Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
...
This comparison is big! We’re only showing the most recent 250 commits
Commits on Apr 05, 2013
@rmm5t rmm5t Fix explicit names on multiple file fields
If a file field tag is passed the multiple option, it is turned into an
array field (appending "[]"), but if the file field is passed an
explicit name as an option, leave the name alone (do not append "[]").

Fixes #9830
44a9aed
@rafaelfranca rafaelfranca Merge pull request #10105 from rmm5t/fix-explicit-name-on-multiple-fi…
…elds

Fix explicit names on multiple file fields
dbe2591
@rafaelfranca rafaelfranca Improve the changelog entry [ci skip] c9bd202
Commits on Apr 09, 2013
@tenderlove tenderlove Merge branch '3-2-later' into 3-2-stable
* 3-2-later:
  adding test for CVE
536f316
Commits on Apr 11, 2013
@subwindow subwindow Correctly parse bigint defaults in PostgreSQL, Backpost #10098.
Conflicts:

	activerecord/CHANGELOG.md
	activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
	activerecord/test/cases/schema_dumper_test.rb
a6d9e16
@rafaelfranca rafaelfranca Merge pull request #10172 from senny/10098_backport
Backport: Correctly parse bigint defaults in PostgreSQL
6823948
Commits on Apr 13, 2013
@alexeymuranov alexeymuranov Document nested attributes as hash of hashes
Document the possibility to use a hash of hashes for nested attributes for a one-to-many association (in addition to the documented possibility to use an array of hashes).

Align indentation in comments.
efd8631
@carlosantoniodasilva carlosantoniodasilva Merge pull request #9688 from alexeymuranov/doc-nested-attributes-3-2
3-2-stable documentation: the possibility to use a hash of hashes for nested attributes
130f96c
Commits on Apr 16, 2013
@carlosantoniodasilva carlosantoniodasilva Fix "Scaling Rails Screencasts" link in caching guide
Closes #10241 [ci skip]
624428b
Commits on Apr 17, 2013
@prathamesh-sonpatki prathamesh-sonpatki Use secure source in generated Gemfile for creating new plugin. Closes cd548d9
@carlosantoniodasilva carlosantoniodasilva Merge pull request #10246 from prathamesh-sonpatki/3.2.13-https-rubygems
Using secure source https://rubygems.org when generating new plugin with Rails 3.2
dddc093
@tenderlove tenderlove adding a test for root path in the app 03d071d
@tenderlove tenderlove just clear the caches on clear! rather than replacing. fixes #10251 ba12ef6
Commits on Apr 26, 2013
@tenderlove tenderlove adding test for the symbol refs 9d7a748
Commits on Apr 29, 2013
@janko-m janko-m Fix ActiveRecord::Store not tracking changes 5519468
Commits on May 04, 2013
@rafaelfranca rafaelfranca Merge pull request #10448 from arunagw/bug-fix-scaffold-generator-master
Fixes Scaffold generator with --assets=false
Conflicts:
	railties/CHANGELOG.md

Conflicts:
	railties/CHANGELOG.md
	railties/lib/rails/generators/rails/scaffold/scaffold_generator.rb
927a04d
Commits on May 05, 2013
@carlosantoniodasilva carlosantoniodasilva Merge pull request #10466 from prathamesh-sonpatki/scaffold-assets
Fix tests related to scaffolding generator with --assets=false switch
3c01a69
Commits on May 06, 2013
@btucker btucker Merging in fix from #8222 5a6d9d5
@rafaelfranca rafaelfranca Merge pull request #10406 from greenriver/distance_of_time_rational
Correct time_ago_in_words to handle situation where Fixnum#/ returns a Rational (thanks to mathn)
fb90ce0
Commits on May 07, 2013
@rafaelfranca rafaelfranca Merge pull request #10478 from cainlevy/patch-1
use canonical #controller_path logic in controller test cases
Conflicts:
	actionpack/lib/action_controller/test_case.rb
0b35a3a
@rafaelfranca rafaelfranca Merge pull request #10489 from greenriver/ar_counter_cache_multiple_d…
…estroy

Confirm a record has not already been destroyed before decrementing counter cache

Conflicts:
	activerecord/CHANGELOG.md

Conflicts:
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/associations/builder/belongs_to.rb
f8c4a31
@arunagw arunagw Build fix for scaffold generator
3-2 behaves different when scaffolding.
8407ab1
@carlosantoniodasilva carlosantoniodasilva Merge pull request #10496 from arunagw/build-fix-scaffold-generator
Build fix for scaffold generator
8218a46
Commits on May 09, 2013
@rafaelfranca rafaelfranca Revert "Remove unicode character encoding from ActiveSupport::JSON.en…
…code"

This reverts commit 815a943.

Conflicts:
	activesupport/test/json/encoding_test.rb

Reason: This was causing a regression where the resulting string is always
returning UTF-8. Also it changes the behavior of this method on a stable release.

Fixes #9498.
c910388
@rafaelfranca rafaelfranca Revert "Merge pull request #8209 from senny/backport_8176"
This reverts commit 7240202, reversing
changes made to e4e2bcc.

Conflicts:
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/calculations.rb
	activerecord/test/cases/calculations_test.rb

Reason: This caused a regression since it changed the behavior in a
stable release.

Fixes #9777
84c69a1
Commits on May 10, 2013
@arunagw arunagw Remove useless else 6ab3c73
@arunagw arunagw Fixed pluck to be working with selects.
See #9777 for details.

Previously pluck is not returning what we wanted to
Added a test also to make sure it's working fine.
 
This will also fix the build for 1.8.7 as we 
were doing some sort on hash.

Thanks @pixeltrix for helping me out.

