aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Escape the unit value provided to number_to_currencyMichael Koziarski2013-12-022-4/+5
| | | | | | Fixes CVE-2013-6415 Previously the values were trusted blindly allowing for potential XSS attacks.
* Only use valid mime type symbols as cache keysAaron Patterson2013-11-301-0/+7
| | | | CVE-2013-6414
* Merge branch '3-2-sec' into 3-2-stableAaron Patterson2013-10-1619-21/+40
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: updating changelogs bumping to 3.2.15 bumping to rc3 Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build" Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target" bumping to rc2 Merge pull request #12443 from arthurnn/add_inverse_of_add_target bumping version to 3.2.15.rc1 Remove the use of String#% when formatting durations in log messages Conflicts: activerecord/CHANGELOG.md
| * updating changelogsAaron Patterson2013-10-167-3/+19
| |
| * bumping to 3.2.15Aaron Patterson2013-10-159-9/+9
| |
| * Merge branch '3-2-15' into 3-2-secAaron Patterson2013-10-1516-28/+30
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-15: bumping to rc3 Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build" Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target" bumping to rc2 Merge pull request #12443 from arthurnn/add_inverse_of_add_target bumping version to 3.2.15.rc1 Fix STI scopes using benolee's suggestion. Fixes #11939
| | * bumping to rc3Aaron Patterson2013-10-119-9/+9
| | |
| | * Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"Rafael Mendonça França2013-10-104-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit ccd11d58910059f07b28cc518dbdad42cbc8ea0c, reversing changes made to 54c05acdba138f3a7a3d44dfc922b0fe4e4cf554. Reason: This caused a regression when the associated record is created in a before_create callback. See https://github.com/rails/rails/pull/12413#issuecomment-25848163
| | * Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"Rafael Mendonça França2013-10-102-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 7ed5bdc834479c39e3b0ad5a38bcffe27983c10d, reversing changes made to 31c79e291f42b1d862df06c552fe002864aae705. Reason: this caused a regression when the associated record is creted in a before_create callback. See https://github.com/rails/rails/pull/12413#issuecomment-25848163
| | * bumping to rc2Aaron Patterson2013-10-049-9/+9
| | |
| | * Merge pull request #12443 from arthurnn/add_inverse_of_add_targetRafael Mendonça França2013-10-042-0/+14
| | | | | | | | | | | | Add inverse of add target
| | * bumping version to 3.2.15.rc1Aaron Patterson2013-10-039-17/+17
| | |
| * | Merge branch '3-2-stable' into 3-2-secAaron Patterson2013-10-037-3/+29
| |\ \ | | | | | | | | | | | | | | | | | | | | * 3-2-stable: make sure both headers are set before checking for ip spoofing Move set_inverse_instance to association.build_record
| * | | Remove the use of String#% when formatting durations in log messagesMichael Koziarski2013-09-303-9/+12
| | | | | | | | | | | | | | | | | | | | This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.
* | | | Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build"Rafael Mendonça França2013-10-104-10/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit ccd11d58910059f07b28cc518dbdad42cbc8ea0c, reversing changes made to 54c05acdba138f3a7a3d44dfc922b0fe4e4cf554. Reason: This caused a regression when the associated record is created in a before_create callback. See https://github.com/rails/rails/pull/12413#issuecomment-25848163
* | | | Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target"Rafael Mendonça França2013-10-102-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 7ed5bdc834479c39e3b0ad5a38bcffe27983c10d, reversing changes made to 31c79e291f42b1d862df06c552fe002864aae705. Reason: this caused a regression when the associated record is creted in a before_create callback. See https://github.com/rails/rails/pull/12413#issuecomment-25848163
* | | | Merge pull request #12443 from arthurnn/add_inverse_of_add_targetRafael Mendonça França2013-10-042-0/+14
|\ \ \ \ | |_|_|/ |/| | | Add inverse of add target
| * | | add regression test for set_inverse_instance on add_to_targetArthur Neves2013-10-041-0/+13
| | | |
| * | | Add back set_inverse_instance on .add_to_targetArthur Neves2013-10-041-0/+1
|/ / / | | | | | | | | | | | | We must have it in there too, so when an existent record is being concat to another, we will have the inverse relation.
* | | Merge pull request #12084 from Ben-M/3-2-stableAaron Patterson2013-10-033-1/+11
|\ \ \ | |_|/ |/| | Fix STI scopes using benolee's suggestion. Fixes #11939
| * | Fix STI scopes using benolee's suggestion. Fixes #11939Ben Maraney2013-08-303-1/+11
| | |
* | | Merge pull request #12410 from tamird/fix-ip-spoof-errorsAndrew White2013-10-013-1/+19
|\ \ \ | | | | | | | | Fix ip spoof errors
| * | | make sure both headers are set before checking for ip spoofingTamir Duberstein2013-10-013-1/+19
|/ / /
* | | Merge pull request #12413 from arthurnn/inverse_of_on_buildRafael Mendonça França2013-09-304-2/+10
|\ \ \ | |_|/ |/| | Inverse of on build
| * | Move set_inverse_instance to association.build_recordArthur Neves2013-09-304-2/+10
|/ / | | | | | | [fixes #10371]
* | Merge pull request #12375 from arthurnn/inverse_after_find_or_initializeRafael Mendonça França2013-09-283-4/+22
|\ \ | | | | | | Inverse after find or initialize
| * | fix inverse_of when find_or_initialize_by_*Arthur Neves2013-09-263-4/+22
| | | | | | | | | | | | | | | inverse_of relation was not being set when calling find_or_initialize_by_ and the entry was found on the db.
