Skip to content
This repository
  • 6,861 commits
  • 244 files changed
  • 11 comments
  • 47 contributors
This comparison is big! We're only showing the most recent 250 commits
Dec 01, 2011
Jonathan del Strother Leave default_asset_host_protocol unset
When default_asset_host_protocol is left as nil, it will use absolute protocols when a request is present, and relative protocols otherwise (eg in asset generation)

Signed-off-by: José Valim <jose.valim@gmail.com>
0ce562c
José Valim Update CHANGELOG. 7fc91aa
Dec 02, 2011
Richard Hulse [docs] removed last-modifed line from examples 9473f7d
typo in the performance testing rails guide 2512192
Dec 03, 2011
Jon Jensen Restore performance of ERB::Util.html_escape
Revert html_escape to do a single gsub again, but add the "n" flag (no
language, i.e. not multi-byte) to protect against XSS via invalid utf8

Signed-off-by: José Valim <jose.valim@gmail.com>
1583dab
Jon Leighton Avoid postgres 9.X syntax c1e2c1a
Jon Leighton Enable postgres on the CI :heart::beer::sparkles: d2ab2b0
Dec 05, 2011
Sam Umbach Test return value of ActiveSupport::Dependencies::Loadable#require
- Add tests to protect from regressions in require's return value behavior
- See a10606c (require needs to return true or false) for the original bug fix
9a780f6
Sam Umbach Test return value of ActiveSupport::Dependencies::Loadable#load 31cead7
Sam Umbach Test that require and load raise LoadError if file not found 0f81554
Sam Umbach Simplify load and require tests
- These tests don't use autoloading so there's no need to add anything to autoload_paths
a070dd1
Aaron Patterson Merge pull request #3860 from sumbach/test-return-value-from-require-…
…on-3-1-stable

Test return value from require on 3-1-stable
47bc206
Toshinori Kajihara Use show create table.
Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
8d55a6d
Dec 06, 2011
Santiago Pastorino Merge pull request #3428 from adrianpike/asset_path_conflicts
Issue #3427 - asset_path_conflicts
a2f4ef1
Santiago Pastorino Add CHANGELOG entry acfa6c7
Dec 08, 2011
Xavier Noria use our own fork of sdoc while Vijay's fix is not applied to voloko/sdoc 1e001da
José Valim Improve cache on route_key lookup.
Conflicts:

	activemodel/lib/active_model/naming.rb
3952854
José Valim Remove NilClass whiners feature.
Removing this feature causes boost in performance when using Ruby 1.9.

Ruby 1.9 started to do implicit conversions using `to_ary` and `to_str`
in some STDLIB methods (like Array#join). To do such implicit conversions,
Ruby 1.9 always dispatches the method and rescues the NoMethodError exception
in case one is raised.

Therefore, since the whiners feature defined NilClass#method_missing, such
implicit conversions for nil became much, much slower. In fact, just defining
NilClass#method_missing (even without the whiners feature) already causes a
massive slow down. Here is a snippet that shows such slow down:

    require "benchmark"
    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }

    class NilClass
      def method_missing(*args)
        raise NoMethodError
      end
    end

    Benchmark.realtime { 1_000.times { [nil,nil,nil].join } }
4f0ff15
Jon Leighton Fix #3890. (Calling proxy_association in scope chain.)
Conflicts:

	activerecord/test/models/post.rb
63293d1
Aaron Patterson load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
e568c67
Dec 09, 2011
Vijay Dev fix a bad url 92d24b7
Guillermo Iguaran Add test to verify that therubyrhino isn't included when JRuby isn't …
…used
80b1d4d
Dec 10, 2011
José Valim Merge pull request #3705 from guilleiguaran/3-1-stable-therubyrhino
Added therubyrhino to default Gemfile under JRuby
d06c3b3
Arun Agrawal Fix broken encoding test 49bbdf2
José Valim Merge pull request #3928 from arunagw/fix_template_test
Fix template test
25ac7e4
Dec 12, 2011
Aaron Patterson use Array#join so that file encoding doesn't impact returned string.
Fixes #3957
4371be2
Dec 14, 2011
Ryan Sandridge Fixing typo in Routing Guide. 50ac4a3
Ryan Sandridge Replacing vague mention of an unspecified section above with a link t…
…o the actual section containing Asset Organization.
ed89235
Mikhail Dieterle Typo in list dced6d6
Jon Leighton Fix #3672 again (dependent: delete_all perf)
Conflicts:

	activerecord/lib/active_record/associations/builder/has_many.rb
	activerecord/lib/active_record/associations/has_many_association.rb
b6ae05e
Xavier Noria let sdoc say which version of rdoc we depend on
Conflicts:

	Gemfile
60a91f1
Dec 15, 2011
Jon Leighton Fix #3987.
Conflicts:

	activerecord/lib/active_record/attribute_methods/primary_key.rb
	activerecord/test/cases/primary_keys_test.rb
df932c4
Dec 17, 2011
Santiago Pastorino Add campfire notifications for travis 2f7e701
Dec 18, 2011
Sergey Nartimov backport call scope within unscoped to prevent duplication of where v…
…alues
9f7fe5d
Dec 19, 2011
Jon Leighton Don't notify campfire when the build keeps passing b9aabc7
Santiago Pastorino Merge pull request #4025 from arunagw/travis_sync
Travis sync
0479789
Dec 20, 2011
Guillermo Iguaran Skip assets options in environments files when --skip-sprockets is used
Conflicts:

	railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt
	railties/test/generators/app_generator_test.rb
47bef33
Piotr Sarnacki Ensure that files that compile to js/css are not compiled by default …
…with `rake assets:precompile`

This case was not tested and documentation was a bit confusing
on that topic, so it was not obvious if current code
works properly or not.
80c0517
Guillermo Iguaran Use ProcessedAsset#pathname in Sprockets helpers when debugging is on…
…. Closes #3333 #3348 #3361.

Is wrong use ProcessedAsset#to_s since it returns the content of the file.
d7fbd63
Piotr Sarnacki Clarify the default assets.precompile matcher behavior 169137f
Guillermo Iguaran Skip assets groups if --skip-sprockets option is given
Conflicts:

	railties/test/generators/app_generator_test.rb
c32be81
José Valim Merge pull request #4058 from guilleiguaran/asset-pipeline-fixes
Backport multiple fixes for asset pipeline from master to 3-1-stable
c4b13a7
Guillermo Iguaran Fix railties tests: I broke development.rb template during last merge d545642
José Valim Merge pull request #4065 from guilleiguaran/fix-railties-tests
Fix railties tests: I broke development.rb template during last merge
5ca308b
Arun Agrawal It should be README.rdoc fixes #4067 41803b2
Santiago Pastorino Merge pull request #4074 from arunagw/doc_fix
doc:rails fixed
2ddedac
Aaron Patterson adding tests for #4029 040b794
Dec 22, 2011
Aaron Patterson refactoring routing tests
Conflicts:

	actionpack/test/controller/routing_test.rb
3e00e1f
Aaron Patterson rack bodies should be a list d538952
Dec 24, 2011
Arun Agrawal [docs] Added missing "}" fixes #4126 939183a
Dec 31, 2011
SHIBATA Hiroshi upgrade rack-1.3.6 16d4bc7
José Valim Merge pull request #4244 from hsbt/upgrade-rack-dependency
Upgrade rack dependency
8efb9e7
Jan 03, 2012
José Valim Override respond_to? since we are also overriding method_missing. 6d5a27a
Santiago Pastorino Pass extensions to javascript_path and stylesheet_path helpers. Closes b7c7f08
Jan 10, 2012
Piotr Sarnacki Add ORIGINAL_FULLPATH to env
This behaves similarly to REQUEST_URI, but
we need to implement it on our own because
REQUEST_URI is not reliable.

Note that since PATH_INFO does not contain
information about trailing question mark,
this is not 100% accurate, for example
`/foo?` will result in `/foo` in ORIGINAL_FULLPATH
4d872d1
Piotr Sarnacki Add original_fullpath and original_url methods to Request c2af40b
Piotr Sarnacki Fix http digest authentication with trailing '/' or '?' (fixes #4038
…and #3228)
238d80c
Jan 11, 2012
Santiago Pastorino Merge pull request #4412 from kennyj/fix_3743
Fix GH #3743. We must specify an encoding in rdoc_option explicitly.
efa215a
Jan 12, 2012
Tom Stuart Test ActiveRecord::Base#[]= as well as #write_attribute f22c36b
Tom Stuart Test that #[] and #[]= keep working when #read_attribute and #write_a…
…ttribute are overridden
cda5094
Tom Stuart Revert "Base#[] and Base#[]= are aliases so implement them as aliases…
… :)"

