| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
|
|
|
|
|
|
| |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
Conflicts:
actionpack/lib/action_dispatch/http/request.rb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
Conflicts:
actionpack/lib/action_view/helpers/translation_helper.rb
Backport: 50afd8eec9d088ad5a2d41f00a05520d5b78a6a0
|
|
|
|
|
|
| |
Fixes CVE-2013-6415
Previously the values were trusted blindly allowing for potential XSS attacks.
|
|
|
|
| |
CVE-2013-6414
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
updating changelogs
bumping to 3.2.15
bumping to rc3
Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
bumping to rc2
Merge pull request #12443 from arthurnn/add_inverse_of_add_target
bumping version to 3.2.15.rc1
Remove the use of String#% when formatting durations in log messages
Conflicts:
activerecord/CHANGELOG.md
|
| | |
|
| | |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-15:
bumping to rc3
Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"
Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"
bumping to rc2
Merge pull request #12443 from arthurnn/add_inverse_of_add_target
bumping version to 3.2.15.rc1
Fix STI scopes using benolee's suggestion. Fixes #11939
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit ccd11d58910059f07b28cc518dbdad42cbc8ea0c, reversing
changes made to 54c05acdba138f3a7a3d44dfc922b0fe4e4cf554.
Reason: This caused a regression when the associated record is created
in a before_create callback. See
https://github.com/rails/rails/pull/12413#issuecomment-25848163
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 7ed5bdc834479c39e3b0ad5a38bcffe27983c10d, reversing
changes made to 31c79e291f42b1d862df06c552fe002864aae705.
Reason: this caused a regression when the associated record is creted in
a before_create callback.
See https://github.com/rails/rails/pull/12413#issuecomment-25848163
|
| | | |
|
| | |
| | |
| | |
| | | |
Add inverse of add target
|
| | | |
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | | |
* 3-2-stable:
make sure both headers are set before checking for ip spoofing
Move set_inverse_instance to association.build_record
|
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids potential format string vulnerabilities where user-provided
data is interpolated into the log message before String#% is called.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit ccd11d58910059f07b28cc518dbdad42cbc8ea0c, reversing
changes made to 54c05acdba138f3a7a3d44dfc922b0fe4e4cf554.
Reason: This caused a regression when the associated record is created
in a before_create callback. See
https://github.com/rails/rails/pull/12413#issuecomment-25848163
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 7ed5bdc834479c39e3b0ad5a38bcffe27983c10d, reversing
changes made to 31c79e291f42b1d862df06c552fe002864aae705.
Reason: this caused a regression when the associated record is creted in
a before_create callback.
See https://github.com/rails/rails/pull/12413#issuecomment-25848163
|
|\ \ \ \
| |_|_|/
|/| | | |
Add inverse of add target
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | | |
We must have it in there too, so when an existent record is being concat to another,
we will have the inverse relation.
|
|\ \ \
| |_|/
|/| | |
Fix STI scopes using benolee's suggestion. Fixes #11939
|
| | | |
|
|\ \ \
| | | |
| | | | |
Fix ip spoof errors
|
|/ / / |
|
|\ \ \
| |_|/
|/| | |
Inverse of on build
|
|/ /
| |
| |
| | |
[fixes #10371]
|
|\ \
| | |
| | | |
Inverse after find or initialize
|
| | |
| | |
| | |
| | |
| | | |
inverse_of relation was not being set when calling find_or_initialize_by_ and the entry was
found on the db.
|
|/ / |
|
|\ \
| | |
| | | |
Fix query counters when testing with IdentityMap on 3.2
|
|/ / |
|
| |
| |
| |
| |
| |
| |
| | |
Make sure inverse_of is visible on the has_many callbacks
Conflicts:
activerecord/CHANGELOG.md
activerecord/test/models/company.rb
|
| |
| |
| |
| |
| |
| |
| | |
Fix FileStore#cleanup to no longer rely on missing each_key method
Conflicts:
activesupport/CHANGELOG.md
activesupport/test/caching_test.rb
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes table.joins(:relation).last(N) breaking on sqlite
Conflicts:
activerecord/CHANGELOG.md
activerecord/test/cases/finder_test.rb
|
|\ \
| | |
| | | |
PR #5219 backported to 3-2
|
| |/
| |
| |
| | |
constraints have access
|
|\ \
| |/
|/| |
on SchemaCache use the connection getter instead of the obj given
|
|/ |
|
|
|
|
|
|
| |
Comply with current umask when generating new app
Conflicts:
railties/lib/rails/generators/rails/app/app_generator.rb
|
|\
| |
| | |
Render with context format
|
|/ |
|
| |
|
|\
| |
| | |
Fix test incompatible with 1.8.7
|
|/ |
|
|
|
|
|
|
| |
Conflicts:
railties/guides/rails_guides.rb
railties/lib/rails/tasks/documentation.rake
|