Skip to content
This repository
  • 1,604 commits
  • 862 files changed
  • 21 comments
  • 55 contributors
This comparison is big! We're only showing the most recent 250 commits
Jun 24, 2011
Xavier Noria fxn updates the contributing guide 59f19a9
Jun 28, 2011
Aaron Patterson tenderlove Merge pull request #1649 from arunagw/jruby_3_0_stable
Jruby 3 0 stable
a6495af
Maxime RETY Fix JSON decoding of newline character with Yaml backend [#3479 state…
…:resolved]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
b3e3c50
Arun Agrawal arunagw Using not effected timezone in tests. 0ed8dea
Guillermo Iguaran guilleiguaran Avoid extra call to Cache#read in case of a fragment cache hit e54d9c1
Aaron Patterson tenderlove Merge pull request #1896 from guilleiguaran/issue-1893
Avoid extra call to Cache#read in case of a fragment cache hit (3-0-stable)
a657a4b
Jun 29, 2011
Vishnu Atrai vatrai 3-0-stable fix test when running Jruby. If Jruby Platform is availabl…
…e the gem will change.
557d788
Arun Agrawal arunagw It should be in Json format to work with JsonGem a13317d
Santiago Pastorino spastorino Merge pull request #1901 from arunagw/json_parse
It should be in Json format to work with JsonGem
39d5350
Jun 30, 2011
Santiago Pastorino spastorino Update CI config 3d0fde5
Santiago Pastorino spastorino Allow CI to use the latest rubygems version 9663fad
Jul 01, 2011
Bogdan Gusiev bogdan Fixed ActionView::FormOptionsHelper#select with :multiple => false
(cherry picked from commit 0fdac01)

Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
c314203
Jul 04, 2011
Simon Baird simonbaird Fix charset/collate in mysql recreate_database
See new method mysql_creation_options. It is used by both
create_database and recreate_database so they are consistent.
3ba3125
Andrew White pixeltrix The rails gem doesn't have a lib directory. 3001728
Andrew White pixeltrix Revert "The rails gem doesn't have a lib directory."
RubyGems requires at least one require_path.

This reverts commit 3001728.
1b03f7f
Jul 06, 2011
Santiago Pastorino spastorino Merge pull request #1894 from arunagw/fix_test_for_jruby_db-3-0-stable
Fix test for jruby db 3 0 stable
7ff32e2
Santiago Pastorino spastorino Merge pull request #1952 from simonbaird/3-0-stable
rake db:test:purge creates mysql database with wrong charset & collation
2f3eb7a
Santiago Pastorino spastorino Merge pull request #1837 from msgehard/3-0-stable
Fix for empty string assigned to _type column of polymorphic association
9e4d156
Jul 07, 2011
Krzysztof Knapik knapo Make `ActiveRecord::Batches#find_each` to not return `self`.
This caused that `find_each` was producing extra db call taking all the records from db, and was less efficient than `ActiveRecord::Base#all`.
e2d90bf
Santiago Pastorino spastorino Merge pull request #2004 from knapo/3-0-stable
Backport of #1997
e9f2c67
Guillermo Iguaran guilleiguaran Update to latest rails.js for fix some bugs under IE 8226dfc
Jul 08, 2011
Tomas D'Stefano Destroy association habtm record before destroying the record itself.…
… Fixes issue #402.
28f057c
Jul 11, 2011
Jon Leighton jonleighton Merge pull request #1797 from kuahyeow/3-0-stable
Through association condition clobbers join condition
fc4bce1
Aaron Patterson tenderlove Merge pull request #1607 from bradrobertson/pg_adapter
fix table_exists? in postgresql adapter to always use current search_path
9a4d2b2
Jul 12, 2011
Thong Kuah kuahyeow Fix for 3-0-stable - Conditions specified on through association shou…
…ldn't clobber asssociation join condition.