Thanks @linduxed for pairing with me.
de5b89d
@rafaelfranca rafaelfranca Merge pull request #10552 from arunagw/pluck-fixed-3-2-stable
Pluck fixed 3 2 stable
3589181
@dasch dasch Don't try to EXPLAIN select_db calls a33d320
@fxn fxn Merge pull request #10555 from dasch/dasch/3-2-stable
Don't try to EXPLAIN select_db calls
4fa8607
@arunagw arunagw Using map. No need to run query again afedb09
@pixeltrix pixeltrix Merge pull request #10557 from arunagw/pluck-refactor-using-map
Using map. No need to run query again
a711193
@rafaelfranca rafaelfranca Fix test to ruby 2.0
The default enconding changed on Ruby 2.0
a59d661
@rafaelfranca rafaelfranca So not make Fixnum#/ private on Ruby verions less than 1.9.3
In those version to_date call Fixnum#/, what will cause a failure
0be27b7
@fxn fxn Revert "Don't try to EXPLAIN select_db calls"
Reason: This was backported, but the test does not pass as is.

This reverts commit a33d320.
0549ebe
Commits on May 11, 2013
@rafaelfranca rafaelfranca Add CHANGELOG entry removed by mistake [ci skip] e2804c6
@dasch dasch Don't try to EXPLAIN select_db calls
Now with a non-broken test.
ddaa5d5
@rafaelfranca rafaelfranca Merge pull request #10571 from dasch/dasch/restore-explain-fix
Don't try to EXPLAIN select_db calls
5c6cf4e
Commits on May 12, 2013
@ahorner ahorner Preserve context for joins while merging relations
This is a backport of #10164, already merged into
master. The issue is described in lengthy detail
in issues #3002 and #5494.
c09829e
@rafaelfranca rafaelfranca Merge pull request #10303 from ahorner/3-2-stable
Preserve context for joins while merging relations
5919a55
@rafaelfranca rafaelfranca Merge pull request #7695 from benolee/backport_cc7dd66_and_c0ba0f0
backport runner fixes to 3-2-stable

Conflicts:
	railties/CHANGELOG.md
442b7c8
@rafaelfranca rafaelfranca Improve CHANGELOG entries
[ci skip]
b1fb8ef
Commits on May 14, 2013
@mikel mikel Update mail to minimum version 2.5.4 010ea71
@Empact Empact Backport a super-simplified version of #6792, fixing
that #exists? and others can produce invalid SQL: "SELECT DISTINCT DISTINCT"

The combination of a :uniq => true association and the #distinct call
in #construct_limited_ids_condition combine to create invalid SQL, because
we're explicitly selecting DISTINCT, and also sending #distinct on to AREL,
via the relation#distinct_value.

Where #6792 was the forever fix, this is the minimal fix. Instead of
properly indicating the distinctness of the query through #uniq_value alone,
we use a literal select statement and set #uniq_value to always be falsey
23c656c
@rafaelfranca rafaelfranca Merge pull request #10616 from Empact/backport-distinct-distinct
Backport a super-simplified version of #6792, fixing that #exists? can produce invalid SQL: "SELECT DISTINCT DISTINCT"
5b020fa
Commits on May 16, 2013
@xjlu xjlu Support include_root_in_json for ActiveResource properly.
This commit is a backport from
rails/activeresource#29. The
ActiveResource's include_root_in_json option is broken for 3.2.x.
ec55866
@rafaelfranca rafaelfranca Merge pull request #10578 from dingle/lu/back_port_to_json_fix
Support include_root_in_json for ActiveResource properly.
0d8dbd1
Commits on May 18, 2013
@jholton jholton destroys association records before saving/inserting new association …
…records

This is a backport of #10417

fixes bug introduced by  #3329
These are the conditions necessary to reproduce the bug:
- For an association, autosave => true.
- An association record is being destroyed
- A new association record is being created.
- There is a unique index one of the association's fields.
- The record being created has the same value as the record being
destroyed on the indexed field.

Before, the deletion of records was postponed until after all
insertions/saves.  Therefore the new record with the identical value in
the indexed field caused a non-unique value error to be thrown at the
database
level.

With this fix, the deletions happen first, before the insertions/saves.
Therefore the record with the duplicate value is gone from the database
before the new record is created, thereby avoiding the non-uniuqe value
error.
c236246
Commits on May 20, 2013
@rafaelfranca rafaelfranca Merge pull request #10646 from kennyj/fix_am_20130517
Fix ActionMailer testcase break with mail 2.5.4.
Conflicts:
	actionmailer/CHANGELOG.md
	actionmailer/test/mailers/base_mailer.rb
b0f96d4
Commits on May 22, 2013
@rafaelfranca rafaelfranca Merge pull request #10681 from jholton/3-2-stable-fix_association_aut…
…o_save

autosave_association issue that occurs when table has unique index (3.2.x backport)
f8c4805
Commits on May 23, 2013
@rafaelfranca rafaelfranca Merge pull request #10713 from senny/10693_fix_primary_key_option_on_…
…has_many

Fix the `:primary_key` option for `has_many` associations.
Conflicts:
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/associations/has_many_association.rb
d293990
Commits on May 24, 2013
@arunagw arunagw Using 1.8.7 syntax for 3-2-stable b75c8e5
@arunagw arunagw It's scoped in 3-2-stable!
scope => scoped
0e14973
@pixeltrix pixeltrix Merge pull request #10745 from arunagw/build_fix_ruby187
Build fix ruby187
7101a85
@pixeltrix pixeltrix Restore rescue block for when IM is enabled 8799cfa
Commits on Jun 05, 2013
@tenderlove tenderlove adding a test for #10830 20daaf4
Commits on Jun 08, 2013
@pixeltrix pixeltrix Override Time.at to work with Time-like values
Time.at allows passing a single Time argument which is then converted
to an integer. The conversion code since 1.9.3r429 explicitly checks
for an instance of Time so we need to override it to allow DateTime
and ActiveSupport::TimeWithZone values.
f42e0fd
Commits on Jun 15, 2013
@senny senny Merge pull request #10925 from senny/10917_test_to_prevent_regression
regression test + mysql2 adapter raises correct error if conn is closed.
Conflicts:

	activerecord/CHANGELOG.md
a51d4e6
@rafaelfranca rafaelfranca nokogiri >= 1.6 doesn't work with ruby 1.8 7092467
Commits on Jun 17, 2013
@rafaelfranca rafaelfranca Compare host scheme using case-insensitive regexp
Before:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"/assets/HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"