* | | Use Ruby 1.8 hash syntaxRafael Mendonça França2013-09-281-2/+2
|/ /
* | Merge pull request #12364 from arthurnn/test_fix_validateRafael Mendonça França2013-09-252-2/+5
|\ \ | | | | | | Fix query counters when testing with IdentityMap on 3.2
| * | on tests: dont always touch firm on validateArthur Neves2013-09-252-2/+5
|/ /
* | Merge pull request #12359 from arthurnn/inverse_on_callbacksRafael Mendonça França2013-09-254-1/+18
| | | | | | | | | | | | | | Make sure inverse_of is visible on the has_many callbacks Conflicts: activerecord/CHANGELOG.md activerecord/test/models/company.rb
* | Merge pull request #12196 from h-lame/fix-activesupport-cache-filestore-cleanupRafael Mendonça França2013-09-123-1/+18
| | | | | | | | | | | | | | Fix FileStore#cleanup to no longer rely on missing each_key method Conflicts: activesupport/CHANGELOG.md activesupport/test/caching_test.rb
* | Fix FinderMethods#last unscoped primary keyEugene Kalenkovich2013-09-124-3/+21
| | | | | | | | | | | | | | | | Fixes table.joins(:relation).last(N) breaking on sqlite Conflicts: activerecord/CHANGELOG.md activerecord/test/cases/finder_test.rb
* | Merge pull request #9368 from CrowdFlower/3-2-stableSteve Klabnik2013-09-104-4/+25
|\ \ | | | | | | PR #5219 backported to 3-2
| * | pass the extra params to the rack test environment so that routes with block ↵Brian Hahn2013-09-064-4/+25
| |/ | | | | | | constraints have access
* | Merge pull request #12176 from arthurnn/ar32_schema_cacheSantiago Pastorino2013-09-101-2/+2
|\ \ | |/ |/| on SchemaCache use the connection getter instead of the obj given
| * on SchemaCache use the connection getter instead of the obj givenArthur Neves2013-09-091-2/+2
|/
* Merge pull request #12048 from tjouan/app_generator-bin_perms-umaskAaron Patterson2013-08-271-1/+1
| | | | | | Comply with current umask when generating new app Conflicts: railties/lib/rails/generators/rails/app/app_generator.rb
* Merge pull request #12006 from kassio/11605-render-with-context-formatRafael Mendonça França2013-08-2512-31/+16
|\ | | | | Render with context format
| * fix issue #11605Kassio Borges2013-08-2412-31/+16
|/
* Fix 1.8.7 incompatible respond_to_missingEugene Kalenkovich2013-08-181-2/+8
|
* Merge pull request #11930 from UncleGene/ties_testGuillermo Iguaran2013-08-181-4/+4
|\ | | | | Fix test incompatible with 1.8.7
| * Fix test incompatible with 1.8.7Eugene Kalenkovich2013-08-181-4/+4
|/
* Make `rake doc:guides` works again. Fix #10384.Teng Siong Ong2013-08-052-3/+3
| | | | | | Conflicts: railties/guides/rails_guides.rb railties/lib/rails/tasks/documentation.rake
* Merge pull request #11765 from kassio/load-fixtures-from-linked-folderRafael Mendonça França2013-08-054-3/+8
|\ | | | | Load fixtures from linked folder
| * Load fixtures from linked foldersKassio Borges2013-08-054-3/+8
|/
* Move changelog entry to the top [ci skip]Rafael Mendonça França2013-07-301-5/+8
|
* Fix broken testRafael Mendonça França2013-07-241-1/+1
| | | | quote_value is called on the object not the class
* Tidy up the "Specified column type for quote_value" changesBen Woosley2013-07-242-3/+3
| | | | | | | | | | This includes fixing typos in changelog, removing a deprecated mocha/setup test require, and preferring the `column_for_attribute` accessor over direct access to the columns_hash in the new code. Conflicts: activerecord/CHANGELOG.md activerecord/lib/active_record/locking/optimistic.rb
* Specified column type for quote_valueAlfred Wong2013-07-243-1/+24
| | | | | | | | | | | | | | | | | | | | | | | | | When calling quote_value the underlying connection sometimes requires more information about the column to properly return the correct quoted value. I ran into this issue when using optimistic locking in JRuby and the activerecord-jdbcmssql-adapter. In SQLSever 2000, we aren't allowed to insert a integer into a NVARCHAR column type so we need to format it as N'3' if we want to insert into the NVARCHAR type. Unfortuantely, without the column type being passed the connection adapter cannot properly return the correct quote value because it doesn't know to return N'3' or '3'. This patch is fairly straight forward where it just passes in the column type into the quote_value, as it already has the ability to take in the column, so it can properly handle at the connection level. I've added the tests required to make sure that the quote_value method is being passed the column type so that the underlying connection can determine how to quote the value. Conflicts: activerecord/CHANGELOG.md activerecord/lib/active_record/locking/optimistic.rb
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-14 16:28:04 +0000