Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: rails/rails
...
head fork: rails/rails
This comparison is big! We're only showing the most recent 250 commits
Commits on Jul 08, 2011
Tomas D'Stefano Destroy association habtm record before destroying the record itself.…
… Fixes issue #402.
28f057c
Commits on Jul 11, 2011
Thong Kuah kuahyeow Fix for 3-0-stable - Conditions specified on through association shou…
…ldn't clobber asssociation join condition.

This fix refactors processing of association join conditions so that both the join condition and the custom condition will be used when called by query_methods.rb, which expects a 1 or 2-sized array (depending on the type of association). Previously, a custom condition specified would create a 2 or 3-sized array which will clobber the association join condition.
caec639
Jon Leighton jonleighton Merge pull request #1797 from kuahyeow/3-0-stable
Through association condition clobbers join condition
fc4bce1
Commits on Jul 12, 2011
Aaron Patterson tenderlove Merge pull request #1607 from bradrobertson/pg_adapter
fix table_exists? in postgresql adapter to always use current search_path
9a4d2b2
Commits on Jul 15, 2011
Lauri Hahne lhahne fixed CacheHelper to properly support html_safe output buffers c476a6b
Commits on Jul 16, 2011
Evan Light elight Fixes #2064
Backport of cache_key fix from master
b1b5d18
Santiago Pastorino spastorino Merge pull request #2064 from elight/3-0-stable
Backports cache_key fix from master
247a50b
M. Daniel Dyba dyba Changed Commands module to RailsCommands.
This is to avoid a conflict that occurs when you add Rake to
your Gemfile. There is a Commands Object in Rake that conflicts
with the Commands module in plugin.rb. See rails issue #1866.
c2d3a43
Commits on Jul 17, 2011
Lauri Hahne lhahne Added tests for the output_buffer returned by CacheHelper
The output_buffer returned by CacheHelper should be html_safe if the original buffer is html_safe.
bc5ccd0
Lauri Hahne lhahne made sure that the possible new output_buffer created by CacheHelper …
…is of the same type as the original
39a4f67
Prem Sichanugrist sikachu Fix a wrong assertion on url_helper_test, and refactor `html_safe` te…
…st to be in its method
2cb29fa
Santiago Pastorino spastorino Merge pull request #2047 from sikachu/3-0-stable-test_fix
Fix a wrong assertion on url_helper_test, and add missing `#html_safe?` a
1220b16
Commits on Jul 18, 2011
M. Daniel Dyba dyba Substituted RailsCommands for Rails::Commands 71c010d
Jesse Storimer jstorimer Ensure that status codes are logged properly
Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue
so that status codes rendered from rescue_from blocks are logged
properly.
5e64538
Santiago Pastorino spastorino Merge pull request #2134 from jstorimer/ensure-status-codes-are-logge…
…d-properly-3-0-stable

Ensure status codes are logged properly (for 3-0-stable)
a6139b9
Josh Kalderimis joshk This fixes an issue when bundling to a local path (eg. /vendor/bundle).
If you bundle to a local path bundler is not included in it, so
calling "gem 'bundler'" will fail.

Conflicts:

	load_paths.rb
9ade587
Josh Kalderimis joshk Added a .travis.yml config and travis specific ci script.
Don't install ruby-debug if running the test suite on Travis,
linecache19 is the main offender, very very slow.

And do not install pg if Travis is bundling the gems, pg will be setup
on Travis soon.

Conflicts:

	Gemfile
047b979
Commits on Jul 21, 2011
Xavier Noria fxn I actually love well-formed Gemfiles 80b1f9e
Commits on Jul 22, 2011
Karunakar (Ruby) Karunakar Duplicate tests removed. bd804d7
Santiago Pastorino spastorino Merge pull request #2183 from castlerock/3-0-stable-duplicate_test
3 0 stable duplicate test
c39bd5f
Commits on Jul 23, 2011
Arun Agrawal arunagw fixed task for rake test:uncommitted b490fd8
Santiago Pastorino spastorino Merge pull request #2205 from arunagw/test_un_3_0_stable
rake test:uncommitted for 3-0-stable
19d9689
Commits on Jul 24, 2011
Santiago Pastorino spastorino Merge pull request #2080 from lhahne/3-0-stable
Fix improper detection and handling of html_safe buffer in CacheHelper
eead13f
Commits on Jul 25, 2011
Arun Agrawal arunagw Fix rake rails:template to tell user to pass LOCATION variable. edfcf47
Santiago Pastorino spastorino Merge pull request #2249 from arunagw/rake_template_path_fix
Rake template path fix
56c663b
Commits on Jul 26, 2011
Josh Kalderimis joshk enable Travis CI irc notifications to #rails-contrib on irc.freenode.org 64c269a
Santiago Pastorino spastorino Merge pull request #2289 from joshk/3-0-stable
More Irc notifications (from Travis with love, again)
e18e896
Santiago Pastorino spastorino Remove cruise files 43e6f82
Commits on Jul 27, 2011
Xavier Noria fxn contrib app minor tweak e93cff8
Commits on Jul 28, 2011
Akira Matsuda amatsuda callback methods are Class methods a8aa666
Santiago Pastorino spastorino Merge pull request #2320 from amatsuda/callback_deprecation_message
callback methods are Class methods
a33fe79
Commits on Jul 29, 2011
Aaron Patterson tenderlove dump IO encoding value along with schema.rb so the file can be reload…
…ed. fixes #1592
6c0beb5
Bhavin bhavinkamani fix connection not established error while running rake task
db:schema:dump
5d7ed7a
Aaron Patterson tenderlove default writing the schema file as utf-8 3676af4
Aaron Patterson tenderlove updating changelog with schema.rb changes 6631abd
Aaron Patterson tenderlove delay backtrace scrubbing until we actually raise an exception. fixes #… b9f6798
Aaron Patterson tenderlove updating the CHANGELOG 553d9ea
Commits on Jul 31, 2011
Arun Agrawal arunagw skiping magic comment test. checking encoding_aware?
Loading AS encoding.
b0334db
Santiago Pastorino spastorino Merge pull request #2374 from arunagw/30_schema_dumper_test_fix
3-0-stable schema dumper test fix
cb36585
Vijay Dev vijaydev fixes #2368. rake about not showing the middleware, db adapter and db…
… schema version
773d219
Santiago Pastorino spastorino Merge pull request #2381 from vijaydev/rakeaboutfix3.0
Fix #2368 (3-0-stable)
564d39e
Commits on Aug 01, 2011
Santiago Pastorino spastorino Merge pull request #2393 from bdurand/fix_cache_read_multi
Fix ArgumentError in ActiveSupport::Cache::CacheStore.read_multi
a173bb3
Commits on Aug 03, 2011
Jon Leighton jonleighton Quote these dates to prevent intermittent test failure. Suppose local…
… time is 00:50 GMT+1. Without the quoting, the YAML parser would parse this as 00:50 UTC, into the local time of 01:50 GMT+1. Then, it would get written into the database in local time as 01:50. When it came back out the UTC date from the database and the UTC date of two weeks ago would be compared. The former would be 23:50, and the latter would be 00:50, so the two dates would differ, causing the assertion to fail. Quoting it prevents the YAML parser from getting involved.
e42c544
Commits on Aug 04, 2011
Aaron Patterson tenderlove we should not ignore all gems in here df6b1e2
Aaron Patterson tenderlove updating CHANGELOGs f54d0cf
Commits on Aug 05, 2011
Xavier Noria fxn backports doc fix 9f9446f e0b0da2
Aaron Patterson tenderlove more changelog updates 9d17458
Aaron Patterson tenderlove bumping to 3.0.10.rc1 521c9aa
Commits on Aug 06, 2011
Santiago Pastorino spastorino Merge pull request #2450 from guilleiguaran/activesupport-gzip-1.8
Fix ActiveSupport::Gzip under Ruby 1.8.7. Closes #2416
65a648b
Commits on Aug 08, 2011
Jason Weathered jasoncodes Fix marshal round-tripping of fractional seconds (Time#subsec). 1f63606
Commits on Aug 11, 2011
Gonzalo Rodriguez and Leonardo Capillera Remove 'parameters_for_url' from 'form_tag' method signature 11f6531
Santiago Pastorino spastorino Merge pull request #2494 from grzuy/3-0-stable
Porting changes on form_tag method signature to 3-0-stable
f45c372
Commits on Aug 15, 2011
Jon Leighton jonleighton Update travis config on @joshk's instructions 4c8a211
Commits on Aug 16, 2011
Aaron Patterson tenderlove Properly escape glob characters. e0c03f8
Aaron Patterson tenderlove prevent sql injection attacks by escaping quotes in column names fb4747b
Aaron Patterson tenderlove Tags with invalid names should also be stripped in order to prevent
XSS attacks.  Thanks Sascha Depold for the report.
3480d97
Aaron Patterson tenderlove properly subsituting bad utf8 characters b45dfc7
Aaron Patterson tenderlove bumping rails to 3.0.10 4f15f39
Aaron Patterson tenderlove Merge branch '3-0-10' into 3-0-stable
* 3-0-10:
  bumping rails to 3.0.10
  properly subsituting bad utf8 characters
  Tags with invalid names should also be stripped in order to prevent XSS attacks.  Thanks Sascha Depold for the report.
  prevent sql injection attacks by escaping quotes in column names
  Properly escape glob characters.
  bumping to 3.0.10.rc1
  more changelog updates
  updating CHANGELOGs
0b37704
Commits on Aug 21, 2011
José Valim josevalim Edited .travis.yml via GitHub 0ebdef2
Commits on Aug 22, 2011
Santiago Pastorino spastorino Merge pull request #2524 from JonathonMA/fix_ecd37084b28a05f05251
Use mysql_creation_options inside rescue block
c8ec8f7
Commits on Aug 23, 2011
Aaron Patterson tenderlove Merge pull request #1995 from guilleiguaran/prototype-ujs-fix
Prototype rails.js fixes for 3-0-stable
d7d0c25
Commits on Aug 30, 2011
Arun Agrawal arunagw MySQL2 Bump to 0.2.13 941a9d0
Aaron Patterson tenderlove Merge pull request #2744 from arunagw/mysql2_bump
Mysql2 bump
0195846
Commits on Aug 31, 2011
Aaron Patterson tenderlove use String#start_with? rather than creating regexps or comparing char…
…acter values
b550ecc
Commits on Sep 01, 2011
Aaron Patterson tenderlove * Psych errors with poor yaml formatting are proxied. Fixes #2645, #2731
f2aa46b
Commits on Sep 04, 2011
Santiago Pastorino spastorino * is not allowed in windows file names. Closes #2574 #2847 59a64a8
Commits on Sep 07, 2011
Andrew Kaspick akaspick fix assert_select_email to work on non-multipart emails as well as co…
…nverting the Mail::Body to a string to prevent errors.
8094d29
Andrew Kaspick akaspick assert_select_email entry cf0ea79
Andrew Kaspick akaspick fix exists? to return false if passed nil (which may come from a miss…
…ing URL param)
15dcdf6
Andrew Kaspick akaspick entry for fixing exists? 3e00e49
Jon Leighton jonleighton Merge pull request #2919 from akaspick/exists_fix_3_0
fix exists? to return false if passed nil (backport to 3-0-stable)
9ef9f98
Andrew Kaspick akaspick more descriptive CHANGELOG entry c7f3429
Jon Leighton jonleighton Merge pull request #2918 from akaspick/assert_select_email_fix_3_0
assert_select_email fix for 3-0-stable
3a3344a
Dmitriy Kiriyenko dmitriy-kiriyenko Do not use default_scope in ActiveRecord::Persistence#touch. 4364157
Dmitriy Kiriyenko dmitriy-kiriyenko This way asserting that updated_at was changed in touch look more obv…
…ious.
d93213f
Sergio Gil Pérez de la Manga porras Update changelog for 'Backport "ActiveRecord::Persistence#touch shoul…
…d not use default_scope" (pull request #1519)'
de178df
Commits on Sep 08, 2011
Andrew Kaspick akaspick when calling url_for with a hash, additional (likely unwanted) values…
… (such as :host) would be returned in the hash... calling #dup on the hash prevents this
45b7731
Andrew Kaspick akaspick fix url_for to not add additional unwanted options when called with a…
… hash
a8cfc99
José Valim josevalim Merge pull request #2939 from akaspick/url_for_fix_3_0
fix url_for when passing a hash to prevent unwanted additional values being added to the hash (backport to 3-0-stable)
f863af9
Guillermo Iguaran guilleiguaran Updating changelogs in 3-0-stable 5c10a53
Vijay Dev vijaydev Merge pull request #2682 from guilleiguaran/3-0-stable-changelogs
Update changelogs (3-0-stable)
9c2ff32
Commits on Sep 09, 2011
Aaron Patterson tenderlove Exceptions from database adapters should not lose their backtrace. a748c60
Commits on Sep 10, 2011
Vijay Dev vijaydev fix assert message 813e288
Commits on Sep 11, 2011
Trent Ogren misfo prevent errors when passing a frozen string as a param to ActionContr…
…oller::TestCase#process