After:

    image_tag("HTTP://google.com")
    # => "<img alt=\"Google\" src=\"HTTP://google.com\" />"
    image_tag("http://google.com")
    # => "<img alt=\"Google\" src=\"http://google.com\" />"

Backport of #10969
9f754e8
Commits on Jun 19, 2013
@mtparet mtparet indicate the default Rails cache store
memory_store is the default cache store implementation if you call
ActiveSupport::Cache.lookup_store without arguments.
31899da
@senny senny Merge pull request #10883 from ifeelgoods/3-2-stable
The default cache store is :file_store in caching_with_rails.textile
b768647
Commits on Jun 20, 2013
@robin850 robin850 Update the feedback instructions [ci skip]
Since docrails as moved from lifo/docrails to rails/docrails we have
to ask for commit rights or submit patches directly to the rails
repository
f3b84e2
@fxn fxn Merge pull request #11033 from robin850/patch-1
Update the feedback instructions
919d1a1
Commits on Jun 21, 2013
@armstrjare armstrjare Fixes CollectionAssociation#ids_reader returning incorrect ids for ne…
…w records
c2377f7
Commits on Jun 22, 2013
@senny senny Merge pull request #10901 from armstrjare/fix_query_null_foreign_key_…
…on_new_record_collection_ids_reader

Fixes CollectionAssociation#ids_reader returning incorrect ids for new records
6675d71
@senny senny Revert "Merge pull request #10901 from armstrjare/fix_query_null_fore…
…ign_key_on_new_record_collection_ids_reader"

This reverts commit 6675d71, reversing
changes made to 919d1a1.

I missed to check the target branch and wrongly merged it into 3-2-stable directly.
5009b07
Commits on Jun 24, 2013
@rafaelfranca rafaelfranca Fix textile markup
Closes #11076

[ci skip]
119f27c
@rafaelfranca rafaelfranca Merge pull request #10971 from dtaniwaki/escape_link_to_unless
Always escape the result of link_to_unless method
2553bd7
@rafaelfranca rafaelfranca Add CHANGELOG entry for #10971
[ci skip]
ca23e6d
Commits on Jun 25, 2013
@pixeltrix pixeltrix Fix shorthand routes where controller and action are in the scope
Merge `:action` from routing scope and assign endpoint if both `:controller`
and `:action` are present. The endpoint assignment only occurs if there is
no `:to` present in the options hash so should only affect routes using the
shorthand syntax (i.e. endpoint is inferred from the the path).

Fixes #9856

Backport of 37b4276
622e4ab
@pixeltrix pixeltrix Use old style hash syntax for 3-2-stable b0c6597
@senny senny Revert "Revert "Merge pull request #10901 from armstrjare/fix_query_n…
…ull_foreign_key_on_new_record_collection_ids_reader""

This reverts commit 5009b07.

Also updated the CHANGELOG and adjusted the test-case to match the one on master.
27b3883
Commits on Jun 26, 2013
@carlosantoniodasilva carlosantoniodasilva Merge pull request #10373 from janko-m/fix-store-accessor
Fix a bug in ActiveRecord::Store accessors
07c6262
@carlosantoniodasilva carlosantoniodasilva Move changelog entry to the top [ci skip] cde6ead
@senny senny Merge pull request #9893 from JonRowe/add_test_to_assert_association_…
…doesnt_overwrite

Add a test to assert autosaving associations doesn't overwrite id accessor methods
b23e0d6
@chapmajs chapmajs Allow global override of default STI inheritance column
This change fixes a bug by which 3.2-STABLE users can't globally override the default STI inheritance column with `ActiveRecord::Base.inheritance_column = 'some_column'`. 3.2-STABLE users are forced to use a deprecated method or monkey patch it otherwise.

Test case written by tkhr <takehiro0740@gmail.com>.
839efc5
@senny senny build fix, fall back to old hash syntax cacfa8e
@senny senny Merge pull request #11019 from tkhr/test_case_for_issue_10393
Add test case for issue #10393 and fix warning message
63d4894
Commits on Jun 27, 2013
@senny senny Backport rails/rails-perftest#2 to fix rake test:benchmark 1db54d7
@senny senny clear ARGV to prevent mintest autorun errors:
Minitest expects the first argument in `ARGV` to be the path to a test file.
Because `rails benchmarker` and `rails profiler` define an on-the-fly test-case,
using the first `ARGV` to pass the code to execute this results in:

```
/Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:167:in `block in non_options': file not found: 1000.times{"a string"} (ArgumentError)
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:146:in `map!'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:146:in `non_options'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:207:in `non_options'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:52:in `process_args'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/minitest/unit.rb:891:in `_run'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/minitest/unit.rb:884:in `run'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:21:in `run'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:326:in `block (2 levels) in autorun'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:27:in `run_once'
	from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:325:in `block in autorun'
```

