message
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
6c42c14
Commits on Mar 01, 2011
@robdimarco robdimarco Unit test that shows calling reset session twice results in an exception 589ce09
@robdimarco robdimarco Fixed bug 6440 by checking that destroy exists on the session 8ca8ac3
Commits on Apr 14, 2011
@gmarik gmarik respect :expire_after option
- it was broken after
[commit](e0eb8e9)
- there's also
[issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option)

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114)

Signed-off-by: José Valim <jose.valim@gmail.com>
b0be721
Commits on Apr 28, 2011
@daphonz daphonz Fixing dynamic finders on associations to properly send arguments to …
…the find_by_* method. Closes issue #330.

Commit fdfc8e3 introduced a bugfix to prevent additional values passed
to a dynamic find_or_create_by_x methods from confusing the finder.
This patch also broke the essential behavior of this method on an
association by incorrectly sending arguments to the find_by_x methods.
The finder method would always see its inputs as a single array of
values instead of individual arguments, almost guaranteeing that the
finder call would be incorrect, and that we'd always create a new
record instead.

This patch adds a splat operator to the parameter array we send along to
the dynamic finder so that it receives its inputs correctly, and
includes an additional test to ensure that repeated calls to
find_or_create_by_x only creates one new record.
9f7ff62
@josevalim josevalim Merged pull request #331 from daphonz/2-3-stable.
Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
f424efe
@josevalim josevalim Merged pull request #198 from robdimarco/2-3-stable.
Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
d793a56
Commits on May 12, 2011
@zenspider zenspider Fix stupid emacsisms. Just makes things more readable. 8d4ca9e
@zenspider zenspider Fix broken GemDependency#==. You should ALWAYS check the class! 01a9fbb
@zenspider zenspider Removed buggy GemDependency#requirement override. Overrides should NE…
…VER change the semantics of the parent (returning nil if default).
c20a4d1
@zenspider zenspider Fixed buggy gem activation. Don't pass a dependency to gem, pass the
name and requirement. Better, just activate the spec for the
dependency (1.8 only)
4c37257
@zenspider zenspider Removed the bulk of the deprecations by simply not calling refresh.
This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.
3ad5fd1
Commits on May 25, 2011
@zenspider zenspider + Switched to newer rdoc and gem package tasks (and their requires).
+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.
79aa54d
Commits on Jun 07, 2011
@tenderlove tenderlove find the spec from the source index, then activate it a2a3413
Commits on Jun 09, 2011
@bcardarella bcardarella Remove deprecation warning for ActiveRecord::Errors#generate_message.…
… This is the same API that ActiveModel ended up using and that won't be changing.
1aae5e7
Commits on Jun 16, 2011
@Antiarchitect Antiarchitect Fix OrderedHash merging with block given. b2d4142
Commits on Jun 17, 2011
@Antiarchitect Antiarchitect Added tests for OrderedHash merging with block. b1c36b7
@josevalim josevalim Merge pull request #1740 from Antiarchitect/2-3-stable
Fix OrderedHash merging with block given.
8d02083
Commits on Jul 27, 2011
@fxn fxn contrib app minor tweak 78a1fda
Commits on Aug 04, 2011
@tenderlove tenderlove we should not ignore all gems in here b132992
Commits on Aug 16, 2011
@tenderlove tenderlove adding notification for rdoc bb99aa1
@tenderlove tenderlove fixing response splitting problem 11dafea
@tenderlove tenderlove bumping to 2.3.13 dea5a10
@tenderlove tenderlove 2.3.14. yay. :'( fb1588c
@tenderlove tenderlove fixing sql injection problem 6b46d65
@tenderlove tenderlove fixing strip tags vulnerability 60f783d
@tenderlove tenderlove fixing utf8 escape vulerability e0774e4
Commits on Dec 27, 2011
@dasch dasch Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty
If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
cd2136a
Commits on Dec 29, 2011
@tenderlove tenderlove Merge pull request #4202 from dasch/request-remote-ip
Fix bug in `ActionController::Request#remote_ip`
2eb197e
Commits on Dec 31, 2011
@amatsuda amatsuda bump up rack version to the one that includes the Hash DoS fix 27a508c
@josevalim josevalim Merge pull request #4247 from amatsuda/hashdos_23
bump up rack version to the one that includes the Hash DoS fix
8fff8f0
Commits on Mar 29, 2012
@eee-c eee-c Better minimum validates_length_of examples (adapted from master). 2229a7e
@fxn fxn Merge pull request #5653 from eee-c/patch-1
Doc fixes in 2.3: validates_length_of
e8c0597
Commits on Jun 13, 2012
Justin Collins Fix SQL injection via nested hashes in conditions 62f81f4
Commits on Dec 23, 2012
@tenderlove tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
9de9b35
Commits on Jan 02, 2013
Mina Naguib Merge remote-tracking branch 'rails/2-3-stable' into 2-3-stable 9baab1f
Commits on Jan 03, 2013
@tenderlove tenderlove Merge pull request #6722 from adgear/2-3-stable
Backported rails 2.3 fix for CVE-2012-2695
5b8db45
Commits on Jan 08, 2013
@jeremy jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 70adb96
@tenderlove tenderlove bumping to 2.3.15 :cry::gun: 709af05