Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
Commits on Feb 15, 2012
@AntiTyping AntiTyping Bugfix circular reference while saving has_one relationship a97cf75
Commits on Feb 16, 2012
@AntiTyping AntiTyping Test for circular reference while saving has_one relationship 389d1c5
Commits on Feb 25, 2012
@noahhendrix noahhendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
c4f9264
Commits on Mar 01, 2012
@tenderlove tenderlove Merge branch '3-0-12' into 3-0-stable
* 3-0-12:
  bumping to 3.0.12
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
eeb715a
Commits on Mar 02, 2012
@carlosantoniodasilva carlosantoniodasilva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
f1c6037
Commits on Mar 07, 2012
@arunagw arunagw fixed test when running with latest 1.8.7-p357 and ree f8f873a
@spastorino spastorino Merge pull request #5319 from arunagw/fix_test_ree
Fix test ree 3-0-stable
61335d6
Commits on Mar 15, 2012
@tenderlove tenderlove Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
Conflicts:

	actionpack/test/controller/redirect_test.rb
d14319c
@tenderlove tenderlove Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
8645745
Commits on Mar 23, 2012
@carlosantoniodasilva carlosantoniodasilva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.

Conflicts:

	activerecord/test/cases/associations/join_model_test.rb
	activerecord/test/cases/associations/nested_through_associations_test.rb
	activerecord/test/cases/clone_test.rb
	activerecord/test/cases/dup_test.rb
	activerecord/test/cases/relations_test.rb
	activerecord/test/cases/yaml_serialization_test.rb
a9fdefd
@carlosantoniodasilva carlosantoniodasilva Fix more failing tests related to ruby 1.8.7 p358 version change f748d36
@josevalim josevalim Merge pull request #5565 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable
728a65d
Commits on Mar 24, 2012
@arunagw arunagw Build fix for form_options_helper_test.rb ruby-1.8.7 00726ea
Commits on Mar 26, 2012
@carlosantoniodasilva carlosantoniodasilva Fix AV::FixtureResolver and rjs tests with random order errors
Due to the hash ordering changes on Ruby 1.8.7-p358.
9698312
Commits on Mar 27, 2012
@tenderlove tenderlove Merge pull request #2621 from icco/master
Issue with schema dump
3627cfa
@josevalim josevalim Merge pull request #5600 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - failing in ruby 1.8.8-p358
5790269
@miloops miloops Silence warnings here, only setting Encoding.default_external for tes…
…ting.
923ba31
@miloops miloops Use helper method here. caebe85
@tenderlove tenderlove load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
289fe76
@arunagw arunagw Fix broken encoding test 4c9dec4
@josevalim josevalim Avoid inspecting the whole route set, closes #1525 e0362f7
@tenderlove tenderlove Merge pull request #5613 from carlosantoniodasilva/fix-build-3-0-193
Fix build for branch 3-0-stable - Ruby 1.9.3
29320dc
Commits on Mar 29, 2012
@yahonda yahonda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-0-stable branch
60272ae
@spastorino spastorino Merge pull request #5655 from yahonda/address_ora_00918_with_oracle_f…
…or_3_0

Address an error for test_has_many_through_polymorphic_has_one with Oracle
72dc7ae
@carlosantoniodasilva carlosantoniodasilva Fix failing ARes test due to hash keys ordering d44ffb2
@jeremy jeremy Merge pull request #5659 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - ARes and ordered hash keys
f47a303
Commits on Apr 30, 2012
@wycats wycats Merge pull request #5044 from dracco/3-0-stable
Backport Bugfix: Stack Overflow (3-0-stable)
51582fe
@pixeltrix pixeltrix Lock mocha gem to fix the build
New versions of mocha don't allow nil.stubs
e74e479
Commits on May 25, 2012
@homakov homakov auto_link final sanitize 3af3385
@tenderlove tenderlove Merge pull request #6485 from homakov/3-0-stable
auto_link sanitize output
f7cf745
Commits on May 26, 2012
@homakov homakov do not force sanitize and whitelist protocols for auto_link
sanitize is not always required so we cannot make it. let's just
whitelist protocols
f35c93f
@rafaelfranca rafaelfranca Merge pull request #6495 from homakov/3-0-stable
auto_link shouldn't always sanitize
5989ffb
Commits on May 27, 2012
@rafaelfranca rafaelfranca Remove test for not accepted protocols to auto_link 349fce2
Commits on May 28, 2012
@tenderlove tenderlove bumping to 3.0.13.rc1 88e7f51
Commits on May 30, 2012
@tenderlove tenderlove predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
99f0309
@tenderlove tenderlove Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660