clearing ARGV after defining the test-case solves this issue.
b47f8d0
@senny senny Merge pull request #9173 from senny/backport_perftest_fix
Backport rails/rails-perftest#2 to fix rake test:benchmark
0a55bd7
@senny senny unify duplicate CHANGELOG entry 9a8f593
Commits on Jul 01, 2013
@carsonreinke carsonreinke Incorrectly providing program name the same as log message even when …
…block is not provided.
4265f1b
@rafaelfranca rafaelfranca Merge pull request #8881 from carsonreinke/3-2-stable
3-2-stable ActiveSupport::TaggedLogging logging progname issue
b977181
Commits on Jul 03, 2013
@spastorino spastorino Add missing require e359e3a
Commits on Jul 06, 2013
@rafaelfranca rafaelfranca Skip connection url test when the machine is using socket configuration.
The connection url parssing don't accept the socket option
29106ce
@rafaelfranca rafaelfranca Remove warning of assigned but unused variable a72a0eb
@rafaelfranca rafaelfranca New changelog entries always on the top [ci skip] b5830d1
Commits on Jul 08, 2013
@rafaelfranca rafaelfranca Add license to the gemspec 2ce875d
@rafaelfranca rafaelfranca Remove git dependecy c4ad10e
Commits on Jul 09, 2013
@rafaelfranca rafaelfranca Do not shallow the original exception in exec_cache
when result_error_field is not defined on result raise the original
exception.

Fixes #11260
d704c1c
@pixeltrix pixeltrix Retain offset and fraction when using Time.at_with_coercion
The standard Ruby behavior for Time.at is to return the same type of
time when passing an instance of Time as a single argument. Since the
an ActiveSupport::TimeWithZone instance may be a different timezone than
the system timezone and DateTime just understands offsets the best we
can do is to return an instance of Time with the correct offset.

It also maintains the correct fractional second value as well.

Fixes #11350.

Backports:
4842535
1b38737
ccad803
@pixeltrix pixeltrix Return local time for backwards compatibility b775987
Commits on Jul 10, 2013
@pixeltrix pixeltrix Add missing require so that DateTime has the right superclass
If the DateTime core extensions were loaded before the Date core extensions
then you would get a superclass mismatch as DateTime hasn't been defined
yet so it gets set to Object by the acts_like core extension.

Fixes #11206

(cherry picked from commit 78f7d5b)
714cb5a
Commits on Jul 13, 2013
@rafaelfranca rafaelfranca Preparing for 3.2.14.rc1 release facfc24
Commits on Jul 15, 2013
@senny senny Merge pull request #11451 from jetthoughts/11450_do_not_resave_destro…
…yed_association

Do not re-save destroyed association on saving parent object
Conflicts:
	activerecord/lib/active_record/autosave_association.rb
2ae2728
@senny senny Merge pull request #11451 from jetthoughts/11450_do_not_resave_destro…
…yed_association

Do not re-save destroyed association on saving parent object
Conflicts:
	activerecord/lib/active_record/autosave_association.rb

Conflicts:
	activerecord/CHANGELOG.md
1c2545a
@rafaelfranca rafaelfranca Use Ruby 1.8 syntax 66cba60
@rafaelfranca rafaelfranca Use Ruby 1.8 syntax 1900a56
Commits on Jul 16, 2013
@rafaelfranca rafaelfranca Preparing for 3.2.14.rc2 release a96df04
Commits on Jul 17, 2013
@arunagw arunagw Removed unused test file
This test file is not be running from a long time
This test is already covered in controller/caching_test.rb
fc0faaa
@carlosantoniodasilva carlosantoniodasilva Merge pull request #11468 from arunagw/removed_unsed_test
Removed unused test file
ac5cc69
Commits on Jul 18, 2013
@wolframarnold wolframarnold Add respond_to_missing? for TaggedLogging which is needed if another …
…log abstracter wraps a TaggedLogging instance.

It's also best practice when overriding method_missing.
803008e
@907th 907th Fix `assert_redirected_to` does not show user-supplied message.
Issue: when `assert_redirected_to` fails due to the response redirect not
matching the expected redirect the user-supplied message (second parameter)
is not shown. This message is only shown if the response is not a redirect.
0f5ba6e
@rafaelfranca rafaelfranca Merge pull request #10800 from 907th/fix-custom-message-for-assert_re…
…directed_to

Fix #10842. `assert_redirected_to` does not show user-supplied message.
39441f7
@rafaelfranca rafaelfranca Merge pull request #11486 from wolframarnold/3-2-stable_fix_respond_t…
…o_missing_in_tagged_loggging

3-2-stable patch: Add respond_to_missing? in TaggedLoggging
ed19c02
Commits on Jul 21, 2013
@pixeltrix pixeltrix Add test to prevent route reloading regression
Journey doesn't clear its named route hash when the routes are reloaded but
Rails 3.2 isn't affected because Journey overwrites the existing route. This
is just a backport of the test to make sure it doesn't become affected in
some future release.
d835307
Commits on Jul 22, 2013
@rafaelfranca rafaelfranca Update CHANGELOG entry 47fb44f
@rafaelfranca rafaelfranca Preparing for 3.2.14 release 2fcd13e
@rafaelfranca rafaelfranca Fix activemodel CHANGELOG c69ccea
@rafaelfranca rafaelfranca Merge branch '3-2-14' into 3-2-stable 2b3ce86
@rafaelfranca rafaelfranca Fix actionpack CHANGELOG entry
It was included by git on the wrong release
e0db277
Commits on Jul 23, 2013
@90yukke 90yukke Fix merge error when Equality LHS is non-attribute.
This is reworking of rails/rails#7380 made for rails 3.
b289519
@rafaelfranca rafaelfranca Merge pull request #11563 from 90yukke/fix-nomethoderror-on-non-attri…
…bute-equalities

Fix merge error when Equality LHS is non-attribute.
c4b93f5
Commits on Jul 24, 2013
@alfredw alfredw Specified column type for quote_value
When calling quote_value the underlying connection sometimes requires
more information about the column to properly return the correct quoted
value.