since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process.  This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed
thanks and high fives to kinsteronline
78a4aea
Commits on Sep 12, 2011
Pratik lifo Dont use association proxy#reload to load the target for the first time 378ce0e
Commits on Sep 27, 2011
Philip Arndt parndt Fixes #3087 by removing autoload for non-existant DeprecatedBlockHelpers 0dd7411
José Valim josevalim Merge pull request #3142 from parndt/3-0-stable
Fixes #3087
1000ada
Commits on Oct 03, 2011
Jeremy Kemper jeremy Merge pull request #2801 from jeremyevans/patch-1
Fix obviously breakage of Time.=== for Time subclasses
87bbf48
Commits on Oct 05, 2011
Ben Holley Fix spelling in doc:app rake task 346973e
Akira Matsuda amatsuda override unsafe methods only if defined on String 984d031
Akira Matsuda amatsuda ruby193: String#prepend is also unsafe 543b587
Commits on Oct 06, 2011
Vijay Dev vijaydev Merge pull request #3233 from benolee/fix_spelling_in_doc_app_rake_task
Fix spelling in doc:app rake task
e2c03bf
Commits on Oct 14, 2011
Arun Agrawal arunagw activerecord/sqlnet.log into gitignore when running with oracle. 68ae66d
Commits on Oct 17, 2011
Vijay Dev vijaydev Merge pull request #3330 from arunagw/ignore_sqlnet_3-0-stable
Ignore sqlnet 3 0 stable
fd67735
Commits on Nov 01, 2011
Josh Kalderimis joshk Remove a circular require in AS deprecations. This is safe as AS depr…
…ecations is autoloaded as needed.
394dd6f
Commits on Nov 16, 2011
mhuffnagle Added a missing parameter to relative_url_root= that was causing an A…
…rgumentError: wrong number of arguments (1 for 0) to be thrown at actionpack-3.0.10/lib/action_controller/railtie.rb:54.
328ae5b
Yehuda Katz wycats Merge pull request #3646 from mhuffnagle/3-0-stable
Fix for relative_url_root= missing parameter (issue 3645)
6122924
Aaron Patterson tenderlove Merge pull request #2122 from dyba/3-0-stable
Issue #1866: Changed Commands module to RailsCommands.
b81c3f7
Aaron Patterson tenderlove Revert "Merge pull request #2122 from dyba/3-0-stable"
This reverts commit b81c3f7, reversing
changes made to 6122924.
2ba0309
Commits on Nov 17, 2011
Arun Agrawal arunagw Mysql2 version bump!
I saw one bug fixed here 

