Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
This comparison is big! We’re only showing the most recent 250 commits
Commits on May 11, 2010
@josevalim josevalim Remove i18n interpolation deprecation. It has been around since 2.2. 8e679f1
Commits on May 12, 2010
@spastorino spastorino type_cast_calculated_value refactor: value is never a Fixnum here. Fi…
…x test since SQLite returns Float.

[#4514 state:committed]

Signed-off-by: Jeremy Kemper <>
@jeremy jeremy Drop require removed by 8e679f1 9ab1154
@lifo lifo Use superclass_delegating_accessor for connection handlers 7cbc546
@spastorino spastorino to_json and to_xml tests added to ActiveResource
[#4529 state:resolved]

Signed-off-by: Jeremy Kemper <>
Commits on May 14, 2010
@josevalim josevalim Remove deprecated tests according to 8e679f1 6949d6f
Commits on May 15, 2010
@joshk joshk backported AR correction to find_each and find_in_batches to raise wh…
…en the user uses select but does not specify the primary key

Signed-off-by: José Valim <>
@jeffkreeftmeijer jeffkreeftmeijer partial counters with :as [#2804 state:resolved]
Signed-off-by: Jeremy Kemper <>
Neeraj Singh db:drop:all throws error when database does not exist [#2997 state:re…

Signed-off-by: Jeremy Kemper <>
@jeffkreeftmeijer jeffkreeftmeijer make sure `as` is set before trying to build an #{as}_counter. [#2804

Signed-off-by: Jeremy Kemper <>
@lawrencepit lawrencepit docs + test for each_error
[#3185 state:committed]

Signed-off-by: Jeremy Kemper <>
Commits on May 16, 2010
Elomar França Don't carry default value when changing column for a binary type on M…
…ySQL [#3234 state:resolved]

Signed-off-by: José Valim <>
@jeffkreeftmeijer jeffkreeftmeijer using :time_select when the attribute type is :time in the scaffold g…
…enerator. [#2377 state:resolved]

Signed-off-by: José Valim <>
Neeraj Singh Fix broken integration test in 2.x [#4565 state:resolved]
Signed-off-by: José Valim <>
@no6v no6v make fixture accessors private
prevent to be run fixture accessor (e.g. test_foos for TestFoo model) as a test case

Signed-off-by: José Valim <>
@matthewrudy matthewrudy when we run rake rails:freeze:edge update the value of the "REVISION"…
… file rather than creating a new file "REVISION_ce706..." each time [#1694 state:resolved]

Signed-off-by: José Valim <>
@jeffkreeftmeijer jeffkreeftmeijer Added assert_attribute_type to clean up GeneratedAttributeTest [#2377

Signed-off-by: José Valim <>
@Wijnand Wijnand Postgresql doesn't allow to change a string type column to a binary t…
…ype. Skip this test for postgresql for now.

Signed-off-by: José Valim <>
@rizwanreza rizwanreza Rack dependency bumped to 1.1.0, tests passing. [#3558 state:resolved]
Signed-off-by: José Valim <>
@jeremy jeremy CI: bump rack to 1.1 cd3d30d
Commits on May 17, 2010
@josevalim josevalim superclass_delegating_accessor does not accept options. 76608b1
@rizwanreza rizwanreza Deprecate Array#rand in favor of Array#random_element [#4555 stated:c…

Signed-off-by: Xavier Noria <>
@fxn fxn method rename to fix a broken test bb2327d
Commits on May 18, 2010
@josevalim josevalim Deprecate legacy CGI options in SessionStores. 94878c6
@ianwhite ianwhite Nested records (re: autosave) are now updated even when the intermedi…
…ate parent record is unchanged [#4242]

Signed-off-by: José Valim <>
@etiennebarrie etiennebarrie make add_index and remove_index more resilient; new rename_index meth…
…od; track database limits

[#3452 state:committed]

Signed-off-by: Jeremy Kemper <>
@jeremy jeremy Revert "Don't carry default value when changing column for a binary t…
…ype on MySQL"

Broke mysql tests.

This reverts commit ddadcc7.



