5 files changed, 19 insertions, 11 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index f57158f38e..ada5a57f3b 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   Set `NameError#name` when STI-class-lookup fails.
+
+    *Chulki Lee*
+
 *   Fix bug in `becomes!` when changing from the base model to a STI sub-class.
 
     Fixes #13272.
@@ -61,7 +65,7 @@
     class: `ActiveRecord::ConnectionHandling::MergeAndResolveDefaultUrlConfig`.
 
     To understand the exact behavior of this class, it is best to review the
-    behavior in `activerecord/test/cases/connection_adapters/connection_handler_test.rb`
+    behavior in `activerecord/test/cases/connection_adapters/connection_handler_test.rb`.
 
     *Richard Schneeman*
 
@@ -407,7 +411,7 @@
     *kostya*, *Lauro Caetano*
 
 *   `type_to_sql` returns a `String` for unmapped columns. This fixes an error
-    when using unmapped array types in PG
+    when using unmapped PostgreSQL array types.
 
     Example:
 
@@ -446,7 +450,7 @@
 
 *   Update counter cache on a `has_many` relationship regardless of default scope.
 
-    Fix #12952.
+    Fixes #12952.
 
     *Uku Taht*
 
@@ -457,9 +461,10 @@
 
     *Cody Cutrer*, *Yves Senn*
 
-*   Raise `ActiveRecord::RecordNotDestroyed` when a replaced child marked with `dependent: destroy` fails to be destroyed.
+*   Raise `ActiveRecord::RecordNotDestroyed` when a replaced child
+    marked with `dependent: destroy` fails to be destroyed.
 
-    Fix #12812
+    Fixex #12812.
 
     *Brian Thomas Storti*
 
@@ -1365,6 +1370,7 @@
     *Yves Senn*
 
 *   Fix the `:primary_key` option for `has_many` associations.
+
     Fixes #10693.
 
     *Yves Senn*
@@ -1489,7 +1495,7 @@
 
 *   Trigger a save on `has_one association=(associate)` when the associate contents have changed.
 
-    Fix #8856.
+    Fixes #8856.
 
     *Chris Thompson*
 
diff --git a/activerecord/lib/active_record/inheritance.rb b/activerecord/lib/active_record/inheritance.rb
index 949e7678a5..69896f7219 100644
--- a/activerecord/lib/active_record/inheritance.rb
+++ b/activerecord/lib/active_record/inheritance.rb
@@ -126,7 +126,7 @@ module ActiveRecord
             end
           end
 
-          raise NameError, "uninitialized constant #{candidates.first}"
+          raise NameError.new("uninitialized constant #{candidates.first}", candidates.first)
         end
       end
 
diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
index cb8e564da1..4bc6002bfe 100644
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -1301,9 +1301,11 @@ class BasicsTest < ActiveRecord::TestCase
   end
 
   def test_compute_type_nonexistent_constant
-    assert_raises NameError do
+    e = assert_raises NameError do
       ActiveRecord::Base.send :compute_type, 'NonexistentModel'
     end
+    assert_equal 'uninitialized constant ActiveRecord::Base::NonexistentModel', e.message
+    assert_equal 'ActiveRecord::Base::NonexistentModel', e.name
   end
 
   def test_compute_type_no_method_error
diff --git a/activesupport/lib/active_support/core_ext/hash/conversions.rb b/activesupport/lib/active_support/core_ext/hash/conversions.rb
index 2684c772ea..7bea461c77 100644
--- a/activesupport/lib/active_support/core_ext/hash/conversions.rb
+++ b/activesupport/lib/active_support/core_ext/hash/conversions.rb
@@ -105,7 +105,7 @@ class Hash
     #   hash = Hash.from_xml(xml)
     #   # => {"hash"=>{"foo"=>1, "bar"=>2}}
     #
-    # DisallowedType is raise if the XML contains attributes with <tt>type="yaml"</tt> or
+    # DisallowedType is raised if the XML contains attributes with <tt>type="yaml"</tt> or
     # <tt>type="symbol"</tt>. Use <tt>Hash.from_trusted_xml</tt> to parse this XML.
     def from_xml(xml, disallowed_types = nil)
       ActiveSupport::XMLConverter.new(xml, disallowed_types).to_h
diff --git a/guides/source/security.md b/guides/source/security.md
index 21cc3deb8a..c367604d6f 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -150,7 +150,7 @@ Another countermeasure is to _save user-specific properties in the session_, ver
 
 ### Session Expiry
 
-NOTE: _Sessions that never expire extend the time-frame for attacks such as cross-site reference forgery (CSRF), session hijacking and session fixation._
+NOTE: _Sessions that never expire extend the time-frame for attacks such as cross-site request forgery (CSRF), session hijacking and session fixation._
 
 One possibility is to set the expiry time-stamp of the cookie with the session id. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to _expire sessions in a database table_. Call `Session.sweep("20 minutes")` to expire sessions that were used longer than 20 minutes ago.
 
@@ -354,7 +354,7 @@ Having one single place in the admin interface or Intranet, where the input has
 
 Refer to the Injection section for countermeasures against XSS. It is _recommended to use the SafeErb plugin_ also in an Intranet or administration interface.
 
-**CSRF** Cross-Site Reference Forgery (CSRF) is a gigantic attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.
+**CSRF** Cross-Site Request Forgery (CSRF), also known as Cross-Site Reference Forgery (XSRF), is a gigantic attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.
 
 A real-world example is a [router reconfiguration by CSRF](http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352). The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had their credentials stolen.