brianmario/mysql2@e60599b
4e72f59
José Valim josevalim Merge pull request #3655 from arunagw/mysql_bump_3-0-stable
Mysql bump 3 0 stable
de44773
Jon Leighton jonleighton Use broken YAML that will fail with Syck as well as Psych. Fixes test…
…_broken_yaml_exception in fixtures_test.rb on Ruby 1.8.7.

Cherry-pick from 3-1-stable: b8d4692

Conflicts:

	activerecord/test/cases/fixtures_test.rb
961b4a0
Jon Leighton jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
The bug is that an error would be raised while attempting to convert a
template from one encoding to another.

Please see http://redmine.ruby-lang.org/issues/5564 for more details.

The workaround is to load all conversions into memory ahead of time,
and will only happen if the ruby version is *exactly* 1.9.3p0. The
hope is obviously that the underlying problem will be resolved in
the next patchlevel release of 1.9.3.

Conflicts:

	actionpack/CHANGELOG.md
a03f018
Sergey Nartimov lest _html translation should escape interpolated arguments
Conflicts:

	actionpack/CHANGELOG.md
ba2d850
Aaron Patterson tenderlove removing stubs. 1.9.3 implements Date.today in C so mocking the retur…
…n value of Time.now does nothing
0e9910e
Aaron Patterson tenderlove fixing test case test on 1.9.3dev 618300e
Commits on Nov 18, 2011
Jon Leighton jonleighton Preparing for 3.0.11 release 66a4beb
Commits on Nov 19, 2011
Jon Leighton jonleighton Don't html-escape the :count option to translate if it's a Numeric. F…
…ixes #3685.

Conflicts:

	actionpack/CHANGELOG.md

Conflicts:

	actionpack/CHANGELOG.md
13ad879
Commits on Nov 30, 2011
Arun Agrawal arunagw ActiveModel confirmation validator fix fixes #1152
If you have an ActiveModel class that has a 
method email_address_confirmation. 
This method is being overwritten by the 
method defined in the Confirmation validator.
be8485e
José Valim josevalim Merge pull request #3805 from arunagw/active_model_patch_3-0-stable
Active model patch 3 0 stable
9ebacf3
Commits on Dec 03, 2011
Sam Umbach sumbach Test return value of ActiveSupport::Dependencies::Loadable#require
- Add tests to protect from regressions in require's return value behavior
- See a10606c (require needs to return true or false) for the original bug fix
dea2e9c
Sam Umbach sumbach Test return value of ActiveSupport::Dependencies::Loadable#load 9effced
Sam Umbach sumbach Test that require and load raise LoadError if file not found 0531e26
Sam Umbach sumbach Simplify load and require tests
- These tests don't use autoloading so there's no need to add anything to autoload_paths
289ae94
Aaron Patterson tenderlove require needs to return true or false. thank you Ryan "zenspider" Davis 8fabf78
Aaron Patterson tenderlove `load` should also return the value from `super` cc3fb2e
Aaron Patterson tenderlove Merge pull request #3846 from sumbach/backport-load-and-require-fixes…
…-to-3-0