[#3234 state:open]
@fxn fxn 1.9 compat: deprecated last_(month|year) in favor of prev_(month|year) 25ec613
Commits on May 22, 2010
@tenderlove tenderlove backporting beda2d4 for newer sqlite-ruby bindings
Signed-off-by: Xavier Noria <>
Commits on May 23, 2010
@jeremy jeremy Remove miscommit from 57337cd d8f0a58
@jeremy jeremy 2.3.6 release 56bb550
@jeremy jeremy Bump 2-3-stable to 2.3.7 55e88ee
@nex3 nex3 Mark all raw HTML being concatted as HTML-safe.
Signed-off-by: Jeremy Kemper <>
@nex3 nex3 Don't always mark the argument to #concat as HTML-safe.
Signed-off-by: Jeremy Kemper <>
@nex3 nex3 Don't incompatibly monkeypatch ERB.
Signed-off-by: Jeremy Kemper <>
@jeremy jeremy Fix test rendering unmarked but safe HTML ca5f5d9
@jeremy jeremy Use a non-XSS-protected output buffer for view tests ab2d7c8
@jeremy jeremy Revert "Don't always mark the argument to #concat as HTML-safe."
This reverts commit e53791f.
@spastorino spastorino Make use of safe_concat on TextHelper concat
Signed-off-by: Jeremy Kemper <>
Commits on May 24, 2010
@jeremy jeremy rails_xss handles deprecated String html safety, when installed 3ff921a
@jeremy jeremy Move tests for deprecated String#html_safe! to plugin 60e82a3
@jeremy jeremy 2.3.7 release: fix rails_xss compatibility 326188c
@jeremy jeremy Bump 2-3-stable to 2.3.8 f97da34
@mislav mislav auto_link: support arbitrary URI schemes like "ftp:" and "file:"
recognizes all URI scheme allowed characters, such as colon and period.

[#3494 state:resolved]
@mislav mislav avoid auto_linking already linked emails; more robust detection of li…
…nked URLs

References #1523  [#1862 state:resolved]  [#3591 state:resolved]

Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination with `raw`.
Let link text be automatically HTML-escaped

[#2017 state:resolved]
@cainlevy cainlevy Ensure auto_link does not ignore multiple trailing punctuations
[#2504 state:resolved]
@jeremy jeremy Fix that captured content (e.g. with form_for or div_for) would be HT…
…ML-escaped even without the rails_xss plugin installed. Rails 2.3.7, we barely knew ya...
@wycats wycats Give the ERB String the encoding of the original template 50b7c0c
@wycats wycats Needs to work on 1.8 too 8e6a044
@spastorino spastorino Revert "translation method of TranslationHelper module returns always…
… SafeBuffer [#4194 status:resolved]"

This reverts commit 2310aef.

Signed-off-by: José Valim <>
@spastorino spastorino translation method of TranslationHelper module returns a SafeBuffer A…
…rray backport

[#4675 state:committed]

Signed-off-by: José Valim <>
@jeremy jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests
@jeremy jeremy Add global gem task e5af56a
@jeremy jeremy 2.3.7.pre1: fixes HTML escaping when *not* using rails_xss 4fef5af
@spastorino spastorino translate helper method using an array is deprecated
Signed-off-by: José Valim <>
@josevalim josevalim Ensure translations work with symbols. 50f3754
@jeremy jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests (ditto for other components' tests)
@spastorino spastorino Error messages for asserts
Signed-off-by: Jeremy Kemper <>
@jeremy jeremy Work around strange Ruby 1.9 autoload issue by using absolute load pa…
…ths for tests (for Active Model too)
Commits on May 25, 2010
@jeremy jeremy HTML safety: fix textarea with nil content 6a9e188
@jeremy jeremy i18n: t() handles single keys returning an Array, also f7e27bd
@spastorino spastorino SQLite: forward compatibility with future driver releases

Signed-off-by: Jeremy Kemper <>
@fxn fxn get railties/README back to the home page of the API 2ed893b
@jeremy jeremy Bump 2-3-stable to 2.3.9 9da7ff8
@jeremy jeremy Shift SafeBuffer#concat responsibility over to rails_xss a815f0c
Commits on May 26, 2010
@spastorino spastorino removes an unneeded alias
Signed-off-by: José Valim <>
Commits on May 29, 2010
@NZKoz NZKoz Merge commit 'mislav/auto_link_2-3-stable' into 2-3-stable 5796a92
@NZKoz NZKoz Merge commit 'mislav/counter_cache_2-3-stable' into 2-3-stable b760d69
Andrew Don't rewrap system level exceptions with StatementInvalid
Signed-off-by: Michael Koziarski <>
[#896 state:committed]
Commits on Jun 05, 2010
@fxn fxn deprecates Array#random_element in favor of Array#sample, backported …
…from Ruby 1.9, thanks to Marc-Andre Lafortune
Commits on Jun 08, 2010
@sikachu sikachu Make sure that rails recognized the full notation of IPv6 loopback ad…
…dress, and recognize in IPv4