This reverts commit 21eadc1.
f707cda
Santiago Pastorino Merge pull request #4418 from tomstuart/read-and-write-attribute-alia…
…ses-3-1-stable

#[] and #[]= are no longer interchangeable with #read_attribute and #write_attribute (3-1-stable)
16f9511
Guillermo Iguaran Update actionpack Changelog in 3-1-stable 28b0050
Vijay Dev Merge pull request #4442 from guilleiguaran/3-1-changelogs
Update actionpack changelog in 3-1-stable
a677701
Jan 13, 2012
Vijay Dev First attempt at providing a 'what to update' section for Rails 3.1 18d67f5
José Valim config.force_ssl should mark the session as secure. d209325
José Valim No AS::TestCase here. 98ac00c
Jan 16, 2012
Guillermo Iguaran Mention how use config.assets.prefix to avoid conflicting with an exi…
…sting "/assets" route
f407ec5
Jan 21, 2012
Guillermo Iguaran Add therubyracer gem commented in default Gemfile (3.1.x) bd5392c
Vijay Dev Merge pull request #4579 from guilleiguaran/add-js-runtime-to-gemfile
Add therubyracer gem commented in default Gemfile (3.1.x)
db9b1a7
Jan 23, 2012
Piotr Sarnacki Add ActiveModel::Errors#delete, which was not available after move to…
… use delegation
f34e5a7
Paweł Kondzior Fix ActiveModel::Errors#dup
Since ActiveModel::Errors instance keeps all error messages as hash
we should duplicate this object as well.

Previously ActiveModel::Errors was a subclass of ActiveSupport::OrderedHash,
which results in different behavior on dup, this may result in regression for
people relying on it.

Because Rails 3.2 stills supports Ruby 1.8.7 in order to properly fix this
regression we need to backport #initialize_dup.
5da6b6e
Jan 24, 2012
Aaron Patterson Merge pull request #4514 from brainopia/update_timezone_offets
Update time zone offset information
423241c
Jan 31, 2012
Toshinori Kajihara Fix GH #4754. Remove double-quote characters around PK when using sql…
…_mode=ANSI_QUOTES
daa8686
Jon Leighton Merge pull request #4787 from kennyj/fix_4754-2
[Backport][3-1-stable] Fix GH #4754. Remove double-quote characters around PK when using sql_mode=ANSI_QUOTES
27357a6
Feb 17, 2012
Arun Agrawal fixed failing test in ruby-1.8.7-p358 0bf4dc8
Santiago Pastorino Merge pull request #5072 from arunagw/fix_failing_test_ruby187_p358_3…
…1stable

Fix failing test ruby187 p358 31stable
fd2b275
Andrew White Fix ActionDispatch::Static to serve files with unencoded PCHAR
RFC 3986[1] allows sub-delim characters in path segments unencoded,
however Rack::File requires them to be encoded so we use URI's
unescape method to leave them alone and then escape them again.

Also since the path gets passed to Dir[] we need to escape any glob
characters in the path.

[1]: http://www.ietf.org/rfc/rfc3986.txt
5fcbb94
Andrew White Simplify regexp bea34a7
Feb 18, 2012
Arun Agrawal fixed assets test 7782a70
José Valim Merge pull request #5079 from arunagw/fix_assets_test
Fix assets test
03db636
Feb 20, 2012
Andrew White Remove fixture files with Windows incompatible filenames
Windows doesn't allow `\ / : * ? " < > |` in filenames so create
the fixture files at runtime and ignore the incompatible ones when
running on Windows.
a786236
Aaron Patterson search private / protected methods in trunk ruby da7d0a2
Sergey Nartimov fix output safety issue with select options 1be2bbe
Akira Matsuda add AS::SafeBuffer#clone_empty baf6903
Akira Matsuda use AS::SafeBuffer#clone_empty for flushing the output_buffer 2d4cdb0
Feb 21, 2012
Aaron Patterson Merge pull request #5096 from lawso017/master
Restoring ability to derive id/sequence from tables with nonstandard sequences for primary keys
Conflicts:

	activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
	activerecord/test/cases/adapters/postgresql/schema_test.rb
f468d6e
Aaron Patterson ruby 2.0 makes protected methods return false for respond_to, so pass…
… true as the second param
0032772
Aaron Patterson more ruby 2.0 respond_to? changes 36c8521
Aaron Patterson tag bind params with a bind param object 79f0a9b
Aaron Patterson bumping up arel 995d792
Feb 22, 2012
Aaron Patterson prepared statements can be disabled f290d6f
Aaron Patterson fixing bad merge: adding bind substitution visitor 967b300
Aaron Patterson updating RAILS_VERSION 8c677e9
Feb 25, 2012
Arun Agrawal fixed build for ruby187-p358 406ece4
Xavier Noria Merge pull request #5165 from arunagw/build_fix_ruby187-p358-3-1-stable
Build fix ruby187 p358 3 1 stable
30a528a
Arun Agrawal assert => assert_equal 6e49b3d
Santiago Pastorino Merge pull request #5171 from arunagw/3-1-stable
assert => assert_equal 3-1-stable
d693bd2
Justin Woodbridge Fix typo in match :to docs e6fca55
Noah Hendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
b5418e7
Feb 26, 2012
Andrew White Detect optional glob params when adding non-greedy regexp - closes #4817
.
5c18b99
Feb 27, 2012
Aaron Patterson Merge pull request #5179 from RalphShnelvar/Binary_mode_Window_bug
Binary mode window bug
47c3cf1
Feb 29, 2012
Toshinori Kajihara Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931. 42592b4
Aaron Patterson Merge pull request #5207 from kennyj/fix_5173-31
[3-1-stable] Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931
0d7a507
José Valim Ensure [] respects the status of the buffer. 3d86727
Mar 01, 2012
Arun Agrawal call binmode on the tempfile for Ruby 1.8 compatibility 63069ec
José Valim Merge pull request #5227 from arunagw/build_fix_3-1-stable
Build fix 3 1 stable
4c8679e
Aaron Patterson Merge branch '3-1-stable-security' into 3-1-4
* 3-1-stable-security:
  Ensure [] respects the status of the buffer.
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
d1fc35f
Aaron Patterson bumping to 3.1.4 1aabea6
Aaron Patterson Merge branch '3-1-4' into 3-1-stable
* 3-1-4:
  bumping to 3.1.4
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
11881ad
Mar 02, 2012
Carlos Antonio da Silva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
66c6c7f
Aaron Patterson only log an error if there is a logger. fixes #5226
Conflicts:

	activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_adapter.rb
b1358c8
Mar 04, 2012
Carlos Antonio da Silva Only run binary type cast test with encode! on Ruby 1.9 24e074f
Mar 06, 2012
Mikel Lindsaar Increasing minimum version of mail due to security vulnerability foun…
…d in Mail 2.3.0 for sendmail or exim
5aa4f52
José Valim Use latest rack-cache. 54621f7
Mar 07, 2012
Jeremy Kemper Use 1.9 native XML escaping to speed up html_escape and shush regexp …
…warnings

        length      user     system      total        real
before  6      0.010000   0.000000   0.010000 (  0.012378)
after   6      0.010000   0.000000   0.010000 (  0.012866)
before  60     0.040000   0.000000   0.040000 (  0.046273)
after   60     0.040000   0.000000   0.040000 (  0.036421)
before  600    0.390000   0.000000   0.390000 (  0.390670)
after   600    0.210000   0.000000   0.210000 (  0.209094)
before  6000   3.750000   0.000000   3.750000 (  3.751008)
after   6000   1.860000   0.000000   1.860000 (  1.857901)
7cdfd91
Arun Agrawal Test fix failing in 1.8.7-p358 d024ce1
Santiago Pastorino Merge pull request #5322 from arunagw/test_fix_1.8.7-3-1-stable
Test fix 1.8.7 3 1 stable
7455627
Mar 12, 2012
Aaron Patterson Merge pull request #5312 from kennyj/fix_3927-31
[3-1-stable] Use 1.9 native XML escaping to speed up html_escape and shush regexp warnings
bccffc9
Mar 13, 2012
Denis Jean fix activerecord query_method regression with offset into Fixnum
add test to show offset query_methods on mysql & mysql2

