Commits

Show all
Author Commit Message Labels Comments Date
Michael Koziarski
Prepare for the 2.3.11 release
Michael Koziarski
Change the CSRF whitelisting to only apply to get requests Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
Michael Koziarski
Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. This fixes CVE-2011-0446
tenderlove
fixing invalid yaml [#4418 state:resolved] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
Jamis Buck
Revert "make TestCaseTest work for pre-1.9 rubies, too" This reverts commit 8378a44ff9ea2f60a92af6dc45ac87b47e279fce.
Jamis Buck
Revert "scrub instance variables from test cases on teardown" This reverts commit b5cf2b4b82de877c07bb2cca02085d2b3ec195e0.
Jamis Buck
Revert "rein in GC during tests by making them run (at most) once per second" This reverts commit a0c761dc6b3d840852be35af59b143e2016acf9d.
Jamis Buck
rein in GC during tests by making them run (at most) once per second this can provide a significant performance boost during testing, by preventing the GC from running too frequently.
Jamis Buck
scrub instance variables from test cases on teardown this prevents test state from accumulating, resulting in leaked objects and slow tests due to overactive GC.
Jamis Buck
make TestCaseTest work for pre-1.9 rubies, too
Johnathan Ritzi
Fix doc for #check_box [#6311 state:resolved] Signed-off-by: Xavier Noria <fxn@hashref.com>
Jeremy Kemper
Revert "use Object#class instead of Object#type" This reverts commit 08d94d3f7eafd99f16ea91359389c81be7ad3225.
Tomasz Pajor
use Object#class instead of Object#type
Mikel Lindsaar
Updating documentation on ActionMailer base to show a multipart email with attachments
Mikel Lindsaar
Correcting actionmailer guide for Rails 2.3
Michael Koziarski
Require thread explicitly rather than relying on rubygems to do it.
Michael Koziarski
Revert "In nested_attributes when association is not loaded and association record is saved then in memory record attributes should be saved" This reverts commit 12bbc34aca509aba5032e8cc8859ef0c0c845cca. It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc. Leaving it in 3.0, but removing from 2.3
Will Bryant
Don't add non-new records back to the target array after loading targets on associations, as that makes destroy_all destroy any created records that don't match the scope destroy_all is called on Signed-off-by: Michael Koziarski <michael@koziarski.com>
paukul
Let Rack::Utils.set_cookie_header! create the Set-Cookie header instead of manually fiddling with the response headers [#4941 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>
José Valim
Revert "Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings" This reverts commit 36b91e34f493a52bece1193b85b01aa89a813061. Conflicts: actionpack/test/activerecord/active_record_store_test.rb
cainz
Fix ActiveRecord calculations when grouped by multiple fields
Tom Stuart
Backport BlankSlate removal from ActiveSupport::BasicObject [#5911 state:resolved] This is a backport of dd15a3fee0ded53cf91c7796e3527db366d1327a. Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
Andrew White
Don't write out secure cookies unless the request is secure
Andrew White
Don't create a deprecation proxy object if the variable was passed in local_assigns [#1671 state:resolved]
tenderlove
removing space errors
Omar Qureshi
Fix AbstractStore so that it preserves Set-Cookie header as an array, rather than as newline separated strings
toby cabot
bug 1108: yield to block provided to find_or_create_by_x Starting in 2.3.8 we stopped yielding to blocks passed in to find_or_create_by_x methods. This patch restores that behavior and adds a case to test it.
toby cabot
bug 1108: fix a bug with find_or_create_by and additional values There was a bug with find_or_create_by_x introduced in 2.3.9 - if you included extra parameters for the create() then those parameters would confuse the find() so you'd never get to the create(). This patch filters the parameters so we only pass to find() the subset that it's interested in. The code for the filtering was modelled on the code in base.rb's method_missing().
Michael Koziarski
Prepare for the 2.3.10 release
Michael Koziarski
Revert 7d2173ec5c68e10807da96f4bc8bc6ab1e89c167 which introduced a security vulnerability. This addresses CVE-2010-3933
  1. Prev
  2. Next