[#3257 state:resolved]

Signed-off-by: José Valim <>
Commits on Jun 09, 2010
@chewi chewi Don't overwrite unsaved updates when loading an association but prese…
…rve the order of the loaded records. [#4642 state:resolved]

Signed-off-by: Pratik Naik <>
@lifo lifo Fix AR perf script e4accde
Commits on Jun 18, 2010
@MasterLambaster MasterLambaster Fix test which prevents connection reset on failing and remove hardco…
…ded connection

[#4689 state:committed]

Signed-off-by: Jeremy Kemper <>
Commits on Jun 19, 2010
Maxime RETY Fix Yajl backend discovery in ActiveSupport::JSON

Signed-off-by: Jeremy Kemper <>
@chewi chewi When not overwriting unsaved updates in nested attributes, allow alre…
…ady-saved records to be refreshed.

Signed-off-by: José Valim <>
Commits on Jun 20, 2010
@sikachu sikachu Update bundled i18n gem to 0.4.1 to make sure every project will be w…
…arn about using deprecated %{..} interpolation.

This will also make sure that by changing {{..}} into %{..} won't break any Rails 2.3.x application, since it would load the vendored version if it's not satisfy the version requirement.

Signed-off-by: José Valim <>
@sikachu sikachu Change all i18n interpolations from {{...}} to %{...}
This will silent all warning if there's a i18n version 0.4.x gem install on user's machine.

[#4913 state:resolved]

Signed-off-by: José Valim <>
Commits on Jun 22, 2010
@jstorimer jstorimer CookieStore should preserve the Set-Cookie header Array [#4743 state:…

Signed-off-by: Jeremy Kemper <>
@jeremy jeremy CI: add i18n gem e703fc1
Commits on Jun 23, 2010
@zilkey zilkey remove_column should raise an ArgumentError when no columns are passed [
#4803 state:resolved]

Signed-off-by: Michael Koziarski <>
@NZKoz NZKoz make text_field and hidden_field omit the value attribute if the deve…
…loper explicitly passes in :value => nil [#4839 state:resolved]

Signed-off-by: Michael Koziarski <>


@NZKoz NZKoz Revert "make text_field and hidden_field omit the value attribute if …
…the developer explicitly passes in :value => nil [#4839 state:reopened]"

This reverts commit 52c922f
Paweł Kondzior STI should identify itself inside named_scope
[#1570 state:resovled]

Signed-off-by: José Valim <>
Neeraj Singh test for #1570
Signed-off-by: José Valim <>
@maxim maxim Fix eager loading of polymorphic has_one associations nested-included…
… under polymorphic belongs_to associations. [#3233 state:resolved]

Signed-off-by: José Valim <>
Neeraj Singh Fragment cache not generating the proper cache key in log
[#4827 state:resolved]

Signed-off-by: José Valim <>
@harking harking Fixes #2415 by creating a new instance of the Model when saving attri…
…butes to that model and the associated attributes already exist. Tests included. [#2415 state:resolved]

Signed-off-by: José Valim <>
kane quote scoped columns in validates_uniqueness_of [#4909 state:resolved]
Signed-off-by: José Valim <>
Neeraj Singh fixes to the tests for patch #4909
Signed-off-by: José Valim <>
@josevalim josevalim Use size for Ruby 1.8.6 compatibility. 68bfd8a
@fxn fxn deprecates load_(once_)paths in dependencies and app config in favor …
…of autolaod_(once_)paths
Commits on Jun 25, 2010
@sikachu sikachu Make sure that Rails doesn't resent session_id cookie over and over a…
…gain if it's already there [#2485 state:resolved]

This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie.

Signed-off-by: José Valim <>
@mudge mudge Alias ActiveSupport::OrderedHash#update to ActiveSupport::OrderedHash…

This ensures that an OrderedHash's keys are set up appropriately when using update.