Conflicts:

	actionpack/lib/action_dispatch/http/request.rb
c202638
Commits on May 31, 2012
@tenderlove tenderlove Merge branch '3-0-stable-sec' into 3-0-rel
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
c8af45e
@tenderlove tenderlove updating CHANGELOGs 86c97e1
@tenderlove tenderlove bumping to 3.0.13 7102fe8
@tenderlove tenderlove Merge branch '3-0-stable-sec' into 3-0-stable
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
33f8e4b
@tenderlove tenderlove Merge branch '3-0-rel' into 3-0-stable
* 3-0-rel:
  bumping to 3.0.13
  updating CHANGELOGs
  bumping to 3.0.13.rc1
b2feff2
Commits on Jun 08, 2012
@ernie ernie Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.0.13 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
176af7e
Commits on Jun 11, 2012
@tenderlove tenderlove Array parameters should not contain nil values. 2f3bc04
@kennyj kennyj Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb
	activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
6c0c40b
@tenderlove tenderlove Merge branch '3-0-stable-sec' into 3-0-stable-rel
* 3-0-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
b9e048c
@tenderlove tenderlove bumping versions in the CHANGELOG 2c95963
@tenderlove tenderlove updating changelogs with security fixes 8cecac7
@tenderlove tenderlove bumping to 3.0.14 3fb762a
Commits on Jun 12, 2012
@tenderlove tenderlove updating changelogs 4be9dbf
Commits on Jun 13, 2012
@tenderlove tenderlove we haven't monkey patched the Result class, so use each a5a0338
@tenderlove tenderlove 3.0.15 def7543
Commits on Jul 23, 2012
@tenderlove tenderlove updating changelogs 32b4cbc
Commits on Jul 26, 2012
@tenderlove tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 b88cc8a
@tenderlove tenderlove updating changelog with CVE fe48ad3
@tenderlove tenderlove updating release date 4a0370b
@tenderlove tenderlove bumping to 3.0.16 3166606
Commits on Aug 04, 2012
@pixeltrix pixeltrix Backport of fix from #5173 - fixes #7252
Rather than use the MySQL specific TINYTEXT, MEDIUMTEXT and LONGTEXT
datatypes, Active Record migrations use TEXT(n) where n is the limit
specified by the developer. Unfortunately how MySQL interprets n
depends on the column's encoding so any limit above 5592405 will be
interpreted as a LONGTEXT when the encoding is UTF-8.

This commit fixes this by interpreting the limit within the adapter
and using the specific MySQL datatype as appropriate.
f07c708
Commits on Aug 08, 2012
@spastorino spastorino html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215

Conflicts:
	actionpack/test/controller/new_base/render_template_test.rb
	actionpack/test/template/asset_tag_helper_test.rb
	actionpack/test/template/erb_util_test.rb
	actionpack/test/template/javascript_helper_test.rb
	actionpack/test/template/template_test.rb
	activesupport/lib/active_support/core_ext/string/output_safety.rb
	activesupport/test/core_ext/string_ext_test.rb
	railties/test/application/assets_test.rb
780a718
@rafaelfranca rafaelfranca Fix tests about single quote escaping 9ef905f
Commits on Aug 09, 2012
@spastorino spastorino escape select_tag :prompt values
CVE-2012-3463
c979587
@spastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
1151959
@spastorino spastorino Add CHANGELOG entries 6eda26a
@spastorino spastorino Bump to 3.0.17 77977f3
@amerine amerine Add html_escape note to CHANGELOG cf6bb2a
@spastorino spastorino Merge pull request #7308 from amerine/3-0-stable
Add html_escape note to CHANGELOG
954e262
Commits on Aug 28, 2012
@rafaelfranca rafaelfranca Remove warning when using html_escape with Ruby 1.9.
Closes #7430
f93e3f0
Commits on Dec 23, 2012
@tenderlove tenderlove updating changelogs 826548b
@tenderlove tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
3542641
@tenderlove tenderlove bumping to 3.0.18 fb06fe4