aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* remove ruby-profAaron Patterson2013-02-101-6/+0
|
* Fix issue with attr_protected where malformed input could circumventjoernchen of Phenoelit2013-02-092-2/+2
| | | | | | protection Fixes: CVE-2013-0276
* fixing call to columns hash. run the damn tests when you backport!Aaron Patterson2013-02-091-1/+1
|
* Bump rack dependency to 1.4.5Santiago Pastorino2013-02-091-1/+1
| | | | | Conflicts: actionpack/actionpack.gemspec
* Merge pull request #9224 from dylanahsmith/bigdecimal-takes-stringGuillermo Iguaran2013-02-091-1/+1
| | | | [3.2] Fix test failure for ruby 1.8.
* Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numericGuillermo Iguaran2013-02-098-15/+62
| | | | | | [3.2] active_record: Quote numeric values compared to string columns. Conflicts: activerecord/CHANGELOG.md
* bumping versionAaron Patterson2013-01-089-9/+9
|
* CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-084-13/+69
|
* * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-088-10/+67
| | | | dealing with empty hashes. Thanks Damien Mathieu
* Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* bumping version to 3.2.10Aaron Patterson2012-12-239-9/+9
|
* CVE-2012-5664 options hashes should only be extracted if there are extra ↵Aaron Patterson2012-12-232-1/+18
| | | | parameters
* updating changelogAaron Patterson2012-12-231-1/+2
|
* updating the changelogsAaron Patterson2012-12-235-0/+10
|
* updating the changelog for the CVEAaron Patterson2012-12-231-0/+4
|
* Add release date of Rails 3.2.9 to documentationclaudiob2012-12-237-7/+7
| | | | | | | Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
* Bump to 3.2.9Santiago Pastorino2012-11-129-9/+9
|
* Revert "Add test case to assets eager load"Santiago Pastorino2012-11-091-3/+0
| | | | This reverts commit 552a3e145373cabe25a78d8d7cba2ceaabd9ecc5.
* Bump up to 3.2.9.rc3Santiago Pastorino2012-11-099-9/+9
|
* Merge pull request #8161 from guilleiguaran/downgrade-sprocketsRafael Mendonça França2012-11-091-1/+1
| | | | | | | | | | Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.
* Revert "Respect children paths filter settings"Santiago Pastorino2012-11-092-13/+6
| | | | | This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe. Closes #8146
* Clear url helpers when reloading routesSantiago Pastorino2012-11-022-0/+5
|
* Add test to avoid regression of 4a86362Rafael Mendonça França2012-11-021-0/+10
|
* Revert "Merge pull request #7668 from Draiken/fix_issue_6497"Rafael Mendonça França2012-11-023-18/+7
| | | | | | | | | This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135. Conflicts: actionpack/CHANGELOG.md REASON: This added a backward incompatible change.
* Bump to 3.2.9.rc2Santiago Pastorino2012-11-019-9/+9
|
* Ensure calling first/last with options correctly set inverse associationCarlos Antonio da Silva2012-11-012-1/+11
| | | | Also related to #8087. Thanks @al2o3cr.
* Fix issue with collection associations and first(n)/last(n)Carlos Antonio da Silva2012-11-013-3/+20
| | | | | | | | | | | | | | | | | When calling first(n) or last(n) in a collection, Active Record was improperly trying to set the inverse of instance in case that option existed. This change was introduced by fdf4eae506fa9895e831f569bed3c4aa6a999a22. In such cases we don't need to do that "manually", since the way collection will be loaded will already handle that, so we just skip setting the inverse association when any argument is given to first(n)/last(n). The test included ensures that these scenarios will have the inverse of instance set properly. Fixes #8087, Closes #8094.
* relaxes assertionXavier Noria2012-10-311-1/+1
| | | | | | | | | This method returns the status of the operation, but as we generally do in the code base it does not commit to any particular exact value. Hence, we do not have to check for a singleton, because if the implementation changes and returns some other true value the test should pass.
* Merge pull request #8083 from saks/fix_update_column_return_valueJosé Valim2012-10-312-1/+7
|\ | | | | Fix ActiveRecord#update_column return value
| * Fix ActiveRecord#update_column return valuesaksmlz2012-10-312-1/+7
|/
* Revert "Merge pull request #7659 from HugoLnx/template_error_no_matches_rebased"Rafael Mendonça França2012-10-314-37/+14
| | | | | | | | | | | | | This reverts commit 7d17cd2cbfc086f5aa9dd636e1207eb130150428. Conflicts: actionpack/CHANGELOG.md Reason: This added a regression since people were relying on this buggy behavior. This will introduce back #3849 but we will be backward compatible in stable release. Fixes #8068.