[#4973 state:committed]

Signed-off-by: Jeremy Kemper <>
Commits on Jun 26, 2010
@chaitanyav chaitanyav Add OrderedHash#invert to preserve order in ruby 1.8
Signed-off-by: José Valim <>
@josevalim josevalim Tidy up tests in previous commit since they did not assure an Ordered…
…Hash is returned (the test would pass for an array and would pass by chance for hashes).

[#4875 state:resolved]
Commits on Jun 27, 2010
@dolzenko dolzenko Add module_eval missing file_name and line_number args
[#4712 state:resolved]

Signed-off-by: José Valim <>
Commits on Jun 28, 2010
@spastorino spastorino Don't store incorrect values in zones_map backport
[#4942 state:committed]

Signed-off-by: José Valim <>
@texel texel test that unknown zones don't store mapping keys

Signed-off-by: Santiago Pastorino <>
Signed-off-by: José Valim <>
Commits on Jun 29, 2010
@sikachu sikachu Fix [54a5088] where the i18n gem was wrongly updated to 0.4.1.
I've tested and confirm that `2-3-stable` will use the vendored `i18n` gem if there's no `i18n` gem with version >= 0.4.1 installed

Signed-off-by: José Valim <>
@dtrasbo dtrasbo Only tell users that the Rails gem is missing if it's actually the ca…
…se [#2901 state:committed]

Signed-off-by: José Valim <>
@dtrasbo dtrasbo Deprecate ActiveRecord::Base#class_name [#379 state:committed]
Signed-off-by: José Valim <>
@texel texel Rewrite the clause to pluck the existing value from zones_map before …
…performing a lookup. [#4942 state:resolved]

Signed-off-by: José Valim <>
@tenderlove tenderlove AssociationCollection#create_by_*, find_or_create_by_* work properly …
…now. [#1108 state:resolved]

Signed-off-by: Jeremy Kemper <>
Commits on Jun 30, 2010
@jberkel jberkel Backported patch from [#4762]
URL fragments should not have safe characters escaped. Ref: Appendix A,

Signed-off-by: José Valim <>
@chewi chewi Don't remove scheduled destroys when loading an association.
Signed-off-by: José Valim <>
Commits on Jul 01, 2010
@tenderlove tenderlove fisting Session::AbstractStore#clear to actually clear the session. [#…
…5030 state:resolved]

Signed-off-by: Jeremy Kemper <>
Commits on Jul 04, 2010
@josevalim josevalim Use bind instead of instance_exec cause it may be causing memory leak…
…s. Also, provide a simpler and sane implementation for scoped. [#5044 state:resolved]
Commits on Jul 08, 2010
@mislav mislav add missing require to ActiveRecord "base_test.rb"
Signed-off-by: Jeremy Kemper <>
@mislav mislav test that ActiveRecord `destroy` and `destroy_all` return destroyed r…

Signed-off-by: Jeremy Kemper <>
@gammons gammons fixes #2362, eager loading :through associations will join the :sourc…
…e model if there are :conditions

Signed-off-by: José Valim <>
@metaskills metaskills Fix the #using_limitable_reflections? helper to work correctly by not…
… examining the length of an array which contains false/true, hence always passing.

Signed-off-by: José Valim <>
@hardbap hardbap A generated plugin's test are not run by 'rake test'
Signed-off-by: José Valim <>
Commits on Jul 14, 2010
@jlewallen jlewallen Set destroyed=true in opt locking's destroy [#5058 state:resolved]
Signed-off-by: José Valim <>
@lovitt lovitt Sessions should not be created until written to and session data shou…
…ld be destroyed on reset. [#4938 state:resolved]

Signed-off-by: José Valim <>
Commits on Jul 15, 2010
@tenderlove tenderlove fixing performance regression from 2.3.5 -> 2.3.8 7b6383f
Commits on Jul 16, 2010
@NZKoz NZKoz Only skip eager loading the code if dependency_loading is still enabled.
Otherwise rake tasks which depend on environment will get errors about missing constants.
@tenderlove tenderlove backporting a couple missing files. sorry folks! 4ae4828
Commits on Jul 17, 2010
@jyurek jyurek Fix for integration tests not serializing arrays in multipart forms c…

Signed-off-by: wycats <>
Commits on Jul 18, 2010
@tenderlove tenderlove changing fixtures back to superclass_delegating_accessor until we can…
… convert them to class_attributes
Neeraj Singh update_attribute and updated_attributes! are now wrapped in a transac…

[#922 state:resolved]