Backport load and require fixes to 3 0
36b6c52
Jon Leighton jonleighton Enable postgres on the CI :heart: :beer: :sparkles:
Conflicts:

	Gemfile
51dcf85
Commits on Dec 17, 2011
Santiago Pastorino spastorino Sync .travis.yml with master 10c8e8d
José Valim josevalim Update .travis.yml ad9a0e3
Commits on Dec 18, 2011
Jon Leighton jonleighton Prefix newly added method to avoid breakings people's apps.
See
378ce0e

Fixes #3921.
b7e45c3
Commits on Dec 19, 2011
Jon Leighton jonleighton Don't notify campfire when the build keeps passing ab05e2b
Commits on Dec 20, 2011
Santiago Pastorino spastorino Merge pull request #4031 from arunagw/3-0-stable
3 0 stable travis sync
ce650ee
Commits on Dec 31, 2011
Akira Matsuda amatsuda bump up rack version to the one that includes the Hash DoS fix 7e03b9d
José Valim josevalim Merge pull request #4246 from amatsuda/hashdos_30
bump up rack version to the one that includes the Hash DoS fix
a048568
Commits on Jan 07, 2012
Arun Agrawal arunagw Fixed failing test for ruby-1.8.7-p357
See #4292
91a9b24
José Valim josevalim Merge pull request #4372 from arunagw/fixed_failing_test
Fixed failing test
d4c26c4
Commits on Jan 24, 2012
Aaron Patterson tenderlove Merge pull request #4514 from brainopia/update_timezone_offets
Update time zone offset information
c67ff97
Commits on Feb 15, 2012
Andy Pliszka AntiTyping Bugfix circular reference while saving has_one relationship a97cf75
Commits on Feb 16, 2012
Andy Pliszka AntiTyping Test for circular reference while saving has_one relationship 389d1c5
Commits on Feb 20, 2012
Sergey Nartimov lest fix output safety issue with select options 5b4082f
Commits on Feb 21, 2012
Akira Matsuda amatsuda add AS::SafeBuffer#clone_empty e50ee96
Akira Matsuda amatsuda use AS::SafeBuffer#clone_empty for flushing the output_buffer 6adc417
Commits on Feb 22, 2012
Jon Leighton jonleighton Merge commit 'v3.0.11' into 3-0-stable 67b6847
Aaron Patterson tenderlove updating RAILS_VERSION 2935435
Commits on Feb 25, 2012
Noah Hendrix noahhendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
c4f9264
Commits on Mar 01, 2012
José Valim josevalim Ensure [] respects the status of the buffer. 917fd1a
Aaron Patterson tenderlove Merge branch '3-0-stable-security' into 3-0-12
* 3-0-stable-security:
  Ensure [] respects the status of the buffer.
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
9435f5a
Aaron Patterson tenderlove bumping to 3.0.12 9d6377e
Aaron Patterson tenderlove Merge branch '3-0-12' into 3-0-stable
* 3-0-12:
  bumping to 3.0.12
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
eeb715a
Commits on Mar 02, 2012
Carlos Antonio da Silva carlosantoniodasilva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
f1c6037
Commits on Mar 07, 2012
Arun Agrawal arunagw fixed test when running with latest 1.8.7-p357 and ree f8f873a
Santiago Pastorino spastorino Merge pull request #5319 from arunagw/fix_test_ree
Fix test ree 3-0-stable
61335d6
Commits on Mar 15, 2012
Aaron Patterson tenderlove Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
Conflicts:

	actionpack/test/controller/redirect_test.rb
d14319c
Aaron Patterson tenderlove Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
8645745
Commits on Mar 23, 2012
Carlos Antonio da Silva carlosantoniodasilva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.

Conflicts:

	activerecord/test/cases/associations/join_model_test.rb
	activerecord/test/cases/associations/nested_through_associations_test.rb
	activerecord/test/cases/clone_test.rb
	activerecord/test/cases/dup_test.rb
	activerecord/test/cases/relations_test.rb
	activerecord/test/cases/yaml_serialization_test.rb
a9fdefd
Carlos Antonio da Silva carlosantoniodasilva Fix more failing tests related to ruby 1.8.7 p358 version change f748d36
José Valim josevalim Merge pull request #5565 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable
728a65d
Commits on Mar 24, 2012
Arun Agrawal arunagw Build fix for form_options_helper_test.rb ruby-1.8.7 00726ea
Commits on Mar 26, 2012
Carlos Antonio da Silva carlosantoniodasilva Fix AV::FixtureResolver and rjs tests with random order errors
Due to the hash ordering changes on Ruby 1.8.7-p358.
9698312
Commits on Mar 27, 2012
Aaron Patterson tenderlove Merge pull request #2621 from icco/master
Issue with schema dump
3627cfa
José Valim josevalim Merge pull request #5600 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - failing in ruby 1.8.8-p358
5790269
Emilio Tagua miloops Silence warnings here, only setting Encoding.default_external for tes…
…ting.
923ba31
Emilio Tagua miloops Use helper method here. caebe85
Aaron Patterson tenderlove load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
289fe76
Arun Agrawal arunagw Fix broken encoding test 4c9dec4
José Valim josevalim Avoid inspecting the whole route set, closes #1525 e0362f7
Aaron Patterson tenderlove Merge pull request #5613 from carlosantoniodasilva/fix-build-3-0-193
Fix build for branch 3-0-stable - Ruby 1.9.3
29320dc
Commits on Mar 29, 2012
Yasuo Honda yahonda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-0-stable branch
60272ae
Santiago Pastorino spastorino Merge pull request #5655 from yahonda/address_ora_00918_with_oracle_f…
…or_3_0

