aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Merge pull request #23228 from claudiob/no-emClaudio B2016-01-253-7/+6
|\ \ \ \ \ | | | | | | | | | | | | [ci skip] Don’t explicitly mention EventMachine
| * | | | | [ci skip] Don’t explicitly mention EventMachineclaudiob2016-01-253-7/+6
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #23152 eliminated the EventMachine dependency, we don’t need to explicitly mention EventMachine. Nevertheless, I'm not 100% sure about saying "the websocket-driver loop" driver… any suggestions, @matthewd or @pixeltrix ? :sweat_smile: [ci skip]
* | | | | Merge pull request #23251 from kamipo/update_gemfile_lockSean Griffin2016-01-251-32/+32
|\ \ \ \ \ | |_|/ / / |/| | | | Update `Gemfile.lock`
| * | | | Update `Gemfile.lock`Ryuta Kamizono2016-01-261-32/+32
|/ / / /
* | | | Merge branch '5-0-beta-sec'Aaron Patterson2016-01-2532-41/+168
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * | | | bumping versionAaron Patterson2016-01-2511-11/+11
| | | | |
| * | | | fix version update task to deal with .beta1.1Aaron Patterson2016-01-251-1/+1
| | | | |
| * | | | Eliminate instance level writers for class accessorsAaron Patterson2016-01-226-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
| * | | | allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-229-16/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rails view directory CVE-2016-0752
| * | | | Don't short-circuit reject_if procAndrew White2016-01-222-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
| * | | | stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
| * | | | use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-222-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
* | | | | Merge pull request #23226 from vipulnsward/20808-fixJon Moss2016-01-254-1/+5
|\ \ \ \ \ | | | | | | | | | | | | Fix nodoc to internal class error document some of them
| * | | | | Fix nodoc to internal class error document some of themVipul A M2016-01-254-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip] Fixes #20808 [Vipul A M & Julio Lopez]
* | | | | | Merge pull request #23161 from schneems/schneems/fix-mysql-internalmetadataRichard Schneeman2016-01-252-9/+36
|\ \ \ \ \ \ | | | | | | | | | | | | | | [close #23009] Limit key length
| * | | | | | [close #23009] Limit key lengthschneems2016-01-212-9/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mysql has a weird bug where it cannot index a string column of utf8mb4 if it is over a certain character limit. To get compatibility with msql we can add a limit to the key column. 191 characters is a very long key, it seems reasonable to limit across all adapters since using a longer key wouldn't be supported in mysql. Thanks to @kamipo for the original PR and the test refactoring. Conversation: https://github.com/rails/rails/pull/23009#issuecomment-171416629
* | | | | | | Merge pull request #23208 from vipulnsward/testing-pass-2Jon Moss2016-01-251-14/+14
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Pass 2 over testing guide
| * | | | | | | Pass 2 over testing guideVipul A M2016-01-231-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Grammar fixes - Wordsmitting - Fixed wrong statement about association usage in fixtures - Changed association name from 'one' to 'first' instead - More consistent usage of we/our - Mentions assert_select is below, not already covered in Integration test. [ci skip]
* | | | | | | | Merge pull request #23229 from vipulnsward/23221-also-verify-countKasper Timm Hansen2016-01-251-0/+1
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | When verifying size of relation, also verify count is ok.
| * | | | | | | | When verifying size of relation, also verify count is ok.Vipul A M2016-01-251-0/+1
| | |_|/ / / / / | |/| | | | | |
* | | | | | | | Merge pull request #23210 from sachin21/change_permissionYves Senn2016-01-251-0/+0
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Change permission to readonly [ci skip]
| * | | | | | | Change permission to readonlySatoshi Ohmori2016-01-231-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changed from 755 to 644. I executed `chmod -x guides/assets/javascripts/responsive-tables.js`. [ci skip]
* | | | | | | | Merge pull request #23221 from vipulnsward/23209-fix-missin_source_typeRafael França2016-01-246-0/+26
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Add missing source_type if provided on hmt which belongs to an sti re…
| * | | | | | | | Add missing source_type if provided on hmt which belongs to an sti recordVipul A M2016-01-246-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #23209
* | | | | | | | | Merge pull request #23051 from prathamesh-sonpatki/fix-collection-cache-keyRafael França2016-01-242-0/+7
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix AR::Relation#cache_key to remove select scope added by user
| * | | | | | | | | Fix AR::Relation#cache_key to remove select scope added by userPrathamesh Sonpatki2016-01-242-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - We don't need the select scope added by user as we only want to max timestamp and size of the collection. So we already know which columns to select. - Additionally having user defined columns in select scope blows the cache_key method with PostGreSQL because it needs all `selected` columns in the group_by clause or aggregate function. - Fixes #23038.
* | | | | | | | | | Revert "Merge pull request #23218 from karlfreeman/bump_mail"Rafael Mendonça França2016-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 62aa850fee2070ec3e2d9e4f925dfd7790d27b5e, reversing changes made to 8c1f248c58ba65a786ae295def325c8982e7f431. There is no reason to disallow mail 2.5 so we don't need to bump the version constraint since people are still able to use mail 2.6 and get all the memory saving that was pointed in the pull request description.