change test to cover public API
b1fe2c6
José Valim Merge pull request #5401 from arunagw/issue_4409_3-1-stable
Issue 4409 3 1 stable
cfab216
Mar 15, 2012
Aaron Patterson Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
47147a0
Aaron Patterson Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
66b8ef1
Mar 18, 2012
José Valim Merge pull request #5504 from arunagw/build_fix_1-8-7
Build fix 1 8 7
594d6b2
Mar 19, 2012
Mikel Lindsaar Increase minimum version of mail.
  Second security vulnerability found in mail file delivery method
  patched in version 2.3.3.
f12d76b
Arun Agrawal fix test failing in 1.8.7 eeee6f2
Arun Agrawal Build fix for form_options_helper_test.rb ruby-1.8.7 c1c62e8
José Valim Merge pull request #5506 from arunagw/build_fix_1.8.7-3-1-stable
Build fix 1.8.7 3 1 stable
fea82eb
Mar 23, 2012
Carlos Antonio da Silva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.
51bb1c1
Carlos Antonio da Silva Fix identity map tests c8d5680
José Valim Merge pull request #5564 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable
dafded2
Mar 26, 2012
Carlos Antonio da Silva Return the same session data object when setting session id
Make sure to return the same hash object instead of returning a new one.
Returning a new one causes failures on cookie store tests, where it
tests for the 'Set-Cookie' header with the session signature.

This is due to the hash ordering changes on Ruby 1.8.7-p358.
a16aa8c
Aaron Patterson Merge pull request #5599 from carlosantoniodasilva/fix-build-3-1
Fix build for branch 3-1-stable - return the same session hash object
4590e99
Aaron Patterson Merge pull request #2621 from icco/master
Issue with schema dump
e95f8e8
Mar 27, 2012
José Valim Avoid inspecting the whole route set, closes #1525 bef0b35
Arturo Pie Adds a test that breaks IM when using #select 488ea89
Arturo Pie Do not add record to identity map if the record doesn't have values f…
…or all the columns, so we don't get 'MissingAttributeError' later when trying to access other fields of the same record.
a00a42d
Arturo Pie refactor the checking of the attributes of the record in IdentityMap#…
…add, so it's more readable
15a2e0d
Mar 28, 2012
Arturo Pie refactor instantiate method in base, so we remove nesting if's which …
…make the code harder to read. Minor changes to contain_all_columns in IdentityMap.
14af116
Mar 29, 2012
Yasuo Honda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-1-stable branch
53db676
Aaron Patterson Merge pull request #5647 from arturopie/fixing_IM_when_using_find_select
Fixing Identity Map when using find select
eae9a07
Santiago Pastorino Merge pull request #5658 from yahonda/address_ora_00918_with_oracle_f…
…or_3_1

Address an error for test_has_many_through_polymorphic_has_one with Oracle
5cbb20d
Apr 01, 2012
Arun Agrawal :subdomain can now be specified with a value of false in url_for,
allowing for subdomain(s) removal from the host during link generation. 

Closes #4083

cherry-picked from 

de942e5
96aa3bd
54d3645
Arun Agrawal CHANGELOG entry added c409d06
Apr 03, 2012
José Valim Merge pull request #5686 from arunagw/issue_4083
Issue 4083
8c3ca29
Apr 16, 2012
Arun Agrawal multi_json is restricted to < 1.3.
Some API changes are there above 1.3.
eeba535
Jeremy Kemper Merge pull request #5862 from arunagw/multi_json_fix_3-1-stable
Restrict multi_json to >= 1.0, < 1.3 to avoid API changes in 1.3
4274a81
Apr 29, 2012
Andrew White Don't convert params if the request isn't HTML - fixes #5341
(cherry picked from commit d6bbd33)
8af2fd8
Arun Agrawal mocha can be locked here as new version is failing
nil.stubs is not allowed in new version of mocha
94a5431
Jeremy Kemper Merge pull request #6046 from arunagw/lock_mocha_to_fix_build
Lock mocha to fix build
f00ab1d
Andrew White Escape interpolated params when redirecting - fixes #5688 78c181b
Apr 30, 2012
Will Bryant fix the Flash middleware loading the session on every request (very d…
…angerous especially with Rack::Cache), it should only be loaded when the flash method is called
d625a7a
Piotr Sarnacki Failing test for #6034 e23e684
Dave Gerton Correcting some confusion. Pago Pago is part of American Samoa, not S…
…amoa.

Further, Samoa and Tokelau jumped across the IDL from Dec 29 to Dec 31, 2011
switching from UTC-11 to UTC+13. American Samoa did not make the change and
remains at UTC-11. Pacific/Fakaofo and Pacific/Apia are in TZInfo and
documentation about the dateline change is in austalasia at IANA.