Address an error for test_has_many_through_polymorphic_has_one with Oracle
72dc7ae
Carlos Antonio da Silva carlosantoniodasilva Fix failing ARes test due to hash keys ordering d44ffb2
Jeremy Kemper jeremy Merge pull request #5659 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - ARes and ordered hash keys
f47a303
Commits on Apr 30, 2012
Yehuda Katz wycats Merge pull request #5044 from dracco/3-0-stable
Backport Bugfix: Stack Overflow (3-0-stable)
51582fe
Andrew White pixeltrix Lock mocha gem to fix the build
New versions of mocha don't allow nil.stubs
e74e479
Commits on May 25, 2012
Egor Homakov homakov auto_link final sanitize 3af3385
Aaron Patterson tenderlove Merge pull request #6485 from homakov/3-0-stable
auto_link sanitize output
f7cf745
Commits on May 26, 2012
Egor Homakov homakov do not force sanitize and whitelist protocols for auto_link
sanitize is not always required so we cannot make it. let's just
whitelist protocols
f35c93f
Rafael Mendonça França rafaelfranca Merge pull request #6495 from homakov/3-0-stable
auto_link shouldn't always sanitize
5989ffb
Commits on May 27, 2012
Rafael Mendonça França rafaelfranca Remove test for not accepted protocols to auto_link 349fce2
Commits on May 28, 2012
Aaron Patterson tenderlove bumping to 3.0.13.rc1 88e7f51
Commits on May 30, 2012
Aaron Patterson tenderlove predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
99f0309
Aaron Patterson tenderlove Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660

Conflicts:

	actionpack/lib/action_dispatch/http/request.rb
c202638
Commits on May 31, 2012
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-rel
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
c8af45e
Aaron Patterson tenderlove updating CHANGELOGs 86c97e1
Aaron Patterson tenderlove bumping to 3.0.13 7102fe8
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-stable
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
33f8e4b
Aaron Patterson tenderlove Merge branch '3-0-rel' into 3-0-stable
* 3-0-rel:
  bumping to 3.0.13
  updating CHANGELOGs
  bumping to 3.0.13.rc1
b2feff2
Commits on Jun 08, 2012
Ernie Miller ernie Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.0.13 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
176af7e
Commits on Jun 11, 2012
Aaron Patterson tenderlove Array parameters should not contain nil values. 2f3bc04
Toshinori Kajihara kennyj Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb
	activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
6c0c40b
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-stable-rel
* 3-0-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
b9e048c
Aaron Patterson tenderlove bumping versions in the CHANGELOG 2c95963
Aaron Patterson tenderlove updating changelogs with security fixes 8cecac7
Aaron Patterson tenderlove bumping to 3.0.14 3fb762a
Commits on Jun 12, 2012
Aaron Patterson tenderlove updating changelogs 4be9dbf
Commits on Jun 13, 2012
Aaron Patterson tenderlove we haven't monkey patched the Result class, so use each a5a0338
Aaron Patterson tenderlove 3.0.15 def7543
Commits on Jul 23, 2012
Aaron Patterson tenderlove updating changelogs 32b4cbc
Commits on Jul 26, 2012
Aaron Patterson tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 b88cc8a
Aaron Patterson tenderlove updating changelog with CVE fe48ad3
Aaron Patterson tenderlove updating release date 4a0370b
Aaron Patterson tenderlove bumping to 3.0.16 3166606
Commits on Aug 04, 2012
Andrew White pixeltrix Backport of fix from #5173 - fixes #7252
Rather than use the MySQL specific TINYTEXT, MEDIUMTEXT and LONGTEXT
datatypes, Active Record migrations use TEXT(n) where n is the limit
specified by the developer. Unfortunately how MySQL interprets n
depends on the column's encoding so any limit above 5592405 will be
interpreted as a LONGTEXT when the encoding is UTF-8.