I ran into this issue when using optimistic locking in JRuby and the
activerecord-jdbcmssql-adapter. In SQLSever 2000, we aren't allowed to
insert a integer into a NVARCHAR column type so we need to format it as
N'3' if we want to insert into the NVARCHAR type. Unfortuantely, without
the column type being passed the connection adapter cannot properly return
the correct quote value because it doesn't know to return N'3' or '3'.

This patch is fairly straight forward where it just passes in the column
type into the quote_value, as it already has the ability to take in the column,
so it can properly handle at the connection level.

I've added the tests required to make sure that the quote_value method
is being passed the column type so that the underlying connection can
determine how to quote the value.

Conflicts:
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/locking/optimistic.rb
33e1604
@Empact Empact Tidy up the "Specified column type for quote_value" changes
This includes fixing typos in changelog, removing a deprecated
mocha/setup test require, and preferring the `column_for_attribute`
accessor over direct access to the columns_hash in the new code.

Conflicts:
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/locking/optimistic.rb
b4dea61
@rafaelfranca rafaelfranca Fix broken test
quote_value is called on the object not the class
1463fbe
Commits on Jul 31, 2013
@rafaelfranca rafaelfranca Move changelog entry to the top [ci skip] 773eca0
Commits on Aug 05, 2013
@kassio kassio Load fixtures from linked folders 0ec701d
@rafaelfranca rafaelfranca Merge pull request #11765 from kassio/load-fixtures-from-linked-folder
Load fixtures from linked folder
5f8a7d1
@siong1987 siong1987 Make `rake doc:guides` works again. Fix #10384.
Conflicts:
	railties/guides/rails_guides.rb
	railties/lib/rails/tasks/documentation.rake
946ad5d
Commits on Aug 18, 2013
Eugene Kalenkovich Fix test incompatible with 1.8.7 93f1a72
@guilleiguaran guilleiguaran Merge pull request #11930 from UncleGene/ties_test
Fix test incompatible with 1.8.7
6d9050b
Eugene Kalenkovich Fix 1.8.7 incompatible respond_to_missing adf6e30
Commits on Aug 24, 2013
@kassio kassio fix issue #11605 424a5a7
Commits on Aug 26, 2013
@rafaelfranca rafaelfranca Merge pull request #12006 from kassio/11605-render-with-context-format
Render with context format
e0fc5da
Commits on Aug 27, 2013
@tenderlove tenderlove Merge pull request #12048 from tjouan/app_generator-bin_perms-umask
Comply with current umask when generating new app
Conflicts:
	railties/lib/rails/generators/rails/app/app_generator.rb
59a3561
Commits on Aug 30, 2013
@Ben-M Ben-M Fix STI scopes using benolee's suggestion. Fixes #11939 cf1904f
Commits on Sep 06, 2013
Brian Hahn pass the extra params to the rack test environment so that routes wit…
…h block constraints have access
03ac291
Commits on Sep 09, 2013
@arthurnn arthurnn on SchemaCache use the connection getter instead of the obj given f0301e3
Commits on Sep 10, 2013
@spastorino spastorino Merge pull request #12176 from arthurnn/ar32_schema_cache
on SchemaCache use the connection getter instead of the obj given
143e009
@steveklabnik steveklabnik Merge pull request #9368 from CrowdFlower/3-2-stable
PR #5219 backported to 3-2
cff8d1d
Commits on Sep 12, 2013
Eugene Kalenkovich Fix FinderMethods#last unscoped primary key
Fixes table.joins(:relation).last(N) breaking on sqlite

Conflicts:
	activerecord/CHANGELOG.md
	activerecord/test/cases/finder_test.rb
c9642e3
@rafaelfranca rafaelfranca Merge pull request #12196 from h-lame/fix-activesupport-cache-filesto…
…re-cleanup

Fix FileStore#cleanup to no longer rely on missing each_key method
Conflicts:
	activesupport/CHANGELOG.md
	activesupport/test/caching_test.rb
c539c68
Commits on Sep 25, 2013
@rafaelfranca rafaelfranca Merge pull request #12359 from arthurnn/inverse_on_callbacks
Make sure inverse_of is visible on the has_many callbacks
Conflicts:
	activerecord/CHANGELOG.md
	activerecord/test/models/company.rb
fdc3c08
@arthurnn arthurnn on tests: dont always touch firm on validate e1bb9fc
Commits on Sep 26, 2013
@rafaelfranca rafaelfranca Merge pull request #12364 from arthurnn/test_fix_validate
Fix query counters when testing with IdentityMap on 3.2
e82ceca
@arthurnn arthurnn fix inverse_of when find_or_initialize_by_*
inverse_of relation was not being set when calling find_or_initialize_by_ and the entry was
found on the db.
fed6ac9
Commits on Sep 28, 2013
@rafaelfranca rafaelfranca Use Ruby 1.8 hash syntax 50a9644
Commits on Sep 29, 2013
@rafaelfranca rafaelfranca Merge pull request #12375 from arthurnn/inverse_after_find_or_initialize
Inverse after find or initialize
54c05ac
Commits on Sep 30, 2013
@arthurnn arthurnn Move set_inverse_instance to association.build_record
[fixes #10371]
6798604
@rafaelfranca rafaelfranca Merge pull request #12413 from arthurnn/inverse_of_on_build
Inverse of on build
ccd11d5
@NZKoz NZKoz Remove the use of String#% when formatting durations in log messages
This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.
5aee516
Commits on Oct 01, 2013
@tamird tamird make sure both headers are set before checking for ip spoofing 85106de
@pixeltrix pixeltrix Merge pull request #12410 from tamird/fix-ip-spoof-errors
Fix ip spoof errors
83c4b0a
Commits on Oct 03, 2013
@tenderlove tenderlove Merge branch '3-2-stable' into 3-2-sec
* 3-2-stable:
  make sure both headers are set before checking for ip spoofing
  Move set_inverse_instance to association.build_record
befeeb2
@tenderlove tenderlove Merge pull request #12084 from Ben-M/3-2-stable
Fix STI scopes using benolee's suggestion. Fixes #11939
31c79e2
@tenderlove tenderlove bumping version to 3.2.15.rc1 5e277c8
Commits on Oct 04, 2013
@arthurnn arthurnn Add back set_inverse_instance on .add_to_target
We must have it in there too, so when an existent record is being concat to another,
we will have the inverse relation.
655396c
@arthurnn arthurnn add regression test for set_inverse_instance on add_to_target fc59e99
@rafaelfranca rafaelfranca Merge pull request #12443 from arthurnn/add_inverse_of_add_target
Add inverse of add target
7ed5bdc
@rafaelfranca rafaelfranca Merge pull request #12443 from arthurnn/add_inverse_of_add_target
Add inverse of add target
73dff26
@tenderlove tenderlove bumping to rc2 5ede19b
Commits on Oct 10, 2013
@rafaelfranca rafaelfranca Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_ta…
…rget"