Signed-off-by: José Valim <>
@subbarao subbarao renaming test name to fix accidently override [#5076 state:resolved]
Signed-off-by: José Valim <>
Commits on Jul 25, 2010
@spastorino spastorino Changes the usage of Object#returning with Object#tap
Signed-off-by: José Valim <>
@spastorino spastorino Deprecates Object#returning in favor of Object#tap
Signed-off-by: José Valim <>
@spastorino spastorino Changelog update for Object#responding deprecation
Signed-off-by: José Valim <>
Commits on Jul 26, 2010
@spastorino spastorino Changes Object#returning with Object#tap on guides ae63d5c
@texel texel Override new on proxy objects so that they never wrap nil or false. a9ef2fd
@texel texel Test to ensure that falsy objects aren't wrapped by deprecation proxies 27651c1
Commits on Aug 01, 2010
@spastorino spastorino Makes form_helper use overriden model accessors backport 8141f08
Commits on Aug 03, 2010
@subbarao subbarao In nested_attributes when association is not loaded and association r…
…ecord is saved then in memory record attributes should be saved

[#5053 state:resolved]

Signed-off-by: José Valim <>
Commits on Aug 04, 2010
@fxn fxn it is no longer true that load_paths are going to be removed in final 15cafbe
Commits on Aug 10, 2010
@NZKoz NZKoz Revert "Ruby 1.9.2: explicitly raise NoMethodError for attempts at ex…
…plicit coercion"

This reverts commit 64082b3.

This change broke compatibility with 1.8.6 and was only needed for older 1.9.2 versions


Commits on Aug 15, 2010
@spastorino spastorino Making time_zone_options_for_select return a html_safe string master …
Commits on Aug 18, 2010
@Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
@Jeff-Lawson Jeff-Lawson Bug Fix -- clean up connection after stored procedure [#3151 state:re…
…solved] for 2-3-stable
Commits on Aug 20, 2010
@fxn fxn revises guides generation add3ccb
@fxn fxn restores railties/README as home page of the API 11361a9
Commits on Aug 25, 2010
@mikel mikel Make ActiveResource::InvalidRequestError more user friendly
Signed-off-by: Xavier Noria <>
Commits on Aug 30, 2010
@jeremy jeremy Exclude guides from gem to keep file size small bdace5d
@jeremy jeremy Prepare for Rails 2.3.9. Release 2.3.9.pre gems. b2c9198
@mikel mikel Updating documentation on ActiveResource HTTP Mock and also adding te…
…st coverage
@mikel mikel Back porting HttpMock test from Rails 3 master 56fdfeb
@mikel mikel Adding option to ActiveResource to allow you to not reset the previou…
…sly stored requests and responses by passing false to respond_to

Backport of commit 2a1b23f851ea3d4634fc68b74fe6b1afed23d3ef on rails/master
Commits on Aug 31, 2010
@jeremy jeremy require 'thread' for Mutex dependency 6f17422
Commits on Sep 03, 2010
@metaskills metaskills Conversion of a two dimensional array that is ruby 1.8.6 safe. Fix pa…
…ren warnings too.

Signed-off-by: Michael Koziarski <>
Commits on Sep 04, 2010
@jeremy jeremy Rails 2.3.9 a61a39e
Commits on Sep 08, 2010
@mislav mislav fix setting session cookie with activerecord and memcache store
Commit f8f3653 broke setting the session ID cookie for requests without 'HTTP_COOKIE' header
when using activerecord or memcache store. Integration tests didn't catch this because they
always set the HTTP_COOKIE header for mock requests, so now this is changed to only set the
header if there are cookies.

[#5581 state:committed]

Signed-off-by: Santiago Pastorino <>
Commits on Sep 09, 2010
@mikel mikel Adding documentation to redirect_to and status code option references 597fb1d
@sferik sferik Fix typo in deprecation warning
Object#returning should be Kernel#returning
@sferik sferik Add support for mysql2 adapter e8b84ab
@akaspick akaspick Fix fixtures in integration test sessions
Signed-off-by: Michael Koziarski <>
Commits on Sep 10, 2010
@jeremy jeremy Ruby 1.9 compat: convert Pathname to string 761c9cd
@miloops miloops Add more examples in performance script.
[#5610 state:committed]

Signed-off-by: Jeremy Kemper <>
Commits on Sep 14, 2010
@loe loe Only send secure cookies over SSL. 17f2fb4
Commits on Sep 24, 2010
@colincasey colincasey Test for imposed version number as last part of gem directory name fo…
…r frozen gems

[#4295 state:resolved]

Signed-off-by: José Valim <>
@colincasey colincasey Fix for imposed version number as last part of gem directory name for…
… frozen gems

Signed-off-by: José Valim <>
Commits on Sep 26, 2010
@akaspick akaspick memoized protected methods should remain protected
Signed-off-by: Michael Koziarski <>
@NZKoz NZKoz Revert "Makes form_helper use overriden model accessors backport"
This change introduced breakages and test failures.