This fix refactors processing of association join conditions so that both the join condition and the custom condition will be used when called by query_methods.rb, which expects a 1 or 2-sized array (depending on the type of association). Previously, a custom condition specified would create a 2 or 3-sized array which will clobber the association join condition.
caec639
Jul 15, 2011
Lauri Hahne lhahne fixed CacheHelper to properly support html_safe output buffers c476a6b
Jul 16, 2011
Evan Light elight Fixes #2064
Backport of cache_key fix from master
b1b5d18
Santiago Pastorino spastorino Merge pull request #2064 from elight/3-0-stable
Backports cache_key fix from master
247a50b
Daniel Dyba dyba Changed Commands module to RailsCommands.
This is to avoid a conflict that occurs when you add Rake to
your Gemfile. There is a Commands Object in Rake that conflicts
with the Commands module in plugin.rb. See rails issue #1866.
c2d3a43
Jul 17, 2011
Lauri Hahne lhahne Added tests for the output_buffer returned by CacheHelper
The output_buffer returned by CacheHelper should be html_safe if the original buffer is html_safe.
bc5ccd0
Lauri Hahne lhahne made sure that the possible new output_buffer created by CacheHelper …
…is of the same type as the original
39a4f67
Prem Sichanugrist sikachu Fix a wrong assertion on url_helper_test, and refactor `html_safe` te…
…st to be in its method
2cb29fa
Santiago Pastorino spastorino Merge pull request #2047 from sikachu/3-0-stable-test_fix
Fix a wrong assertion on url_helper_test, and add missing `#html_safe?` a
1220b16
Daniel Dyba dyba Substituted RailsCommands for Rails::Commands 71c010d
Jul 18, 2011
Jesse Storimer jstorimer Ensure that status codes are logged properly
Needed to move AC::Metal::Instrumentation before AM::Metal::Rescue
so that status codes rendered from rescue_from blocks are logged
properly.
5e64538
Santiago Pastorino spastorino Merge pull request #2134 from jstorimer/ensure-status-codes-are-logge…
…d-properly-3-0-stable

Ensure status codes are logged properly (for 3-0-stable)
a6139b9
Josh Kalderimis joshk This fixes an issue when bundling to a local path (eg. /vendor/bundle).
If you bundle to a local path bundler is not included in it, so
calling "gem 'bundler'" will fail.

Conflicts:

	load_paths.rb
9ade587
Josh Kalderimis joshk Added a .travis.yml config and travis specific ci script.
Don't install ruby-debug if running the test suite on Travis,
linecache19 is the main offender, very very slow.

And do not install pg if Travis is bundling the gems, pg will be setup
on Travis soon.

Conflicts:

	Gemfile
047b979
Jul 21, 2011
Xavier Noria fxn I actually love well-formed Gemfiles 80b1f9e
Jul 22, 2011
Karunakar (Ruby) Karunakar Duplicate tests removed. bd804d7
Santiago Pastorino spastorino Merge pull request #2183 from castlerock/3-0-stable-duplicate_test
3 0 stable duplicate test
c39bd5f
Jul 23, 2011
Arun Agrawal arunagw fixed task for rake test:uncommitted b490fd8
Santiago Pastorino spastorino Merge pull request #2205 from arunagw/test_un_3_0_stable
rake test:uncommitted for 3-0-stable
19d9689
Santiago Pastorino spastorino Merge pull request #2080 from lhahne/3-0-stable
Fix improper detection and handling of html_safe buffer in CacheHelper
eead13f
Jul 25, 2011
Arun Agrawal arunagw Fix rake rails:template to tell user to pass LOCATION variable. edfcf47
Santiago Pastorino spastorino Merge pull request #2249 from arunagw/rake_template_path_fix
Rake template path fix
56c663b
Jul 26, 2011
Josh Kalderimis joshk enable Travis CI irc notifications to #rails-contrib on irc.freenode.org 64c269a
Santiago Pastorino spastorino Merge pull request #2289 from joshk/3-0-stable
More Irc notifications (from Travis with love, again)
e18e896
Santiago Pastorino spastorino Remove cruise files 43e6f82
Jul 27, 2011
Xavier Noria fxn contrib app minor tweak e93cff8
Jul 28, 2011
Akira Matsuda amatsuda callback methods are Class methods a8aa666
Santiago Pastorino spastorino Merge pull request #2320 from amatsuda/callback_deprecation_message
callback methods are Class methods
a33fe79
Jul 29, 2011
Aaron Patterson tenderlove dump IO encoding value along with schema.rb so the file can be reload…
…ed. fixes #1592
6c0beb5
Bhavin bhavinkamani fix connection not established error while running rake task
db:schema:dump
5d7ed7a
Aaron Patterson tenderlove default writing the schema file as utf-8 3676af4
Aaron Patterson tenderlove updating changelog with schema.rb changes 6631abd
Aaron Patterson tenderlove delay backtrace scrubbing until we actually raise an exception. fixes #… b9f6798
Aaron Patterson tenderlove updating the CHANGELOG 553d9ea
Jul 31, 2011
Arun Agrawal arunagw skiping magic comment test. checking encoding_aware?
Loading AS encoding.
b0334db
Santiago Pastorino spastorino Merge pull request #2374 from arunagw/30_schema_dumper_test_fix
3-0-stable schema dumper test fix
cb36585
Santiago Pastorino spastorino Merge pull request #2381 from vijaydev/rakeaboutfix3.0
Fix #2368 (3-0-stable)
564d39e
Aug 01, 2011
Vijay Dev vijaydev fixes #2368. rake about not showing the middleware, db adapter and db…
… schema version
773d219
Santiago Pastorino spastorino Merge pull request #2393 from bdurand/fix_cache_read_multi
Fix ArgumentError in ActiveSupport::Cache::CacheStore.read_multi
a173bb3
Aug 04, 2011
Jon Leighton jonleighton Quote these dates to prevent intermittent test failure. Suppose local…
… time is 00:50 GMT+1. Without the quoting, the YAML parser would parse this as 00:50 UTC, into the local time of 01:50 GMT+1. Then, it would get written into the database in local time as 01:50. When it came back out the UTC date from the database and the UTC date of two weeks ago would be compared. The former would be 23:50, and the latter would be 00:50, so the two dates would differ, causing the assertion to fail. Quoting it prevents the YAML parser from getting involved.
e42c544
Aaron Patterson tenderlove we should not ignore all gems in here df6b1e2
Aaron Patterson tenderlove updating CHANGELOGs f54d0cf
Aaron Patterson tenderlove more changelog updates 9d17458
Aaron Patterson tenderlove bumping to 3.0.10.rc1 521c9aa
Aug 05, 2011
Xavier Noria fxn backports doc fix 9f9446f e0b0da2
Aug 06, 2011
Santiago Pastorino spastorino Merge pull request #2450 from guilleiguaran/activesupport-gzip-1.8
Fix ActiveSupport::Gzip under Ruby 1.8.7. Closes #2416
65a648b
Aug 07, 2011
Jason Weathered jasoncodes Fix marshal round-tripping of fractional seconds (Time#subsec). 1f63606
Aug 11, 2011
Gonzalo Rodriguez and Leonardo Capillera Remove 'parameters_for_url' from 'form_tag' method signature 11f6531
Santiago Pastorino spastorino Merge pull request #2494 from grzuy/3-0-stable
Porting changes on form_tag method signature to 3-0-stable
f45c372
Aug 15, 2011
Jon Leighton jonleighton Update travis config on @joshk's instructions 4c8a211
Aug 16, 2011
Aaron Patterson tenderlove Properly escape glob characters. e0c03f8
Aaron Patterson tenderlove prevent sql injection attacks by escaping quotes in column names fb4747b
Aaron Patterson tenderlove Tags with invalid names should also be stripped in order to prevent
XSS attacks.  Thanks Sascha Depold for the report.
3480d97
Aaron Patterson tenderlove properly subsituting bad utf8 characters b45dfc7
Aaron Patterson tenderlove bumping rails to 3.0.10 4f15f39
Aaron Patterson tenderlove Merge branch '3-0-10' into 3-0-stable
* 3-0-10:
  bumping rails to 3.0.10
  properly subsituting bad utf8 characters
  Tags with invalid names should also be stripped in order to prevent XSS attacks.  Thanks Sascha Depold for the report.
  prevent sql injection attacks by escaping quotes in column names
  Properly escape glob characters.
  bumping to 3.0.10.rc1
  more changelog updates
  updating CHANGELOGs
0b37704
Aug 21, 2011
José Valim josevalim Edited .travis.yml via GitHub 0ebdef2
Aug 22, 2011
Santiago Pastorino spastorino Merge pull request #2524 from JonathonMA/fix_ecd37084b28a05f05251
Use mysql_creation_options inside rescue block
c8ec8f7
Aaron Patterson tenderlove Merge pull request #1995 from guilleiguaran/prototype-ujs-fix
Prototype rails.js fixes for 3-0-stable
d7d0c25
Aug 30, 2011
Arun Agrawal arunagw MySQL2 Bump to 0.2.13 941a9d0
Aaron Patterson tenderlove Merge pull request #2744 from arunagw/mysql2_bump
Mysql2 bump
0195846
Aug 31, 2011
Aaron Patterson tenderlove use String#start_with? rather than creating regexps or comparing char…
…acter values
b550ecc
Sep 01, 2011
Aaron Patterson tenderlove * Psych errors with poor yaml formatting are proxied. Fixes #2645, #2731 f2aa46b
Sep 04, 2011
Santiago Pastorino spastorino * is not allowed in windows file names. Closes #2574 #2847 59a64a8
Sep 07, 2011
Andrew Kaspick akaspick fix assert_select_email to work on non-multipart emails as well as co…
…nverting the Mail::Body to a string to prevent errors.
8094d29
Andrew Kaspick akaspick assert_select_email entry cf0ea79
Andrew Kaspick akaspick fix exists? to return false if passed nil (which may come from a miss…
…ing URL param)
15dcdf6
Andrew Kaspick akaspick entry for fixing exists? 3e00e49
Jon Leighton jonleighton Merge pull request #2919 from akaspick/exists_fix_3_0
fix exists? to return false if passed nil (backport to 3-0-stable)
9ef9f98
Andrew Kaspick akaspick more descriptive CHANGELOG entry c7f3429
Jon Leighton jonleighton Merge pull request #2918 from akaspick/assert_select_email_fix_3_0
assert_select_email fix for 3-0-stable
3a3344a
Dmitriy Kiriyenko dmitriy-kiriyenko Do not use default_scope in ActiveRecord::Persistence#touch. 4364157
Dmitriy Kiriyenko dmitriy-kiriyenko This way asserting that updated_at was changed in touch look more obv…
…ious.
d93213f
Sergio Gil Pérez de la Manga porras Update changelog for 'Backport "ActiveRecord::Persistence#touch shoul…
…d not use default_scope" (pull request #1519)'
de178df
Sep 08, 2011
Andrew Kaspick akaspick when calling url_for with a hash, additional (likely unwanted) values…
… (such as :host) would be returned in the hash... calling #dup on the hash prevents this
45b7731
Andrew Kaspick akaspick fix url_for to not add additional unwanted options when called with a…
… hash
a8cfc99
José Valim josevalim Merge pull request #2939 from akaspick/url_for_fix_3_0
fix url_for when passing a hash to prevent unwanted additional values being added to the hash (backport to 3-0-stable)
f863af9
Guillermo Iguaran guilleiguaran Updating changelogs in 3-0-stable 5c10a53
Vijay Dev vijaydev Merge pull request #2682 from guilleiguaran/3-0-stable-changelogs
Update changelogs (3-0-stable)
9c2ff32
Sep 09, 2011
Aaron Patterson tenderlove Exceptions from database adapters should not lose their backtrace. a748c60
Sep 10, 2011
Vijay Dev vijaydev fix assert message 813e288
Sep 11, 2011
Trent Ogren misfo prevent errors when passing a frozen string as a param to ActionContr…
…oller::TestCase#process

