New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patch 9, xss in legacy auto_link #6479
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will make sure `render :inline` is working. Closes #1633
This will make sure `render :inline` is working. Closes #1633
Render inline fix for 3-0-stable
Render inline fix for 3-0-9
…er string" This reverts commit 104e200.
… location of the config.yml file for running the tests
* 3-0-stable: Add support for using an ARCONFIG environment variable to specify the location of the config.yml file for running the tests Define ActiveSupport#to_param as to_str - closes #1663 Revert "Make sure that we don't perform in-place mutation on SafeBuffer string" Make sure that we don't perform in-place mutation on SafeBuffer string Update CHANGELOG to mention the json_escape change Ensure number helpers can handle HTML safe strings - closes #1597. ensuring that json_escape returns html safe strings when passed an html safe string Fix issue #1598 by adding a dependency to the RDoc gem. Make sure `escape_javascript` return `SafeBuffer` if the incoming argument is already html_safe Conflicts: actionpack/CHANGELOG
* '3-0-9' of github.com:rails/rails: Make sure that we don't perform in-place mutation on SafeBuffer string Update CHANGELOG to mention the json_escape change Ensure number helpers can handle HTML safe strings - closes #1597.
* 3-0-stable-security: Ensure [] respects the status of the buffer. use AS::SafeBuffer#clone_empty for flushing the output_buffer add AS::SafeBuffer#clone_empty fix output safety issue with select options
* 3-0-12: bumping to 3.0.12 Ensure [] respects the status of the buffer. updating RAILS_VERSION use AS::SafeBuffer#clone_empty for flushing the output_buffer add AS::SafeBuffer#clone_empty fix output safety issue with select options
Logic in clone_empty method was dealing with old @dirty variable, which has changed by @html_safe in this commit: 139963c This was issuing a "not initialized variable" warning - related to: #5237 The logic applied by this method is already handled by the [] override, so there is no need to reset the variable here.
Fix test ree 3-0-stable
Strip null bytes from Location header Conflicts: actionpack/test/controller/redirect_test.rb
Fix typo in redirect test
Also skip persistente tests related to UPDATE + ORDER BY for postgresql PostgreSQL does not support updates with order by, and these tests are failing randomly depending on the fixture loading order now. Conflicts: activerecord/test/cases/associations/join_model_test.rb activerecord/test/cases/associations/nested_through_associations_test.rb activerecord/test/cases/clone_test.rb activerecord/test/cases/dup_test.rb activerecord/test/cases/relations_test.rb activerecord/test/cases/yaml_serialization_test.rb
Fix build for branch 3-0-stable
Due to the hash ordering changes on Ruby 1.8.7-p358.
Issue with schema dump
Fix build for branch 3-0-stable - failing in ruby 1.8.8-p358
Fix build for branch 3-0-stable - Ruby 1.9.3
with Oracle for the 3-0-stable branch
…or_3_0 Address an error for test_has_many_through_polymorphic_has_one with Oracle
Fix build for branch 3-0-stable - ARes and ordered hash keys
Backport Bugfix: Stack Overflow (3-0-stable)
New versions of mocha don't allow nil.stubs
@homakov if you screw up a PR, you can always just force push to your branch, and GH will update the commit range. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
backport PR