This reverts commit 7ed5bdc, reversing
changes made to 31c79e2.

Reason: this caused a regression when the associated record is creted in
a before_create callback.

See #12413 (comment)
9639f65
@rafaelfranca rafaelfranca Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
This reverts commit ccd11d5, reversing
changes made to 54c05ac.

Reason: This caused a regression when the associated record is created
in a before_create callback. See
#12413 (comment)
6a185aa
@rafaelfranca rafaelfranca Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_ta…
…rget"

This reverts commit 7ed5bdc, reversing
changes made to 31c79e2.

Reason: this caused a regression when the associated record is creted in
a before_create callback.

See #12413 (comment)
fbc69ac
@rafaelfranca rafaelfranca Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
This reverts commit ccd11d5, reversing
changes made to 54c05ac.

Reason: This caused a regression when the associated record is created
in a before_create callback. See
#12413 (comment)
38aefa5
Commits on Oct 11, 2013
@tenderlove tenderlove bumping to rc3 e3abd78
Commits on Oct 15, 2013
@tenderlove tenderlove Merge branch '3-2-15' into 3-2-sec
* 3-2-15:
  bumping to rc3
  Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
  Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
  bumping to rc2
  Merge pull request #12443 from arthurnn/add_inverse_of_add_target
  bumping version to 3.2.15.rc1
  Fix STI scopes using benolee's suggestion. Fixes #11939
eb8807e
@tenderlove tenderlove bumping to 3.2.15 2a0c440
Commits on Oct 16, 2013
@tenderlove tenderlove updating changelogs 538f8ba
@tenderlove tenderlove Merge branch '3-2-sec' into 3-2-stable
* 3-2-sec:
  updating changelogs
  bumping to 3.2.15
  bumping to rc3
  Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
  Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
  bumping to rc2
  Merge pull request #12443 from arthurnn/add_inverse_of_add_target
  bumping version to 3.2.15.rc1
  Remove the use of String#% when formatting durations in log messages

Conflicts:
	activerecord/CHANGELOG.md
5f844d6
Commits on Dec 01, 2013
@tenderlove tenderlove Only use valid mime type symbols as cache keys
CVE-2013-6414
bee3b7f
Commits on Dec 02, 2013
@NZKoz NZKoz Escape the unit value provided to number_to_currency
Fixes CVE-2013-6415

Previously the values were trusted blindly allowing for potential XSS attacks.
5ed70c5
@NZKoz NZKoz Stop using i18n's built in HTML error handling.
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans.  Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.

Fixes: CVE-2013-4491

Conflicts:
	actionpack/lib/action_view/helpers/translation_helper.rb

Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
78790e4
@NZKoz NZKoz Deep Munge the parameters for GET and POST
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.

Fixes CVE-2013-6417

Conflicts:
	actionpack/lib/action_dispatch/http/request.rb
d5a4095
Commits on Dec 03, 2013
@tenderlove tenderlove updating the changelog 6422630
Commits on Dec 04, 2013
@kratob kratob repair a test broken by the number_to_currency XSS fix 9e625d6
@rafaelfranca rafaelfranca Merge pull request #13162 from makandra/3-2-stable
Repair a test broken by the number_to_currency XSS fix
9c60e3d
@rafaelfranca rafaelfranca Fix documentation of number_to_currency helper
Now users have to explicit mark the unit as safe if they trust it.

Closes #13161
c82025f
Commits on Dec 05, 2013
@carlosantoniodasilva carlosantoniodasilva Merge pull request #13183 from sorah/never_ignore_i18n_translate_rais…
…e_option

Escalate missing error when :raise is true in translate helper, fix regression introduced by security fix.

Conflicts:
	actionpack/CHANGELOG.md
31a485f
Commits on Dec 14, 2013
@tyre tyre Update Session Store Documentation
session_id doesn't need to be a text column, just string (VARCHAR)
1805682
@rafaelfranca rafaelfranca Merge pull request #13315 from tyre/patch-1
Update Session Store Documentation
3a429e6
Commits on Jan 06, 2014
@simi simi Fix force_ssl.rb documentation. Close tt tag.
[ci skip]
c13eb1c
@dmathieu dmathieu Merge pull request #13613 from simi/patch-1
Fix force_ssl.rb documentation. Close tt tag.
5a84d3e
Commits on Feb 18, 2014
@rafaelfranca rafaelfranca Escape format, negative_format and units options of number helpers
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.

Fixes: CVE-2014-0081
eaa2101
@rafaelfranca rafaelfranca Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
388d2f8
@rafaelfranca rafaelfranca Preparing for 3.2.17 release 666e9f6
@rafaelfranca rafaelfranca Merge branch '3-2-17' into 3-2-stable
Conflicts:
	actionpack/CHANGELOG.md
a3bda38
Commits on May 05, 2014
@rafaelfranca rafaelfranca Only accept actions without File::SEPARATOR in the name.
This will avoid directory traversal in implicit render.