since ActionDispatch::Http::Parameters#encode_params will force encoding on all params strings (when using an encoding aware Ruby), dup all strings passed into process.  This prevents modification of params passed in and, more importantly, doesn't barf when a frozen string is passed
thanks and high fives to kinsteronline
78a4aea
Sep 12, 2011
Pratik lifo Dont use association proxy#reload to load the target for the first time 378ce0e
Sep 27, 2011
Philip Arndt parndt Fixes #3087 by removing autoload for non-existant DeprecatedBlockHelpers 0dd7411
José Valim josevalim Merge pull request #3142 from parndt/3-0-stable
Fixes #3087
1000ada
Oct 03, 2011
Jeremy Kemper jeremy Merge pull request #2801 from jeremyevans/patch-1
Fix obviously breakage of Time.=== for Time subclasses
87bbf48
Oct 05, 2011
Ben Holley Fix spelling in doc:app rake task 346973e
Akira Matsuda amatsuda override unsafe methods only if defined on String 984d031
Akira Matsuda amatsuda ruby193: String#prepend is also unsafe 543b587
Oct 06, 2011
Vijay Dev vijaydev Merge pull request #3233 from benolee/fix_spelling_in_doc_app_rake_task
Fix spelling in doc:app rake task
e2c03bf
Oct 14, 2011
Arun Agrawal arunagw activerecord/sqlnet.log into gitignore when running with oracle. 68ae66d
Oct 17, 2011
Vijay Dev vijaydev Merge pull request #3330 from arunagw/ignore_sqlnet_3-0-stable
Ignore sqlnet 3 0 stable
fd67735
Nov 01, 2011
Josh Kalderimis joshk Remove a circular require in AS deprecations. This is safe as AS depr…
…ecations is autoloaded as needed.
394dd6f
Nov 15, 2011
mhuffnagle Added a missing parameter to relative_url_root= that was causing an A…
…rgumentError: wrong number of arguments (1 for 0) to be thrown at actionpack-3.0.10/lib/action_controller/railtie.rb:54.
328ae5b
Nov 16, 2011
Yehuda Katz wycats Merge pull request #3646 from mhuffnagle/3-0-stable
Fix for relative_url_root= missing parameter (issue 3645)
6122924
Aaron Patterson tenderlove Merge pull request #2122 from dyba/3-0-stable
Issue #1866: Changed Commands module to RailsCommands.
b81c3f7
Aaron Patterson tenderlove Revert "Merge pull request #2122 from dyba/3-0-stable"
This reverts commit b81c3f7, reversing
changes made to 6122924.
2ba0309
Nov 17, 2011
Arun Agrawal arunagw Mysql2 version bump!
I saw one bug fixed here 

brianmario/mysql2@e60599b
4e72f59
José Valim josevalim Merge pull request #3655 from arunagw/mysql_bump_3-0-stable
Mysql bump 3 0 stable
de44773
Jon Leighton jonleighton Use broken YAML that will fail with Syck as well as Psych. Fixes test…
…_broken_yaml_exception in fixtures_test.rb on Ruby 1.8.7.

Cherry-pick from 3-1-stable: b8d4692

Conflicts:

	activerecord/test/cases/fixtures_test.rb
961b4a0
Jon Leighton jonleighton Implement a workaround for a bug in ruby-1.9.3p0.
The bug is that an error would be raised while attempting to convert a
template from one encoding to another.