This commit fixes this by interpreting the limit within the adapter
and using the specific MySQL datatype as appropriate.
f07c708
Commits on Aug 08, 2012
Santiago Pastorino spastorino html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215

Conflicts:
	actionpack/test/controller/new_base/render_template_test.rb
	actionpack/test/template/asset_tag_helper_test.rb
	actionpack/test/template/erb_util_test.rb
	actionpack/test/template/javascript_helper_test.rb
	actionpack/test/template/template_test.rb
	activesupport/lib/active_support/core_ext/string/output_safety.rb
	activesupport/test/core_ext/string_ext_test.rb
	railties/test/application/assets_test.rb
780a718
Rafael Mendonça França rafaelfranca Fix tests about single quote escaping 9ef905f
Commits on Aug 09, 2012
Santiago Pastorino spastorino escape select_tag :prompt values
CVE-2012-3463
c979587
Santiago Pastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
1151959
Santiago Pastorino spastorino Add CHANGELOG entries 6eda26a
Santiago Pastorino spastorino Bump to 3.0.17 77977f3
Mark Turner amerine Add html_escape note to CHANGELOG cf6bb2a
Santiago Pastorino spastorino Merge pull request #7308 from amerine/3-0-stable
Add html_escape note to CHANGELOG
954e262
Commits on Aug 28, 2012
Rafael Mendonça França rafaelfranca Remove warning when using html_escape with Ruby 1.9.
Closes #7430
f93e3f0
Commits on Dec 23, 2012
Aaron Patterson tenderlove updating changelogs 826548b
Aaron Patterson tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
3542641
Aaron Patterson tenderlove bumping to 3.0.18 fb06fe4
Commits on Jan 08, 2013
Aaron Patterson tenderlove * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …
…* dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/predicate_builder.rb
97b3b68
Jeremy Kemper jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. a494824
Aaron Patterson tenderlove bumping version 7909e7f
Commits on Jan 09, 2013
Prem Sichanugrist sikachu Remove test for XML YAML parsing
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See a494824 for more detail.
f252755
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #8836 from sikachu/3-0-stable-fix-ars
Remove test for XML YAML parsing
ca8b0bd
Zach Moazeni zmoazeni Methods that return nil should not be considered YAML
This is a direct port of @jaw6's pull request
#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see `Hash::DisallowedType: Disallowed type attribute: "yaml"`
477f0e7
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #8853 from zmoazeni/3-0-xml-serialization-fix
Methods that return nil should not be considered YAML
583e5fd
Commits on Jan 10, 2013
Carlos Antonio da Silva carlosantoniodasilva Update changelogs with release dates and minor improvements [ci skip] e5f4a39
Commits on Jan 11, 2013
Dylan Thacker-Smith dylanahsmith Fix JSON params parsing regression for non-object JSON content.
Backports #8855.
eede4ab
Jeremy Kemper jeremy Merge pull request #8890 from dylanahsmith/3-0-parse-non-object-json-…
…params

3-0-stable: Fix JSON params parsing regression for non-object JSON content.
9bc2b09
Commits on Jan 12, 2013
Andrew White pixeltrix Remove unnecessary caching of ParameterFilter 4c525b2
Commits on Jan 16, 2013
James Mead floehopper Fix 3-0-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to
include Mocha bug fix.

A bug was fixed [1] in Mocha's integration with Test::Unit, but this
monkey-patching code was copied before the fix. We need to copy the
fixed version.

The bug meant that an unexpected invocation against a mock within the
teardown method caused a test *error* and not a test *failure*.

B) Fix for Test::Unit/Mocha compatibility.

Mocha is now using a single AssertionCounter which needs a reference to
the testcase as opposed to the result.

This change is an unfortunate consequence of the copying of a chunk of
Mocha's internal code in order to monkey-patch Test::Unit.

C) Avoid a Mocha deprecation warning.

[1]
freerange/mocha@f1ff647#diff-5
commit 0591f6d 1 parent 8b3109a
bf91545
Rafael Mendonça França rafaelfranca Merge pull request #8872 from freerange/3-0-stable-with-mocha-fixes
Fix 3-0-stable to work with Mocha >= v0.13.0
d116e90
Commits on Jan 26, 2013
Carlos Antonio da Silva carlosantoniodasilva Update mocha version to 0.13.0 and change requires 871a7db
Carlos Antonio da Silva carlosantoniodasilva Remove not used variable warning ba6b243
Carlos Antonio da Silva carlosantoniodasilva Fix indentation to remove warning dd3caf6
Damien Mathieu dmathieu remove the warning when testing whiny_nil 18bce29
Toshinori Kajihara kennyj Fix build. It seems that the Mocha's behavior were changed. bb80a87
Carlos Antonio da Silva carlosantoniodasilva Update failing tests overriding destroy method instead of using mocha…
… expectation