This reverts commit 8141f08.
Commits on Sep 27, 2010
@etiennebarrie etiennebarrie Fix add_index with a symbol #4891 bc52d81
Commits on Sep 28, 2010
@rywall rywall Add test to demonstrate failure with eager loading hmt where the asso…
…ciation has an order.
@marklazz marklazz Preserving :include options for hmt association with an order but wit…
…hout conditions [#5262 state:resolved]
Commits on Sep 30, 2010
@miloops miloops Use detect instead select to avoid sh [..] command not found. 1851596
@miloops miloops Add examples to performance script that were included in version 3. 5a63df2
@marklazz marklazz Remove duplication of conditions generated for associations when used…
… in conjunction with named_scopes [#4634 state: resolved]
@marklazz marklazz AssociationCollection#include? working properly for objects added wit…
…h build method [#3472 state:resolved]
@tenderlove tenderlove fixing space errors fb526a0
Commits on Oct 04, 2010
@tenderlove tenderlove [#5406 state:resolved] calling the correct method on minitest to obta…
…in the test name
@tenderlove tenderlove calling correct method on minitest for test name when teardown callba…
…ck fails
Commits on Oct 11, 2010
@gbuesing gbuesing require 'uri' in action_controller/url_rewriter [#5555 state:resolved]
Signed-off-by: José Valim <>
Commits on Oct 14, 2010
@NZKoz NZKoz Revert 7d2173e which introduced a security vulnerability.
This addresses  CVE-2010-3933
@NZKoz NZKoz Prepare for the 2.3.10 release f5ed5c3
Commits on Oct 21, 2010
@ccabot ccabot bug 1108: fix a bug with find_or_create_by and additional values
There was a bug with find_or_create_by_x introduced in 2.3.9 - if you
included extra parameters for the create() then those parameters would
confuse the find() so you'd never get to the create().  This patch
filters the parameters so we only pass to find() the subset that it's
interested in.  The code for the filtering was modelled on the code in
base.rb's method_missing().
@ccabot ccabot bug 1108: yield to block provided to find_or_create_by_x
Starting in 2.3.8 we stopped yielding to blocks passed in to
find_or_create_by_x methods.  This patch restores that behavior and
adds a case to test it.
@omarqureshi omarqureshi Fix AbstractStore so that it preserves Set-Cookie header as an array,…
… rather than as newline separated strings
@tenderlove tenderlove removing space errors df78de2
Commits on Oct 26, 2010
@pixeltrix pixeltrix Don't create a deprecation proxy object if the variable was passed in…
… local_assigns [#1671 state:resolved]
Commits on Oct 27, 2010
@pixeltrix pixeltrix Don't write out secure cookies unless the request is secure 25139ac
Commits on Nov 03, 2010
@tomstuart tomstuart Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 st…

This is a backport of dd15a3f.

Signed-off-by: Andrew White <>
Commits on Nov 16, 2010
@acatighera acatighera Fix ActiveRecord calculations when grouped by multiple fields 1681ede
Commits on Dec 01, 2010
@josevalim josevalim Revert "Fix AbstractStore so that it preserves Set-Cookie header as a…
…n array, rather than as newline separated strings"

This reverts commit 36b91e3.


@paukul paukul Let Rack::Utils.set_cookie_header! create the Set-Cookie header inste…
…ad of manually fiddling with the response headers [#4941 state:resolved]

Signed-off-by: José Valim <>
Commits on Dec 07, 2010
@willbryant willbryant Don't add non-new records back to the target array after loading targ…
…ets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on

Signed-off-by: Michael Koziarski <>
@NZKoz NZKoz Revert "In nested_attributes when association is not loaded and assoc…
…iation record is saved then in memory record attributes should be saved"

This reverts commit 12bbc34.