(cherry picked from commit 5fe88b1)
7b0c45d
May 01, 2012
Vijay Dev fix grammar in deprecation message [ci skip] ffd3289
May 03, 2012
Andrew White Reset the request parameters after a constraints check
A callable object passed as a constraint for a route may access the request
parameters as part of its check. This causes the combined parameters hash
to be cached in the environment hash. If the constraint fails then any subsequent
access of the request parameters will be against that stale hash.

To fix this we delete the cache after every call to `matches?`. This may have a
negative performance impact if the contraint wraps a large number of routes as the
parameters hash is built by merging GET, POST and path parameters.

Fixes #2510.
(cherry picked from commit 5603050)
0cfa6b7
May 04, 2012
Dmitry Vorotilin Fix #3993 assets:precompile task does not detect index files cf42971
Dmitry Vorotilin Added test for assets:precompile for index files 29aa03a
Jeremy Kemper Merge pull request #6152 from route/assets_precompile_task_3_1
Just cherry-picked fixes for asset precompile for 3-1-stable
a33d9f4
May 10, 2012
Andrew White Refactor the handling of default_url_options in integration tests
This commit improves the handling of default_url_options in integration
tests by making behave closer to how a real application operates.

Specifically the following issues have been addressed:

* Options specified in routes.rb are used (fixes #546)
* Options specified in controllers are used
* Request parameters are recalled correctly
* Tests can override default_url_options directly
7336b33
Andrew White Don't ignore nil positional arguments for url helpers - fixes #6196. e98893b
Carlos Antonio da Silva Update performance profiler to work with latest ruby-prof, fix 3-1-st…
…able build
b7080e7
Piotr Sarnacki Merge pull request #6261 from carlosantoniodasilva/fix-build-3-1
Fix build 3-1-stable
7b7bf33
May 11, 2012
Arun Agrawal Ruby-Prof works with 1.9.3. Let's run. 200d3da
Santiago Pastorino Merge pull request #6263 from arunagw/3-1-stable
3 1 stable
d2ae955
May 13, 2012
Guillermo Iguaran Upgrade sprockets to 2.0.4 03e2895
Santiago Pastorino Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable
Upgrade sprockets to 2.0.4
e7f8f5f
Rafael Mendonça França Merge pull request #3237 from sakuro/data-url-scheme
Support data: url scheme
a74b6a0
May 28, 2012
Aaron Patterson bumping to 3.1.5.rc1 bd8ee8c
May 29, 2012
James Mead Exceptions like Interrupt should not be rescued in tests.
This is a back-port of rails/rails#6525. See the commit notes there for
details.
4cd3285
Rafael Mendonça França Merge pull request #6532 from freerange/3-1-stable-minitest-passthrou…
…gh-exceptions

Exceptions like Interrupt should not be rescued in tests.
2f42815
May 30, 2012
Aaron Patterson predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
b71d4ab
Aaron Patterson Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660
5b83bbf
May 31, 2012
Aaron Patterson Merge branch '3-1-stable-sec' into 3-1-rel
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
a9c1898
Aaron Patterson updating the CHANGELOG a7ed198
Aaron Patterson bumping to 3.1.5 aa18c0c
Aaron Patterson Merge branch '3-1-stable-sec' into 3-1-stable
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
aa6e56b
Aaron Patterson Merge branch '3-1-rel' into 3-1-stable
* 3-1-rel:
  bumping to 3.1.5
  updating the CHANGELOG
  bumping to 3.1.5.rc1
a1a71ab
Jun 08, 2012
Ernie Miller Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.1.5 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
8355abf
Jun 10, 2012
Aaron Patterson Array parameters should not contain nil values. f4174ad
Jun 11, 2012
Toshinori Kajihara Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
023eaf8
Toshinori Kajihara Change the string to use in test case.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
8e6ed58
Rafael Mendonça França Mysql and Mysql2 adapters accepts only two arguments in the tables 3e2c00a
Aaron Patterson Merge branch '3-1-stable-sec' into 3-1-stable-rel
* 3-1-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
64e30e8
Aaron Patterson adding version number to changelogs 75d039f
Aaron Patterson updating changelogs with security fixes bee42f3
Aaron Patterson bumping version numbers 4e7d571
Jun 12, 2012
Aaron Patterson updating changelogs 63dce16
Jun 14, 2012
Xavier Noria removes item in the Active Record CHANGELOG
That change to update_attribute was considered
to be too subtle and was reverted in 30ea923
just before Rails 3 shipped. Later we introduced
update_column (Rails 3.1).
666a48a
Aaron Patterson adding a test for #6459 28e744d
Jul 23, 2012
Aaron Patterson updating changelog a4b8a7e
Jul 26, 2012
Aaron Patterson * Do not convert digest auth strings to symbols. CVE-2012-3424 eb69ad2
Aaron Patterson updating changelog with CVE 140a70a
Aaron Patterson updating rails release date 6cf68d7
Aaron Patterson bumping to 3.1.7 d314a48
Aug 06, 2012
Santiago Pastorino html_escape should escape single quotes d0c9759
Aug 09, 2012
Santiago Pastorino escape select_tag :prompt values
CVE-2012-3463
b6a0a11
Santiago Pastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
63e67ea
Santiago Pastorino Add CHANGELOG entries e8d78e7
Santiago Pastorino Bump to 3.1.8 38bf9cf
Aug 15, 2012
Carlos Antonio da Silva Add html_escape note to CHANGELOG
This was added to all other branches, but 3-1 missed the entry.

