1. mirror
  2. rails

Commits

Show all
Author Commit Message Date Builds
Michael Koziarski
Change the CSRF whitelisting to only apply to get requests Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
Branches
2-1-stable
Beau Harrington
Remove redundant checks for valid character regexp in ActiveSupport::Multibyte#clean and #verify. [#3181 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
Michael Koziarski
Clean tag attributes before passing through the escape_once logic. Addresses CVE-2009-3009
Branches
2-1-stable
Manfred Stienstra
Add methods for string verification and encoding cleanup code. Signed-off-by: Michael Koziarski <michael@koziarski.com>
Branches
2-1-stable
Joshua Sierles
Allow memcache-client versions > 1.5.x to override bundled version Signed-off-by: Joshua Peek <josh@joshpeek.com>
Branches
2-1-stable
Jeremy Kemper
Don't append limit to primary key column definition. Freeze some constants.
Branches
2-1-stable
Geoff Buesing
TimeWithZone#- gives correct result with wrapped DateTime, and with DateTime argument
Branches
2-1-stable
Jeremy Kemper
Revert "Make constantize look into ancestors" [#410 state:open] This reverts commit eca79e6bf052041c018c7ba08750238f8b2ecb7a.
Branches
2-1-stable
Jeremy Kemper
Make constantize look into ancestors [#410 state:resolved] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> Conflicts: activesupport/lib/active_support/inflector.rb
Branches
2-1-stable
Frederick Cheung
Fixed session related memory leak [#1558 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
Branches
2-1-stable
Jeremy Kemper
Revert "Fix: counter_cache should decrement on deleting associated records." [#1196 state:open] This reverts commit 757e4364dc3f808f0002a6c8cb03531e69e2f356.
Branches
2-1-stable
miloops
Fix: counter_cache should decrement on deleting associated records. [#1195 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
Ben Symonds
Change field_changed? method to handle the case where a nullable integer column is changed from 0 to '0' [#1530 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
Tom Lea
Changed the fallback String#each_char to use valid 1.9 syntax. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
Michael Koziarski
Verify form submissions for text/plain posts too. Some browsers can POST requests with text/plain encoding, allowing attackers to potentially subvert the request forgery prevention. http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
Branches
2-1-stable
Geoff Buesing
Merge branch '2-1-stable' of git@github.com:rails/rails into 2-1-stable
Branches
2-1-stable
Geoff Buesing
TimeZone offset tests: use current_period, to ensure TimeZone#utc_offset is up-to-date
Branches
2-1-stable
Phil Ross
TimeZone: Caracas GMT offset changed to -4:30 [#1361 state:resolved]
Branches
2-1-stable
Geoff Buesing
Update bundled TZInfo to 0.3.12
Branches
2-1-stable
Pratik Naik
Rails now requires rubygems 1.3.1 of higher.
Branches
2-1-stable
Pratik Naik
Deprecate update_attribute_with_validation_skipping. [#1357 state:resolved]
Branches
2-1-stable
Pratik Naik
Simplify ActiveRecord::Base#update_attribute
Branches
2-1-stable
Michael Koziarski
Remove reference to fformat to restore support for postgres gem.
Branches
2-1-stable
Adam Majer
Fix binary data corruption bug in PostgreSQL adaptor 1. Move the binary escape/unescape from column to the driver - we should store binary data AR just like most other adaptors 2. check to make sure we only unescape bytea data PGresult.ftype( column ) == 17 that is passed to us in escaped format PGresult.fformat( column ) == 0 Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1063 state:committed]
Branches
2-1-stable
Pratik Naik
Revert "Fix script/console --sandbox warning. [#1194 state:resolved]" This reverts commit bbb2fda11564b2d40c6c07c5a3c91cccb77fb653.
Branches
2-1-stable
Jeffrey Hardy
Fix incorrect closing CDATA delimiter. Add tests for CDATA nodes. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
Jeffrey Hardy
Fix that HTML::Node.parse would blow up on unclosed CDATA sections. If an unclosed CDATA section is encountered and parsing is strict, an exception will be raised. Otherwise, we consider the remainder of the line to be the section contents. This is consistent with HTML::Tokenizer#scan_tag. Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Branches
2-1-stable
David Heinemeier Hansson
Latest release.rb script
Tags
v2.1.2
Branches
2-1-stable
David Heinemeier Hansson
Fix changelog for 2.1.1, all the 2.2.0 changes had snuck in there
Branches
2-1-stable
David Heinemeier Hansson
Make ready for the 2.1.2 release
Branches
2-1-stable
  1. Prev
  2. Next