It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3
Commits on Dec 19, 2010
@NZKoz NZKoz Require thread explicitly rather than relying on rubygems to do it. 6d91632
Commits on Jan 02, 2011
@mikel mikel Correcting actionmailer guide for Rails 2.3 92fd824
@mikel mikel Updating documentation on ActionMailer base to show a multipart email…
… with attachments
Commits on Jan 09, 2011
@bluetrans-deploy bluetrans-deploy use Object#class instead of Object#type 08d94d3
Commits on Jan 10, 2011
@jeremy jeremy Revert "use Object#class instead of Object#type"
This reverts commit 08d94d3.
Commits on Jan 19, 2011
@jrdioko jrdioko Fix doc for #check_box [#6311 state:resolved]
Signed-off-by: Xavier Noria <>
@jamis jamis make TestCaseTest work for pre-1.9 rubies, too 8378a44
@jamis jamis scrub instance variables from test cases on teardown
this prevents test state from accumulating, resulting in leaked
objects and slow tests due to overactive GC.
@jamis jamis rein in GC during tests by making them run (at most) once per second
this can provide a significant performance boost during testing, by
preventing the GC from running too frequently.
@jamis jamis Revert "rein in GC during tests by making them run (at most) once per…
… second"

This reverts commit a0c761d.
@jamis jamis Revert "scrub instance variables from test cases on teardown"
This reverts commit b5cf2b4.
@jamis jamis Revert "make TestCaseTest work for pre-1.9 rubies, too"
This reverts commit 8378a44.
Commits on Feb 01, 2011
@tenderlove tenderlove fixing invalid yaml [#4418 state:resolved]
Signed-off-by: Jeremy Kemper <>
Commits on Feb 08, 2011
@NZKoz NZKoz Be sure to javascript_escape the email address to prevent apostrophes…
… inadvertently causing javascript errors.

This fixes CVE-2011-0446
@NZKoz NZKoz Change the CSRF whitelisting to only apply to get requests
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
@NZKoz NZKoz Prepare for the 2.3.11 release b0c3d45
Commits on Feb 09, 2011
@tenderlove tenderlove rubygems 1.5.0 compatibility. Thanks Tim Serong abc06a2
Commits on Feb 20, 2011
@vijaydev vijaydev fix incorrect version in deprecation message
Signed-off-by: Santiago Pastorino <>
Commits on Mar 01, 2011
@robdimarco robdimarco Unit test that shows calling reset session twice results in an exception 589ce09
@robdimarco robdimarco Fixed bug 6440 by checking that destroy exists on the session 8ca8ac3
Commits on Apr 14, 2011
@gmarik gmarik respect :expire_after option
- it was broken after
- there's also

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](

Signed-off-by: José Valim <>
Commits on Apr 28, 2011
@daphonz daphonz Fixing dynamic finders on associations to properly send arguments to …
…the find_by_* method. Closes issue #330.

Commit fdfc8e3 introduced a bugfix to prevent additional values passed
to a dynamic find_or_create_by_x methods from confusing the finder.
This patch also broke the essential behavior of this method on an
association by incorrectly sending arguments to the find_by_x methods.
The finder method would always see its inputs as a single array of
values instead of individual arguments, almost guaranteeing that the
finder call would be incorrect, and that we'd always create a new
record instead.