3-0-stable: 954e262
3-2-stable: ae2383d
master: 5c07be5
8181b72
Rafael Mendonça França Remove warning when using html_escape with Ruby 1.9.
Closes #7323
4f12e3a
Aug 17, 2012
Jon Leighton Use benchmark/ips to measure AR performance
This means we can more easily compare numbers, and we don't have to
specify a single N for all reports, which previously meant that some
tests were running many more/fewer iterations than necessary.

Conflicts:
	Gemfile
	activerecord/examples/performance.rb
20d6f70
Jon Leighton Increase benchmark time to 20 seconds.
I think that 5 seconds was a bit low for our purposes.

Also enable it to be configured via env vars.

We also need to scale the number of records up/down depending on how
long we're running the benchmark for.

Conflicts:
	activerecord/examples/performance.rb
e08268b
Aug 28, 2012
Xavier Noria CHANGELOGs are now per branch
Check 810a50d for the rationale.
e6e9e56
Pratik Ensure association preloading properly merges default scope and assoc…
…iation conditions
2d6d8a7
Oct 18, 2012
Rafael Mendonça França Require ActionController::Railtie in the default middleware stack.
This will make possible to do a frameworkless initialization since the
the default middleware stack is self contained.
144d747
Dec 14, 2012
Aaron Patterson test for 8018 92118e7
Aaron Patterson do not install ruby-prof on Ruby 2.0 61776f5
Carlos Antonio da Silva Update xml serialization tests to reflect a change in builder
Due to a change in builder, nil values now generates closed tags,
so instead of this:

    <pseudonyms nil=\"true\"></pseudonyms>

It generates this:

    <pseudonyms nil=\"true\"/>

Document this change in Rails so that people can track it down easily if
necessary.

Changes in Active Model, Active Record and Active Support tests.

Cherry-pick of d65adc7, 77dd3be and 146eaf3. Fix build.
9fc6c31
Dec 15, 2012
Carlos Antonio da Silva Be a bit less conservative with mysql in adapter
This will allow the new mysql 2.9.0 to be used, fixing our test issues.
64e6e6a
Dec 23, 2012
Aaron Patterson updating changelogs fbe436b
Aaron Patterson CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
c42f548
Aaron Patterson bumping version to 3.1.9 f1e977c
Jan 08, 2013
Santiago Pastorino Avoid Rack security warning no secret provided
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
4d5f950
Aaron Patterson * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …
…* dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md
7e5cc96
Jeremy Kemper CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 8133a81
Aaron Patterson bumping version a7dd0bb
Carlos Antonio da Silva Fix a few warnings of unused variables 86cf7d3
Prem Sichanugrist Remove test for XML YAML parsing
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See 8133a81 for more detail.
3f3c35b
Carlos Antonio da Silva Merge pull request #8835 from sikachu/3-1-stable-fix-ars
Remove test for XML YAML parsing
a97199d
Jan 09, 2013
Jeremy Kemper Merge pull request #5896 from sferik/revert_5861
Revert #5861. Feature-detect which MultiJson API to use.
Conflicts:
	activesupport/activesupport.gemspec

This backports multi_json version depedency changes as applied.