Please see http://redmine.ruby-lang.org/issues/5564 for more details.

The workaround is to load all conversions into memory ahead of time,
and will only happen if the ruby version is *exactly* 1.9.3p0. The
hope is obviously that the underlying problem will be resolved in
the next patchlevel release of 1.9.3.

Conflicts:

	actionpack/CHANGELOG.md
a03f018
Sergey Nartimov lest _html translation should escape interpolated arguments
Conflicts:

	actionpack/CHANGELOG.md
ba2d850
Aaron Patterson tenderlove removing stubs. 1.9.3 implements Date.today in C so mocking the retur…
…n value of Time.now does nothing
0e9910e
Aaron Patterson tenderlove fixing test case test on 1.9.3dev 618300e
Nov 18, 2011
Jon Leighton jonleighton Preparing for 3.0.11 release 66a4beb
Nov 19, 2011
Jon Leighton jonleighton Don't html-escape the :count option to translate if it's a Numeric. F…
…ixes #3685.

Conflicts:

	actionpack/CHANGELOG.md

Conflicts:

	actionpack/CHANGELOG.md
13ad879
Nov 30, 2011
Arun Agrawal arunagw ActiveModel confirmation validator fix fixes #1152
If you have an ActiveModel class that has a 
method email_address_confirmation. 
This method is being overwritten by the 
method defined in the Confirmation validator.
be8485e
José Valim josevalim Merge pull request #3805 from arunagw/active_model_patch_3-0-stable
Active model patch 3 0 stable
9ebacf3
Dec 03, 2011
Sam Umbach sumbach Test return value of ActiveSupport::Dependencies::Loadable#require
- Add tests to protect from regressions in require's return value behavior
- See a10606c (require needs to return true or false) for the original bug fix
dea2e9c
Sam Umbach sumbach Test return value of ActiveSupport::Dependencies::Loadable#load 9effced
Sam Umbach sumbach Test that require and load raise LoadError if file not found 0531e26
Sam Umbach sumbach Simplify load and require tests
- These tests don't use autoloading so there's no need to add anything to autoload_paths
289ae94
Aaron Patterson tenderlove require needs to return true or false. thank you Ryan "zenspider" Davis 8fabf78
Aaron Patterson tenderlove `load` should also return the value from `super` cc3fb2e
Aaron Patterson tenderlove Merge pull request #3846 from sumbach/backport-load-and-require-fixes…
…-to-3-0

Backport load and require fixes to 3 0
36b6c52
Jon Leighton jonleighton Enable postgres on the CI :heart::beer::sparkles:
Conflicts:

	Gemfile
51dcf85
Dec 17, 2011
Santiago Pastorino spastorino Sync .travis.yml with master 10c8e8d
José Valim josevalim Update .travis.yml ad9a0e3
Dec 18, 2011
Jon Leighton jonleighton Prefix newly added method to avoid breakings people's apps.
See
378ce0e

Fixes #3921.
b7e45c3
Dec 19, 2011
Jon Leighton jonleighton Don't notify campfire when the build keeps passing ab05e2b
Dec 20, 2011
Santiago Pastorino spastorino Merge pull request #4031 from arunagw/3-0-stable
3 0 stable travis sync
ce650ee
Dec 31, 2011
Akira Matsuda amatsuda bump up rack version to the one that includes the Hash DoS fix 7e03b9d
José Valim josevalim Merge pull request #4246 from amatsuda/hashdos_30
bump up rack version to the one that includes the Hash DoS fix
a048568
Jan 06, 2012
José Valim josevalim Merge pull request #4372 from arunagw/fixed_failing_test
Fixed failing test
d4c26c4
Jan 07, 2012
Arun Agrawal arunagw Fixed failing test for ruby-1.8.7-p357
See #4292
91a9b24
Jan 24, 2012
Aaron Patterson tenderlove Merge pull request #4514 from brainopia/update_timezone_offets
Update time zone offset information
c67ff97
Feb 15, 2012
Andy Pliszka AntiTyping Bugfix circular reference while saving has_one relationship a97cf75
Feb 16, 2012
Andy Pliszka AntiTyping Test for circular reference while saving has_one relationship 389d1c5
Feb 20, 2012
Sergey Nartimov lest fix output safety issue with select options 5b4082f
Akira Matsuda amatsuda add AS::SafeBuffer#clone_empty e50ee96
Akira Matsuda amatsuda use AS::SafeBuffer#clone_empty for flushing the output_buffer 6adc417
Feb 22, 2012
Jon Leighton jonleighton Merge commit 'v3.0.11' into 3-0-stable 67b6847
Aaron Patterson tenderlove updating RAILS_VERSION 2935435
Feb 25, 2012
Noah Hendrix noahhendrix Fixed typo in composed_of example with Money#<=>, was comparing amoun…
…t itself instead of other_money.amount
c4f9264
Feb 29, 2012
José Valim josevalim Ensure [] respects the status of the buffer. 917fd1a
Mar 01, 2012
Aaron Patterson tenderlove Merge branch '3-0-stable-security' into 3-0-12
* 3-0-stable-security:
  Ensure [] respects the status of the buffer.
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
9435f5a
Aaron Patterson tenderlove bumping to 3.0.12 9d6377e
Aaron Patterson tenderlove Merge branch '3-0-12' into 3-0-stable
* 3-0-12:
  bumping to 3.0.12
  Ensure [] respects the status of the buffer.
  updating RAILS_VERSION
  use AS::SafeBuffer#clone_empty for flushing the output_buffer
  add AS::SafeBuffer#clone_empty
  fix output safety issue with select options
eeb715a
Mar 02, 2012
Carlos Antonio da Silva carlosantoniodasilva Stop SafeBuffer#clone_empty from issuing warnings
Logic in clone_empty method was dealing with old @dirty variable, which
has changed by @html_safe in this commit:
139963c