Fixes: CVE-2014-0130
0f3b7d1
Commits on May 06, 2014
@rafaelfranca rafaelfranca Preparing for 3.2.18 release 4e8f1d2
@rafaelfranca rafaelfranca Fix broken tests of the previous release 50d6b45
@rafaelfranca rafaelfranca Merge branch '3-2-sec' into 3-2-stable
Conflicts:
	actionpack/CHANGELOG.md
bbec7d7
Commits on May 09, 2014
@tenderlove tenderlove use fnmatch to test for case insensitive file systems 03e016f
Commits on May 10, 2014
@tenderlove tenderlove feature detect for FNM_EXTGLOB for older Ruby. Fixes #15053 c40df47
Commits on May 18, 2014
@tenderlove tenderlove Feature detect based on Ruby version.
I didn't want to do this, FNM_EXTGLOB is defined on 2.1.x, but Dir.glob
returns the wrong value on Ruby less than 2.2.0.  Checking for a
case-insensitive FS seems too hard, so just check Ruby version  Checking
for a case-insensitive FS seems too hard, so just check Ruby version.
6a05129
Commits on Jun 18, 2014
@vishalzambre vishalzambre File.exists? is a deprecated name, use File.exist?
File.exists? is a deprecated name, use File.exist?
fca3cc2
@guilleiguaran guilleiguaran Merge pull request #15794 from vishalzambre/patch-1
File.exists? is a deprecated name, use File.exist?
6d800a9
@guilleiguaran guilleiguaran Revert "Merge pull request #15794 from vishalzambre/patch-1"
This reverts commit 6d800a9, reversing
changes made to 6a05129.

We don't apply non-security fixes to 3-2-stable branch!!!
bc90ea6
Commits on Jun 26, 2014
@rafaelfranca rafaelfranca Make sure Active Support configurations are applied correctly
Before this patch configuration set using config.active_support
would not be set.

Closes #15364
297bff7
Commits on Jun 27, 2014
@rafaelfranca rafaelfranca Use a version of execjs compatible with Ruby 1.8 3622858
Commits on Jul 02, 2014
@rafaelfranca rafaelfranca Check against bit string values using multiline regexp
Fix CVE-2014-3482.
1f2192e
@rafaelfranca rafaelfranca Preparing for 3.2.19 release 53c845c
@rafaelfranca rafaelfranca Merge branch '3-2-sec' into 3-2-stable c43f20a
Commits on Aug 04, 2014
@spastorino spastorino Regenerate sid when sbdy tries to fixate the session
Fixed broken test.

Thanks Stephen Richards for reporting.
11fd052
Commits on Oct 29, 2014
@tenderlove tenderlove FileHandler should not be called for files outside the root
FileHandler#matches? should return false for files that are outside the
"root" path.

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb
	actionpack/test/dispatch/static_test.rb
3437f26
@tenderlove tenderlove bumping version to 3.2.20 346acea
Commits on Oct 30, 2014
@tenderlove tenderlove Merge branch '3.2.20' into 3-2-stable
* 3.2.20:
  bumping version to 3.2.20
  FileHandler should not be called for files outside the root
03366b1
Commits on Nov 16, 2014
@tenderlove tenderlove correctly escape backslashes in request path globs
Conflicts:
	actionpack/lib/action_dispatch/middleware/static.rb

make sure that unreadable files are also not leaked

CVE-2014-7829
307402f
@tenderlove tenderlove bumping version for relesase ba886f7
Commits on Dec 23, 2014
@tmm1 tmm1 fix ruby 2.2 warning: circular argument reference 8fd5270
@tenderlove tenderlove Check `respond_to` before delegation due to: ruby/ruby@d781caa 047b2a9
Commits on Jan 02, 2015
@rafaelfranca rafaelfranca Test Rails 3.2 with Ruby 2.1 and 2.2 7c8fb95
@rafaelfranca rafaelfranca Merge pull request #18160 from tmm1/3-2-ruby-2-2
3-2-stable: add ruby 2.2 compatibility
288bace
@rafaelfranca rafaelfranca Lock i18n to a version that works with Ruby 1.8 5207620
@hsbt hsbt added dependency of test-unit into activesupport aa01162
Commits on Jan 03, 2015
@tmm1 tmm1 try using newer test-unit gem a51bb36
@tmm1 tmm1 blacklist test-unit's @internal_data ivar 4d70f97
@kou kou switch to minitest and test-unit compatible assert_raise syntax e4a2396
@tmm1 tmm1 convert another incompatible assert_raise invocation 8945a12
@tmm1 tmm1 restore I18n.locale after test afb4fb9
@tmm1 tmm1 fix regex case 79e45a8
@tmm1 tmm1 fix yaml compat on ruby 2.2 98dbc5e
@tmm1 tmm1 parse stringified mime type d22e238
@vipulnsward vipulnsward Fix `singleton_class?`
Due to changes from http://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/39628 current `singleton_class?` implementation fails.
Changed based on reference from http://bugs.ruby-lang.org/issues/7609