Rationale: #5861

Patch by sferik
7b9bab6
Rafael Mendonça França Merge pull request #8846 from AlexRiedler/revert_5861
Backport multi_json dependency revert of #5861 to 3-1-stable
b816e8e
Carlos Antonio da Silva Update changelogs with release dates and minor improvements [ci skip] 1b35a85
Jan 10, 2013
Jeremy Kemper Merge pull request #8889 from dylanahsmith/3-1-parse-non-object-json-…
…params

3-1-stable: Fix JSON params parsing regression for non-object JSON content.
18b8f90
Jan 11, 2013
Dylan Thacker-Smith Fix JSON params parsing regression for non-object JSON content.
Backports #8855.
c669a9c
Jan 12, 2013
Andrew White Remove unnecessary caching of ParameterFilter 8b3109a
Jan 16, 2013
James Mead Fix 3-1-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to
include Mocha bug fix.

A bug was fixed [1] in Mocha's integration with Test::Unit, but this
monkey-patching code was copied before the fix. We need to copy the
fixed version.

The bug meant that an unexpected invocation against a mock within the
teardown method caused a test *error* and not a test *failure*.

B) Fix for Test::Unit/Mocha compatibility.

Mocha is now using a single AssertionCounter which needs a reference to
the testcase as opposed to the result.

This change is an unfortunate consequence of the copying of a chunk of
Mocha's internal code in order to monkey-patch Test::Unit.

C) Avoid a Mocha deprecation warning.

[1]
freerange/mocha@f1ff647#diff-5
0591f6d
Rafael Mendonça França Merge pull request #8871 from freerange/3-1-stable-with-mocha-fixes
Fix 3-1-stable to work with Mocha >= v0.13.0
b0a2c67
Carlos Antonio da Silva Update mocha version to 0.13.0 and change requires
Conflicts:
	Gemfile
	railties/test/application/route_inspect_test.rb
	railties/test/generators_test.rb
ae6864e
Jan 26, 2013
Damien Mathieu remove the warning when testing whiny_nil d72c25e
Toshinori Kajihara Fix build. It seems that the Mocha's behavior were changed. 4ebe101
Feb 07, 2013
Dylan Thacker-Smith active_record: Quote numeric values compared to string columns. 26e13c3
Guillermo Iguaran Merge pull request #9209 from dylanahsmith/3-1-mysql-quote-numeric
[3.1] active_record: Quote numeric values compared to string columns.
ecfc26d
Feb 08, 2013
Roberto Miranda Fix test failure for ruby 1.8 2372a1f
Guillermo Iguaran Merge pull request #9226 from robertomiranda/fix-bigdecimal-test
[3.1] Fix test failure for ruby 1.8
c470941
Feb 09, 2013
joernchen of Phenoelit Fix issue with attr_protected where malformed input could circumvent
protection

Fixes: CVE-2013-0276
647afdb
Feb 10, 2013
Aaron Patterson bumping to 3.1.11 415bf3d
Feb 11, 2013
Carlos Antonio da Silva Update changelogs with version/release dates [ci skip]
Also add note about attr_protected change.
16ed3d5
Feb 14, 2013
Carlos Antonio da Silva Fix changelog typos [ci skip]
Thanks to @jmccartie.
967591b
Feb 16, 2013
joernchen of Phenoelit Update activemodel/CHANGELOG.md
Fixed a typo ;)
b7ee5ca
Xavier Noria Merge pull request #9309 from joernchen/patch-2
Update activemodel/CHANGELOG.md
7e90a8e
Feb 27, 2013
Steve Klabnik Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-nu…
…meric"

This reverts commit 921a296.
2821f95
Josh Owens Update gemspec to get mail 2.4 as the main version, 2.3.3 has securit…
…y issues.
d3dc2a7
Guillermo Iguaran Merge pull request #9475 from queso/update-mail
Update gemspec to get mail 2.4 as the main version, 2.3.3 has security i...
3f8eb4e
Mar 15, 2013
Aaron Patterson stop calling to_sym when building arel nodes [CVE-2013-1854] 5ff6012
Charlie Somerville fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] 36bcc93
benmmurphy JDOM XXE Protection [CVE-2013-1856]
Conflicts:
	activesupport/test/xml_mini/jdom_engine_test.rb
a7d252b
Aaron Patterson fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
735bb98
Mar 18, 2013
Aaron Patterson bumping to 3.1.12 0c510c7