This was issuing a "not initialized variable" warning - related to:
#5237

The logic applied by this method is already handled by the [] override,
so there is no need to reset the variable here.
f1c6037
Mar 07, 2012
Arun Agrawal arunagw fixed test when running with latest 1.8.7-p357 and ree f8f873a
Santiago Pastorino spastorino Merge pull request #5319 from arunagw/fix_test_ree
Fix test ree 3-0-stable
61335d6
Mar 15, 2012
Aaron Patterson tenderlove Merge pull request #5456 from brianmario/redirect-sanitization
Strip null bytes from Location header
Conflicts:

	actionpack/test/controller/redirect_test.rb
d14319c
Aaron Patterson tenderlove Merge pull request #5457 from brianmario/typo-fix
Fix typo in redirect test
8645745
Mar 22, 2012
Carlos Antonio da Silva carlosantoniodasilva Add order to tests that rely on db ordering, to fix failing tests on pg
Also skip persistente tests related to UPDATE + ORDER BY for postgresql

PostgreSQL does not support updates with order by, and these tests are
failing randomly depending on the fixture loading order now.

Conflicts:

	activerecord/test/cases/associations/join_model_test.rb
	activerecord/test/cases/associations/nested_through_associations_test.rb
	activerecord/test/cases/clone_test.rb
	activerecord/test/cases/dup_test.rb
	activerecord/test/cases/relations_test.rb
	activerecord/test/cases/yaml_serialization_test.rb
a9fdefd
Carlos Antonio da Silva carlosantoniodasilva Fix more failing tests related to ruby 1.8.7 p358 version change f748d36
Mar 23, 2012
José Valim josevalim Merge pull request #5565 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable
728a65d
Mar 24, 2012
Arun Agrawal arunagw Build fix for form_options_helper_test.rb ruby-1.8.7 00726ea
Mar 26, 2012
Carlos Antonio da Silva carlosantoniodasilva Fix AV::FixtureResolver and rjs tests with random order errors
Due to the hash ordering changes on Ruby 1.8.7-p358.
9698312
Aaron Patterson tenderlove Merge pull request #2621 from icco/master
Issue with schema dump
3627cfa
Mar 27, 2012
José Valim josevalim Merge pull request #5600 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - failing in ruby 1.8.8-p358
5790269
Emilio Tagua miloops Silence warnings here, only setting Encoding.default_external for tes…
…ting.
923ba31
Emilio Tagua miloops Use helper method here. caebe85
Aaron Patterson tenderlove load the encoding converter to work around [ruby-core:41556] when swi…
…tching encodings
289fe76
Arun Agrawal arunagw Fix broken encoding test 4c9dec4
José Valim josevalim Avoid inspecting the whole route set, closes #1525 e0362f7
Aaron Patterson tenderlove Merge pull request #5613 from carlosantoniodasilva/fix-build-3-0-193
Fix build for branch 3-0-stable - Ruby 1.9.3
29320dc
Mar 29, 2012
Yasuo Honda yahonda Address an error for test_has_many_through_polymorphic_has_one
with Oracle for the 3-0-stable branch
60272ae
Santiago Pastorino spastorino Merge pull request #5655 from yahonda/address_ora_00918_with_oracle_f…
…or_3_0