Conflicts:
	activesupport/lib/active_support/core_ext/class/attribute.rb
2f55808
@tmm1 tmm1 use self.method syntax to resolve circular argument issues 3a30b12
@tmm1 tmm1 fix whitespace to match surrounding code 683f541
Commits on Jan 05, 2015
@tmm1 tmm1 add parens to fix warning bcbce4e
Commits on Jan 07, 2015
@rafaelfranca rafaelfranca Merge pull request #18306 from tmm1/rm-3-2-with-ruby-2-1-plus
3-2-stable: ruby 2.2 compatibility
292f6c9
@rafaelfranca rafaelfranca Remove hard dependency on test-unit
Instead show a error message asking users to add the gem to their
Gemfile if test-unit could not be loaded.
8f92edb
@rafaelfranca rafaelfranca Only use old i18n when version is not compatible 6cb7024
@rafaelfranca rafaelfranca pg 0.18 not support Ruby < 1.9.3 37f2def
Commits on Jan 29, 2015
@jgeiger jgeiger Fix ruby 2.2 comparable warnings
Check for correct value type in activerecord/fixtures.rb
Check that zone can respond to expected values to make the comparison.
abce1aa
@rafaelfranca rafaelfranca Merge pull request #18718 from jgeiger/fix_ruby_2_2_comparable_warnings
Fix ruby 2.2 comparable warnings
b344986
Commits on Jun 16, 2015
@tenderlove tenderlove enforce a depth limit on XML documents
XML documents that are too deep can cause an stack overflow, which in
turn will cause a potential DoS attack.

CVE-2015-3227

Conflicts:
	activesupport/lib/active_support/xml_mini.rb
153cc84
@rafaelfranca rafaelfranca Preparing for 3.2.22 release 180aad3
@rafaelfranca rafaelfranca Removing inaccurate note on the releasing guide 9dc8ddc
@rafaelfranca rafaelfranca Merge branch '3-2-sec' into 3-2-stable 2077091
Commits on Jun 18, 2015
@moklett moklett Fix typo in version number
Fixes a simple copy-and-paste mistake by bumping the patch version number in the CHANGELOG.
e4d0e36
@rafaelfranca rafaelfranca Merge pull request #20629 from moklett/patch-1
Fix typo in version number
d94d77c
Commits on Jan 14, 2016
@arthurnn arthurnn fix build, forcing i18n to verion 0.6.x 323b38c
Commits on Jan 15, 2016
@arthurnn arthurnn Fix mysql2 build
mysql 0.3.x is forced here activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb
ba54be3
@arthurnn arthurnn rack-cache 1.3+ dont work with old ruby versions a3f2402
@arthurnn arthurnn update bundler message d25e79f
Commits on Jan 22, 2016
@tenderlove tenderlove use secure string comparisons for basic auth username / password
this will avoid timing attacks against applications that use basic auth.

Conflicts:
	activesupport/lib/active_support/security_utils.rb

Conflicts:
	actionpack/lib/action_controller/metal/http_authentication.rb

CVE-2015-7576
a6fa396
@tenderlove tenderlove stop caching mime types globally
Unknown mime types should not be cached globally.  This global cache
leads to a memory leak and a denial of service vulnerability.

CVE-2016-0751
127967b
@pixeltrix pixeltrix Don't short-circuit reject_if proc
When updating an associated record via nested attribute hashes the
reject_if proc could be bypassed if the _destroy flag was set in the
attribute hash and allow_destroy was set to false.

The fix is to only short-circuit if the _destroy flag is set and the
option allow_destroy is set to true. It also fixes an issue where
a new record wasn't created if _destroy was set and the option
allow_destroy was set to false.

CVE-2015-7577
cdabc95
@tenderlove tenderlove allow :file to be outside rails root, but anything else must be insid…
…e the rails view directory

Conflicts:
	actionpack/test/controller/render_test.rb
	actionview/lib/action_view/template/resolver.rb

CVE-2016-0752
18269d2
Commits on Jan 25, 2016
@tenderlove tenderlove bumping version 8d86637
@tenderlove tenderlove Merge branch '3-2-sec' into 3-2-stable
* 3-2-sec:
  bumping version
  allow :file to be outside rails root, but anything else must be inside the rails view directory
  Don't short-circuit reject_if proc
  stop caching mime types globally
  use secure string comparisons for basic auth username / password
3b4398b
@simi simi Use Ruby 1.8 compat syntax in actionpack/lib/action_view/template/res…
…olver.rb.

closes GH-23248
7f71b4d
@simi simi Use Ruby 1.8 compat syntax in test of security fix in activerecord/te…
…st/cases/nested_attributes_test.rb.
20f943b
@tenderlove tenderlove Merge pull request #23250 from simi/3-2-stable-1-8
Fix 3-2-stable 1.8 compatibility.
c9d3363
@pixeltrix pixeltrix Use 1.8 compatible hash syntax 1cae560
Commits on Jan 26, 2016
@pixeltrix pixeltrix Lock test-unit to 3.0.x releases
Due to a change in test-unit 3.1.6 that supports yielding from setup to
run a test, lock 3-2-stable to 3.0.x releases of test-unit to fix the build.
0ace051
Commits on Jan 28, 2016
@eileencodes eileencodes Regression test for rendering file from absolute path
Test that we are not allowing you to grab a file with an absolute path
outside of your application directory. This is dangerous because it
could be used to retrieve files from the server like `/etc/passwd`.
81a4451
@eileencodes eileencodes Fix hash syntax for 1.8.7
Rails 3.2 supports 1.8.7 but 1.8.7 does not support the new hash syntax.
457de37
@eileencodes eileencodes Run `file.close` before unlinking for travis
This works on OSX but for some reason travis is throwing a
```
  1) Error:
ExpiresInRenderTest#test_dynamic_render_with_absolute_path:
NoMethodError: undefined method `unlink' for nil:NilClass
```
Looking at other tests in Railties the file has a name and we close
it before unlinking, so I'm going to try that.
a7a376a
Commits on Feb 02, 2016
@tenderlove tenderlove Generated engines should protect from forgery
Generated engines should call `protect_from_forgery`.  If this method
isn't called, then the Engine could be susceptible to XSS attacks.
Thanks @tomekr for reporting this to us!

Conflicts:
	railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt
	railties/test/generators/plugin_generator_test.rb
9892626