This patch adds a splat operator to the parameter array we send along to
the dynamic finder so that it receives its inputs correctly, and
includes an additional test to ensure that repeated calls to
find_or_create_by_x only creates one new record.
@josevalim josevalim Merged pull request #331 from daphonz/2-3-stable.
Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
@josevalim josevalim Merged pull request #198 from robdimarco/2-3-stable.
Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
Commits on May 12, 2011
@zenspider zenspider Fix stupid emacsisms. Just makes things more readable. 8d4ca9e
@zenspider zenspider Fix broken GemDependency#==. You should ALWAYS check the class! 01a9fbb
@zenspider zenspider Removed buggy GemDependency#requirement override. Overrides should NE…
…VER change the semantics of the parent (returning nil if default).
@zenspider zenspider Fixed buggy gem activation. Don't pass a dependency to gem, pass the
name and requirement. Better, just activate the spec for the
dependency (1.8 only)
@zenspider zenspider Removed the bulk of the deprecations by simply not calling refresh.
This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.
Commits on May 25, 2011
@zenspider zenspider + Switched to newer rdoc and gem package tasks (and their requires).
+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.
Commits on Jun 07, 2011
@tenderlove tenderlove find the spec from the source index, then activate it a2a3413
Commits on Jun 09, 2011
@bcardarella bcardarella Remove deprecation warning for ActiveRecord::Errors#generate_message.…
… This is the same API that ActiveModel ended up using and that won't be changing.
Commits on Jun 16, 2011
@Antiarchitect Antiarchitect Fix OrderedHash merging with block given. b2d4142
Commits on Jun 17, 2011
@Antiarchitect Antiarchitect Added tests for OrderedHash merging with block. b1c36b7
@josevalim josevalim Merge pull request #1740 from Antiarchitect/2-3-stable
Fix OrderedHash merging with block given.
Commits on Jul 27, 2011
@fxn fxn contrib app minor tweak 78a1fda
Commits on Aug 04, 2011
@tenderlove tenderlove we should not ignore all gems in here b132992
Commits on Aug 16, 2011
@tenderlove tenderlove adding notification for rdoc bb99aa1
@tenderlove tenderlove fixing response splitting problem 11dafea
@tenderlove tenderlove bumping to 2.3.13 dea5a10
@tenderlove tenderlove 2.3.14. yay. :'( fb1588c
@tenderlove tenderlove fixing sql injection problem 6b46d65
@tenderlove tenderlove fixing strip tags vulnerability 60f783d
@tenderlove tenderlove fixing utf8 escape vulerability e0774e4
Commits on Dec 27, 2011
@dasch dasch Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty
If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
Commits on Dec 29, 2011
@tenderlove tenderlove Merge pull request #4202 from dasch/request-remote-ip
Fix bug in `ActionController::Request#remote_ip`
Commits on Dec 31, 2011
@amatsuda amatsuda bump up rack version to the one that includes the Hash DoS fix 27a508c
@josevalim josevalim Merge pull request #4247 from amatsuda/hashdos_23
bump up rack version to the one that includes the Hash DoS fix
Commits on Mar 29, 2012
@eee-c eee-c Better minimum validates_length_of examples (adapted from master). 2229a7e
@fxn fxn Merge pull request #5653 from eee-c/patch-1
Doc fixes in 2.3: validates_length_of
Commits on Jun 13, 2012
Justin Collins Fix SQL injection via nested hashes in conditions 62f81f4
Commits on Dec 23, 2012
@tenderlove tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
Commits on Jan 02, 2013
@minaguib minaguib Merge remote-tracking branch 'rails/2-3-stable' into 2-3-stable 9baab1f
Commits on Jan 03, 2013
@tenderlove tenderlove Merge pull request #6722 from adgear/2-3-stable
Backported rails 2.3 fix for CVE-2012-2695
Commits on Jan 08, 2013
@jeremy jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. 70adb96
@tenderlove tenderlove bumping to 2.3.15 :cry::gun: 709af05
Commits on Jan 17, 2013
@jeremy jeremy Revert "bump up rack version to the one that includes the Hash DoS fix"
Rack 1.1.3 also changes the Set-Cookie header to expects a
newline-delimited string instead of an Array, which breaks Rails 2.3's
expectations in a variety of ways.

This reverts commit 27a508c.

Commits on Jan 20, 2013
@ernie ernie Fix for CVE-2013-0155 7763f39
Commits on Jan 22, 2013
@johndouthat johndouthat Add gemspecs for bundler 06b33a8
@steveklabnik steveklabnik Merge pull request #9030 from johndouthat/2-3-stable
Add .gemspec files to 2-3-stable to help Bundler
Commits on Jan 24, 2013
@tenderlove tenderlove fixing load error messages 3dc0cd3
@spastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba
@tenderlove tenderlove Squashed commit of the following:
commit 9ef905f
Author: Rafael Mendonça França <>
Date:   Tue Aug 7 22:38:40 2012 -0300

    Fix tests about single quote escaping

commit 780a718
Author: Santiago Pastorino <>
Date:   Tue Jul 31 22:25:54 2012 -0300

    html_escape should escape single quotes
    Closes #7215

@tenderlove tenderlove backporting deep_munge 61eed87
@tenderlove tenderlove removing [nil] from the params ac94515
Commits on Jan 28, 2013
@NZKoz NZKoz Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
@tenderlove tenderlove bumping version 1169552