Mocha by default does not allow adding expectation to frozen objects,
just applying a workaround to ensure the method is never called, making
the tests pass without enabling this again in mocha.
597a700
Carlos Antonio da Silva carlosantoniodasilva Remove obsolete rake/rdoctask require
Requiring this now raises a RuntimeError, failing the test.
It also seems that the require is unnecessary to pass the test.
e8ac985
Commits on Jan 27, 2013
Carlos Antonio da Silva carlosantoniodasilva Fix failing test related to escaping include_blank in select_tag
Rails 3.0.x doesn't have the :prompt option in select_tag, it was
introduced in c5d54be that is only
available from 3.1.x on.

The test and related fix were introduced in
c979587 for Rails 3.0.17, as a fix for
a security vulnerability. The code is completely fine but the test was
using the invalid :prompt option for this version, probably because it
was cherry-picked from other branch which has the option.
709fbd3
Commits on Jan 28, 2013
Michael Koziarski NZKoz Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
5375dce
Aaron Patterson tenderlove bumping to 3.0.20 b875be0
Commits on Jan 29, 2013
Nathan Broadbent ndbroadbent Fix #8832 - Parse '{"person":[]}' JSON/XML as {'person' => []}. f20b598
Commits on Jan 30, 2013
Renato Neves renatosnrg Fixing encoding to UTF-8 for OkJson backend d46c6aa
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #9123 from renatosnrg/3-0-stable
Fixing encoding to UTF-8 for OkJson backend. Closes #9122.
20c3b4b
Aaron Patterson tenderlove Merge pull request #9111 from jsomara/3-0-json-fix
Fix #8832 - Parse '{"person":[]}' JSON/XML as {'person' => []}.
10513d2
Michel Barbosa fixed failing JSON decoding in rails 3-0-stable fdc42ad
Commits on Feb 07, 2013
Dylan Thacker-Smith dylanahsmith active_record: Quote numeric values compared to string columns. 0fc58ca
Dylan Thacker-Smith dylanahsmith mysql2 adapter fixed upstream to delegate quoting of BigDecimal. b4be619
Commits on Feb 08, 2013
Guillermo Iguaran guilleiguaran Merge pull request #9210 from dylanahsmith/3-0-mysql-quote-numeric
[3.0] active_record: Quote numeric values compared to string columns.
663c9a6
Roberto Miranda robertomiranda Fix BigDecimal Typecast on 1.8.7 a316c09
Guillermo Iguaran guilleiguaran Merge pull request #9223 from robertomiranda/fix-bigdecimal-typecast
Fix BigDecimal Typecast on 1.8.7
f93d046
Commits on Feb 09, 2013
joernchen of Phenoelit joernchen Fix issue with attr_protected where malformed input could circumvent
protection

Fixes: CVE-2013-0276

Conflicts:
	activemodel/lib/active_model/attribute_methods.rb
	activerecord/test/cases/mass_assignment_security_test.rb
2dfd512
Commits on Feb 11, 2013
Tobias Kraze kratob fix serialization vulnerability 073d5a6
Aaron Patterson tenderlove Merge pull request #9126 from mbarb0sa/bugfix/json-decoding-in-rails-…
…3-0-stable

fixed failing JSON decoding in rails 3-0-stable
360af4e
Aaron Patterson tenderlove Merge branch '3-0-sec' into 3-0-stable
* 3-0-sec:
  fix serialization vulnerability
  Fix issue with attr_protected where malformed input could circumvent protection
182d4e3
Aaron Patterson tenderlove Revert "Merge pull request #9126 from mbarb0sa/bugfix/json-decoding-i…
…n-rails-3-0-stable"

This reverts commit 360af4e, reversing
changes made to f93d046.
f2839f1
Commits on Feb 27, 2013
Steve Klabnik steveklabnik Revert "Merge pull request #9210 from dylanahsmith/3-0-mysql-quote-nu…
…meric"

This reverts commit 663c9a6, reversing
changes made to 10513d2.
9fdd56c
Commits on Mar 16, 2013
Charlie Somerville charliesome fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] 0075f36
benmmurphy benmmurphy JDOM XXE Protection [CVE-2013-1856]
Conflicts:
	activesupport/test/xml_mini/jdom_engine_test.rb
fa5bafc
Aaron Patterson tenderlove fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
77403a9
Commits on Dec 01, 2013
Aaron Patterson tenderlove Only use valid mime type symbols as cache keys
CVE-2013-6414

Conflicts:
	actionpack/lib/action_view/lookup_context.rb
5aeb472
Commits on Feb 18, 2014
Rafael Mendonça França rafaelfranca Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
857c6ee