9 files changed, 56 insertions, 11 deletions

diff --git a/actionpack/lib/action_dispatch/middleware/callbacks.rb b/actionpack/lib/action_dispatch/middleware/callbacks.rb
index baf9d5779e..f80df78582 100644
--- a/actionpack/lib/action_dispatch/middleware/callbacks.rb
+++ b/actionpack/lib/action_dispatch/middleware/callbacks.rb
@@ -1,6 +1,6 @@
 
 module ActionDispatch
-  # Provide callbacks to be executed before and after the request dispatch.
+  # Provides callbacks to be executed before and after dispatching the request.
   class Callbacks
     include ActiveSupport::Callbacks
 
diff --git a/actionpack/lib/action_dispatch/testing/assertions/routing.rb b/actionpack/lib/action_dispatch/testing/assertions/routing.rb
index e06f7037c6..28dc88d317 100644
--- a/actionpack/lib/action_dispatch/testing/assertions/routing.rb
+++ b/actionpack/lib/action_dispatch/testing/assertions/routing.rb
@@ -144,12 +144,6 @@ module ActionDispatch
           old_controller, @controller = @controller, @controller.clone
           _routes = @routes
 
-          # Unfortunately, there is currently an abstraction leak between AC::Base
-          # and AV::Base which requires having the URL helpers in both AC and AV.
-          # To do this safely at runtime for tests, we need to bump up the helper serial
-          # to that the old AV subclass isn't cached.
-          #
-          # TODO: Make this unnecessary
           @controller.singleton_class.send(:include, _routes.url_helpers)
           @controller.view_context_class = Class.new(@controller.view_context_class) do
             include _routes.url_helpers
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index fcc6523d6e..a4de332d4c 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,15 @@
+*   Change `reflections` public api to return the keys as String objects.
+
+    Fixes #16928.
+
+    *arthurnn*
+
+*   Renaming a table in pg also renames the primary key index.
+
+    Fixes #12856
+
+    *Sean Griffin*
+
 *   Make it possible to access fixtures excluded by a `default_scope`.
 
     *Yves Senn*
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb b/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb
index b4b066c06e..515ff2dd44 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb
@@ -411,7 +411,10 @@ module ActiveRecord
           pk, seq = pk_and_sequence_for(new_name)
           if seq && seq.identifier == "#{table_name}_#{pk}_seq"
             new_seq = "#{new_name}_#{pk}_seq"
+            idx = "#{table_name}_pkey"
+            new_idx = "#{new_name}_pkey"
             execute "ALTER TABLE #{quote_table_name(seq)} RENAME TO #{quote_table_name(new_seq)}"
+            execute "ALTER INDEX #{quote_table_name(idx)} RENAME TO #{quote_table_name(new_idx)}"
           end
 
           rename_table_indexes(table_name, new_name)
diff --git a/activerecord/lib/active_record/fixtures.rb b/activerecord/lib/active_record/fixtures.rb
index 660ba18a98..7c53ee0a9a 100644
--- a/activerecord/lib/active_record/fixtures.rb
+++ b/activerecord/lib/active_record/fixtures.rb
@@ -806,7 +806,9 @@ module ActiveRecord
 
     def find
       if model_class
-        model_class.unscoped.find(fixture[model_class.primary_key])
+        model_class.unscoped do
+          model_class.find(fixture[model_class.primary_key])
+        end
       else
         raise FixtureClassNotFound, "No class attached to find."
       end
diff --git a/activerecord/lib/active_record/reflection.rb b/activerecord/lib/active_record/reflection.rb
index f4a351b092..4219632596 100644
--- a/activerecord/lib/active_record/reflection.rb
+++ b/activerecord/lib/active_record/reflection.rb
@@ -63,7 +63,7 @@ module ActiveRecord
 
       # Returns a Hash of name of the reflection as the key and a AssociationReflection as the value.
       #
-      #   Account.reflections # => {balance: AggregateReflection}
+      #   Account.reflections # => {"balance" => AggregateReflection}
       #
       # @api public
       def reflections
diff --git a/activerecord/test/cases/adapters/postgresql/rename_table_test.rb b/activerecord/test/cases/adapters/postgresql/rename_table_test.rb
new file mode 100644
index 0000000000..056a035622
--- /dev/null
+++ b/activerecord/test/cases/adapters/postgresql/rename_table_test.rb
@@ -0,0 +1,34 @@
+require "cases/helper"
+
+class PostgresqlRenameTableTest < ActiveRecord::TestCase
+  def setup
+    @connection = ActiveRecord::Base.connection
+    @connection.create_table :before_rename, force: true
+  end
+
+  def teardown
+    @connection.execute 'DROP TABLE IF EXISTS "before_rename"'
+    @connection.execute 'DROP TABLE IF EXISTS "after_rename"'
+  end
+
+  test "renaming a table also renames the primary key index" do
+    # sanity check
+    assert_equal 1, num_indices_named("before_rename_pkey")
+    assert_equal 0, num_indices_named("after_rename_pkey")
+
+    @connection.rename_table :before_rename, :after_rename
+
+    assert_equal 0, num_indices_named("before_rename_pkey")
+    assert_equal 1, num_indices_named("after_rename_pkey")
+  end
+
+  private
+
+  def num_indices_named(name)
+    @connection.execute(<<-SQL).values.length
+      SELECT 1 FROM "pg_index"
+        JOIN "pg_class" ON "pg_index"."indexrelid" = "pg_class"."oid"
+        WHERE "pg_class"."relname" = '#{name}'
+    SQL
+  end
+end
diff --git a/guides/source/rails_on_rack.md b/guides/source/rails_on_rack.md
index 8bc2678d8f..5c2386f469 100644
--- a/guides/source/rails_on_rack.md
+++ b/guides/source/rails_on_rack.md
@@ -277,7 +277,7 @@ Much of Action Controller's functionality is implemented as Middlewares. The fol
 
 **`ActionDispatch::Callbacks`**
 
-* Runs the prepare callbacks before serving the request.
+* Provides callbacks to be executed before and after dispatching the request.
 
 **`ActiveRecord::Migration::CheckPending`**
 
diff --git a/guides/source/security.md b/guides/source/security.md
index 125dd82666..b1c5b22338 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -362,7 +362,7 @@ Refer to the Injection section for countermeasures against XSS. It is _recommend
 
 **CSRF** Cross-Site Request Forgery (CSRF), also known as Cross-Site Reference Forgery (XSRF), is a gigantic attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.
 
-A real-world example is a [router reconfiguration by CSRF](http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352). The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had their credentials stolen.
+A real-world example is a [router reconfiguration by CSRF](http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html). The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had their credentials stolen.
 
 Another example changed Google Adsense's e-mail address and password by. If the victim was logged into Google Adsense, the administration interface for Google advertisements campaigns, an attacker could change their credentials.