Address an error for test_has_many_through_polymorphic_has_one with Oracle
72dc7ae
Carlos Antonio da Silva carlosantoniodasilva Fix failing ARes test due to hash keys ordering d44ffb2
Jeremy Kemper jeremy Merge pull request #5659 from carlosantoniodasilva/fix-build-3-0
Fix build for branch 3-0-stable - ARes and ordered hash keys
f47a303
Apr 30, 2012
Yehuda Katz wycats Merge pull request #5044 from dracco/3-0-stable
Backport Bugfix: Stack Overflow (3-0-stable)
51582fe
Andrew White pixeltrix Lock mocha gem to fix the build
New versions of mocha don't allow nil.stubs
e74e479
May 25, 2012
Egor Homakov homakov auto_link final sanitize 3af3385
Aaron Patterson tenderlove Merge pull request #6485 from homakov/3-0-stable
auto_link sanitize output
f7cf745
May 26, 2012
Egor Homakov homakov do not force sanitize and whitelist protocols for auto_link
sanitize is not always required so we cannot make it. let's just
whitelist protocols
f35c93f
Rafael Mendonça França rafaelfranca Merge pull request #6495 from homakov/3-0-stable
auto_link shouldn't always sanitize
5989ffb
Rafael Mendonça França rafaelfranca Remove test for not accepted protocols to auto_link 349fce2
May 28, 2012
Aaron Patterson tenderlove bumping to 3.0.13.rc1 88e7f51
May 30, 2012
Aaron Patterson tenderlove predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this

CVE-2012-2661
99f0309
Aaron Patterson tenderlove Strip [nil] from parameters hash.
Thanks to Ben Murphy for reporting this!

CVE-2012-2660

Conflicts:

	actionpack/lib/action_dispatch/http/request.rb
c202638
May 31, 2012
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-rel
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
c8af45e
Aaron Patterson tenderlove updating CHANGELOGs 86c97e1
Aaron Patterson tenderlove bumping to 3.0.13 7102fe8
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-stable
* 3-0-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
33f8e4b
Aaron Patterson tenderlove Merge branch '3-0-rel' into 3-0-stable
* 3-0-rel:
  bumping to 3.0.13
  updating CHANGELOGs
  bumping to 3.0.13.rc1
b2feff2
Jun 08, 2012
Ernie Miller ernie Additional fix for CVE-2012-2661
While the patched PredicateBuilder in 3.0.13 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
176af7e
Jun 10, 2012
Aaron Patterson tenderlove Array parameters should not contain nil values. 2f3bc04
Jun 11, 2012
Toshinori Kajihara kennyj Fix GH #3163. Should quote database on mysql/mysql2.
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb
	activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
6c0c40b
Aaron Patterson tenderlove Merge branch '3-0-stable-sec' into 3-0-stable-rel
* 3-0-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
b9e048c
Aaron Patterson tenderlove bumping versions in the CHANGELOG 2c95963
Aaron Patterson tenderlove updating changelogs with security fixes 8cecac7
Aaron Patterson tenderlove bumping to 3.0.14 3fb762a
Jun 12, 2012
Aaron Patterson tenderlove updating changelogs 4be9dbf
Aaron Patterson tenderlove we haven't monkey patched the Result class, so use each a5a0338
Aaron Patterson tenderlove 3.0.15 def7543
Jul 23, 2012
Aaron Patterson tenderlove updating changelogs 32b4cbc
Jul 26, 2012
Aaron Patterson tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 b88cc8a
Aaron Patterson tenderlove updating changelog with CVE fe48ad3
Aaron Patterson tenderlove updating release date 4a0370b
Aaron Patterson tenderlove bumping to 3.0.16 3166606
Aug 04, 2012
Andrew White pixeltrix Backport of fix from #5173 - fixes #7252
Rather than use the MySQL specific TINYTEXT, MEDIUMTEXT and LONGTEXT
datatypes, Active Record migrations use TEXT(n) where n is the limit
specified by the developer. Unfortunately how MySQL interprets n
depends on the column's encoding so any limit above 5592405 will be
interpreted as a LONGTEXT when the encoding is UTF-8.

This commit fixes this by interpreting the limit within the adapter
and using the specific MySQL datatype as appropriate.
f07c708
Aug 07, 2012
Santiago Pastorino spastorino html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215

Conflicts:
	actionpack/test/controller/new_base/render_template_test.rb
	actionpack/test/template/asset_tag_helper_test.rb
	actionpack/test/template/erb_util_test.rb
	actionpack/test/template/javascript_helper_test.rb
	actionpack/test/template/template_test.rb
	activesupport/lib/active_support/core_ext/string/output_safety.rb
	activesupport/test/core_ext/string_ext_test.rb
	railties/test/application/assets_test.rb
780a718
Rafael Mendonça França rafaelfranca Fix tests about single quote escaping 9ef905f
Aug 09, 2012
Santiago Pastorino spastorino escape select_tag :prompt values
CVE-2012-3463
c979587
Santiago Pastorino spastorino Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba

CVE-2012-3465
1151959
Santiago Pastorino spastorino Add CHANGELOG entries 6eda26a
Santiago Pastorino spastorino Bump to 3.0.17 77977f3
Mark Turner amerine Add html_escape note to CHANGELOG cf6bb2a
Santiago Pastorino spastorino Merge pull request #7308 from amerine/3-0-stable
Add html_escape note to CHANGELOG
954e262
Aug 28, 2012
Rafael Mendonça França rafaelfranca Remove warning when using html_escape with Ruby 1.9.
Closes #7430
f93e3f0
Dec 23, 2012
Aaron Patterson tenderlove updating changelogs 826548b
Aaron Patterson tenderlove CVE-2012-5664 options hashes should only be extracted if there are ex…
…tra parameters
3542641
Aaron Patterson tenderlove bumping to 3.0.18 fb06fe4
Jan 08, 2013
Aaron Patterson tenderlove * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] …
…* dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md

Conflicts:
	actionpack/CHANGELOG.md
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/predicate_builder.rb
97b3b68
Jeremy Kemper jeremy CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. a494824
Aaron Patterson tenderlove bumping version 7909e7f
Prem Sichanugrist sikachu Remove test for XML YAML parsing
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See a494824 for more detail.
f252755
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #8836 from sikachu/3-0-stable-fix-ars
Remove test for XML YAML parsing
ca8b0bd
Jan 09, 2013
Zach Moazeni zmoazeni Methods that return nil should not be considered YAML
This is a direct port of @jaw6's pull request
#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see `Hash::DisallowedType: Disallowed type attribute: "yaml"`
477f0e7
Carlos Antonio da Silva carlosantoniodasilva Merge pull request #8853 from zmoazeni/3-0-xml-serialization-fix
Methods that return nil should not be considered YAML
583e5fd
Carlos Antonio da Silva carlosantoniodasilva Update changelogs with release dates and minor improvements [ci skip] e5f4a39
Jan 10, 2013
Jeremy Kemper jeremy Merge pull request #8890 from dylanahsmith/3-0-parse-non-object-json-…
…params

3-0-stable: Fix JSON params parsing regression for non-object JSON content.
9bc2b09
Jan 11, 2013
Dylan Thacker-Smith dylanahsmith Fix JSON params parsing regression for non-object JSON content.
Backports #8855.
eede4ab
Jan 12, 2013
Andrew White pixeltrix Remove unnecessary caching of ParameterFilter 4c525b2
Jan 16, 2013
James Mead floehopper Fix 3-0-stable to work with Mocha >= v0.13.0
A) Update code in ActiveSupport which monkey-patches Test::Unit to
include Mocha bug fix.

A bug was fixed [1] in Mocha's integration with Test::Unit, but this
monkey-patching code was copied before the fix. We need to copy the
fixed version.

The bug meant that an unexpected invocation against a mock within the
teardown method caused a test *error* and not a test *failure*.

B) Fix for Test::Unit/Mocha compatibility.

Mocha is now using a single AssertionCounter which needs a reference to
the testcase as opposed to the result.

This change is an unfortunate consequence of the copying of a chunk of
Mocha's internal code in order to monkey-patch Test::Unit.

C) Avoid a Mocha deprecation warning.

[1]
freerange/mocha@f1ff647#diff-5
commit 0591f6d 1 parent 8b3109a
bf91545
Rafael Mendonça França rafaelfranca Merge pull request #8872 from freerange/3-0-stable-with-mocha-fixes
Fix 3-0-stable to work with Mocha >= v0.13.0
d116e90
Jan 26, 2013
Carlos Antonio da Silva carlosantoniodasilva Update mocha version to 0.13.0 and change requires 871a7db
Carlos Antonio da Silva carlosantoniodasilva Remove not used variable warning ba6b243
Carlos Antonio da Silva carlosantoniodasilva Fix indentation to remove warning dd3caf6
Damien Mathieu dmathieu remove the warning when testing whiny_nil 18bce29
Toshinori Kajihara kennyj Fix build. It seems that the Mocha's behavior were changed. bb80a87
Carlos Antonio da Silva carlosantoniodasilva Update failing tests overriding destroy method instead of using mocha…
… expectation

Mocha by default does not allow adding expectation to frozen objects,
just applying a workaround to ensure the method is never called, making
the tests pass without enabling this again in mocha.
597a700
Carlos Antonio da Silva carlosantoniodasilva Remove obsolete rake/rdoctask require
Requiring this now raises a RuntimeError, failing the test.
It also seems that the require is unnecessary to pass the test.
e8ac985
Carlos Antonio da Silva carlosantoniodasilva Fix failing test related to escaping include_blank in select_tag
Rails 3.0.x doesn't have the :prompt option in select_tag, it was
introduced in c5d54be that is only
available from 3.1.x on.

The test and related fix were introduced in
c979587 for Rails 3.0.17, as a fix for
a security vulnerability. The code is completely fine but the test was
using the invalid :prompt option for this version, probably because it
was cherry-picked from other branch which has the option.
709fbd3
Jan 28, 2013
Michael Koziarski NZKoz Add an OkJson backend and remove the YAML backend
Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
5375dce
Aaron Patterson tenderlove bumping to 3.0.20 b875be0