* Revert "Merge pull request #7797 from ↵Rafael Mendonça França2012-10-303-23/+31
| | | | | | | | | | | | | | | | | senny/7459_prefix_tempalte_assertion_variables" This reverts commit 2bad605873b5b720d77ae6388a995827ab7fe705. Conflicts: actionpack/CHANGELOG.md Reason: This added a regression related with shoulda-matchers, since it is expecting the instance variable @layouts See https://github.com/thoughtbot/shoulda-matchers/blob/9e1188eea68c47d9a56ce6280e45027da6187ab1/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb#L74 This will introduce back #7459 but this stable release will be backward compatible. Related with #8068.
* Add CHANGELOG entry to #8032 fixRafael Mendonça França2012-10-291-0/+5
| | | | | | e6b41845efe2252fe7de6882e355c31f93c65cc3 fixes that issue too. [ci skip]
* Fix typo :bomb: [ci skip]Rafael Mendonça França2012-10-291-1/+1
|
* Fix bug when Column is trying to type cast boolean values to integer.Rafael Mendonça França2012-10-293-6/+22
| | | | | | | | This can occur if the user is using :integer columns to store boolean values. Now we are handling the boolean values but it still raises if the value can't type cast to integer and is not a boolean. See #7509. Fixes #8067.
* Merge pull request #8009 from graceliu/3-2-fix_database_url_supportRafael Mendonça França2012-10-296-37/+287
|\ | | | | | | fixed support for DATABASE_URL for rake db tasks
| * fixed support for DATABASE_URL for rake db tasksGrace Liu2012-10-296-37/+287
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport for #7521 - added tests to confirm establish_connection uses DATABASE_URL and Rails.env correctly even when no arguments are passed in. - updated rake db tasks to support DATABASE_URL, and added tests to confirm correct behavior for these rake tasks. (Removed establish_connection call from some tasks since in those cases the :environment task already made sure the function would be called) - updated Resolver so that when it resolves the database url, it removes hash values with empty strings from the config spec (e.g. to support connection to postgresql when no username is specified). - updated ResolverTest to use current_adapter? to check the type of the current adapter.
* | Bump to 3.2.9.rc1Santiago Pastorino2012-10-299-17/+17
|/
* Add 3.2.9 section in ARes CHANGELOGSantiago Pastorino2012-10-291-0/+4
| | | | [ci skip]
* Revert "Deprecate Paths::Path#children which is unused now"Rafael Mendonça França2012-10-291-1/+0
| | | | | | | This reverts commit f7de647f2cd099ecf6434fa4a0db1ec297f1c32d. We can't deprecate things in stable branches. I didn't not realized that the pull request was for 3-2-stable
* Merge pull request #7587 from elia/fix-too-eager-loadingRafael Mendonça França2012-10-293-6/+17
|\ | | | | Should not eager_load app/assets
| * Deprecate Paths::Path#children which is unused nowElia Schito2012-10-291-0/+1
| |
| * Respect children paths filter settingsElia Schito2012-10-282-6/+13
| | | | | | | | E.g. don't eager-load app/assets even if app/* has the eager_load flag set.
| * Add test case to assets eager loadRafael Mendonça França2012-10-271-0/+3
| |
* | Merge pull request #8057 from frodsan/fix_sqlite_mutate_argRafael Mendonça França2012-10-292-1/+9
| | | | | | | | | | | | SQLite3Adapter#type_cast should not mutate arguments Conflicts: activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb
* | Merge pull request #8053 from henrik/update_columns_with_primary_keyCarlos Antonio da Silva2012-10-293-1/+17
| | | | | | | | | | | | | | | | Unbreak update_column/update_columns for the primary key attribute. Conflicts: activerecord/CHANGELOG.md activerecord/lib/active_record/persistence.rb activerecord/test/cases/persistence_test.rb
* | Make Active Record tests pass in isolationRafael Mendonça França2012-10-292-3/+2
| | | | | | | | Also remove the feature detecting for Ruby 1.9
* | Fix the skip code.Rafael Mendonça França2012-10-281-4/+4
| | | | | | | | Checking for the constant doesn't work
* | Merge pull request #7593 from veader/patch-1Rafael Mendonça França2012-10-283-0/+14
| | | | | | | | | | | | | | Decode attributes pulled from URI.parse Conflicts: activerecord/CHANGELOG.md activerecord/lib/active_record/connection_adapters/connection_specification.rb
* | Merge pull request #8048 from senny/7761_dont_render_view_without_mail_callRafael Mendonça França2012-10-285-1/+34
| | | | | | | | | | | | Do not render views when mail() isn't called. (NullMail refactoring) Conflicts: actionmailer/CHANGELOG.md