* | | | | | | | | | Merge pull request #23185 from droptheplot/actioncable-custom-channelsKasper Timm Hansen2016-01-241-3/+5
|\ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / |/| | | | | | | | | ActionCable: Allow adding custom paths for channels
| * | | | | | | | | Rename channels_path var and fix channel_paths method for ActionCable configSergey Novikov2016-01-231-5/+5
| | | | | | | | | |
| * | | | | | | | | Allow adding custom paths for action_cable channelsSergey Novikov2016-01-221-2/+4
| | | | | | | | | |
* | | | | | | | | | Merge pull request #23218 from karlfreeman/bump_mailSantiago Pastorino2016-01-241-1/+1
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | Bump mail gem constraint from [~> 2.5, >= 2.5.4] to ~> 2.6
| * | | | | | | | | | Bump mail gem constraint from [~> 2.5, >= 2.5.4] to ~> 2.6Karl Freeman2016-01-241-1/+1
| | |/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mails downstream dependency (Mime-types) has been shown to decrease memory usage significantly in its 3.0 release. This memory decrease will be a big win for users upgrading to Rails 5. Lets nudge users to upgrade Mail alongside Rails.
* | | | | | | | | | Merge pull request #23081 from ↵Kasper Timm Hansen2016-01-242-2/+13
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prathamesh-sonpatki/fix-cache-key-for-queries-with-offset Fix ActiveRecord::Relation#cache_key for relations with no results
| * | | | | | | | | | Fix ActiveRecord::Relation#cache_key for relations with no resultsPrathamesh Sonpatki2016-01-222-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When relations return no result or 0 result then cache_key should handle it gracefully instead of blowing up trying to access `result[:size]` and `result[:timestamp]`. - Fixes #23063.
* | | | | | | | | | | Merge pull request #23212 from vipulnsward/bin-railsKasper Timm Hansen2016-01-249-95/+96
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Be consistent in testing outputs from railties test and use /bin/rails
| * | | | | | | | | | | Be consistent in testing outputs from railties test and use /bin/rails ↵Vipul A M2016-01-249-95/+96
| | |/ / / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | everywhere(the default behaviour now) instead of mix of /bin/rake /bin/rails everywhere [Ryo Hashimoto & Vipul A M]
* | | | | | | | | | | Merge pull request #23152 from matthewd/actioncable-concurrentDavid Heinemeier Hansson2016-01-2427-106/+385
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Eliminate the EventMachine dependency
| * | | | | | | | | | | Ditch the EM error logging helperMatthew Draper2016-01-243-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're no longer doing our work in the EM event loop, so errors are quite unlikely, and if they do occur, they're not really our responsibility to handle.
| * | | | | | | | | | | Import the relevant portions of faye-websocketMatthew Draper2016-01-2414-44/+332
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (as adapted to use concurrent-ruby / nio4r instead of eventmachine)
| * | | | | | | | | | | Using a hacked faye-websocket, drop EventMachineMatthew Draper2016-01-2417-69/+70
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #23213 from Ferdy89/docs_format_contraints_with_globJon Moss2016-01-241-0/+2
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | Update the exception of format constraint in routes
| * | | | | | | | | | | | Update the exception of format constraint in routesFernando Seror2016-01-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Per https://github.com/rails/rails/issues/20264 [ci skip]
* | | | | | | | | | | | | Put test-case dependent helper Class inside the test caseAkira Matsuda2016-01-243-39/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes :warning: previous definition of download was here
* | | | | | | | | | | | | :warning: mismatched indentations at 'end' with 'unless'Akira Matsuda2016-01-242-4/+4
| | | | | | | | | | | | |
* | | | | | | | | | | | | Test files has to be named *_test.rbAkira Matsuda2016-01-242-0/+0
| | | | | | | | | | | | |
* | | | | | | | | | | | | Merge pull request #23179 from ↵Matthew Draper2016-01-2511-44/+64
|\ \ \ \ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prathamesh-sonpatki/pare-back-default-index-option-to-references Pare back default `index` option for the migration generator
| * | | | | | | | | | | | Pare back default `index` option for the migration generatorPrathamesh Sonpatki2016-01-2411-44/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Using `references` or `belongs_to` in migrations will always add index for the referenced column by default, without adding `index:true` option to generated migration file. - Users can opt out of this by passing `index: false`. - Legacy migrations won't be affected by this change. They will continue to run as they were before. - Fixes #18146
* | | | | | | | | | | | | Merge pull request #23217 from matthewd/adapter-testsMatthew Draper2016-01-2417-37/+389
|\ \ \ \ \ \ \ \ \ \ \ \ \ | |/ / / / / / / / / / / / |/| | | | | | | | | | | | ActionCable Adapter tests
| * | | | | | | | | | | | Add tests for the ActionCable adaptersMatthew Draper2016-01-249-0/+236
| | | | | | | | | | | | |
| * | | | | | | | | | | | Allow subscription adapters to be shut downMatthew Draper2016-01-244-14/+40
| | | | | | | | | | | | |