| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |/ /
| |
| |
| |
| |
| |
| | |
This reverts commit ee439895759b38431ad025f3c234831f30dadcdb.
It would appear that #7661 had unintended consequences to the API. Until
we can sort those out, this should not be in 3.2.x, and wait for 4.0.0.
|
| |\ \
| | |
| | | |
3-2-stable: Fix JSON params parsing regression for non-object JSON content.
|
| |/ /
| |
| |
| | |
Backports #8855.
|
| | |
| |
| |
| | |
Duplicated entry added in 002dfba66490d289bac897d1ba886310a672e779.
|
| |\ \
| | |
| | | |
Fix javascript_include_tag when no js runtime is available
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In a production environment where the assets have been precompiled, we
don't want an assets compile step to happen on the application server at
all. To ensure this, a js runtime may not be available on the app
servers. In this environment, pages using javascript_include_tag for
assets with non-standard or chained extensions were throwing 500 errors.
For instance, `javascript_include_tag('jquery.min')` would blow up.
Sprockets was attempting to build the assets being included during the
rewrite_extension step (responsible for appending a '.js' extension to
assets being included by the basename rather than a fully qualified
name). This was happening as a step to resolve #6310, which required
checking for the presence of an asset with a non-standard extension
before appending the extension.
We can check for the presence of an asset without invoking the asset
build step by using Sprockets' resolve method, which will search for the
base file without building it (and is the method that find_asset uses
internally to get the path to the asset before attempting to build it).
When rewriting the extension on an asset, these are the steps:
- If the source does not have an extension, assume that the default
extension is desired and append it.
- If there is an extension and it doesn't match the default extension,
check to see if a file with the precise name specified exists amongst
the assets; if it is present, do not append the default extension.
(This is the step that resolves #6310).
|
| |\ \ \
| | | |
| | | | |
Ensure assets aren't duplicated when using sprockets require.
|
| |/ / /
| | |
| | |
| | |
| | | |
- addresses the problem by calling flatten on asset array before calling uniq.
- adds note to CHANGELOG.
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | | |
Ignore binds payload with nil column in AR log subscriber
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some tests were raising the following error:
Could not log "sql.active_record" event. NoMethodError: undefined method
`type' for nil:NilClass`
Due to the way binds were being logged, the column info was considered
always present, but that is not true for some of the tests listed in the
issue.
Closes #8806.
Conflicts:
activerecord/lib/active_record/log_subscriber.rb
activerecord/test/cases/log_subscriber_test.rb
Conflict resolution:
- Revert ruby 1.9 style hash to support ruby 1.8
- Do not include 8f59ffce into 3-2-stable
|
| |\ \ \ \
| |/ / /
|/| | | |
Remove test for XML YAML parsing
|
| |/ / /
| | |
| | |
| | |
| | | |
The support for YAML parsing in XML has been removed from Active Support
since it introduced an security risk. See 43109ec for more detail.
|
| |\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
dealing with empty hashes. Thanks Damien Mathieu
|
| | | |
| | |
| | |
| | | |
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It includes security bug fixes and changes the initialization of
Rack::File to accept a hash, otherwise generating warnings.
See 295806e for the warnings fix.
Conflicts:
actionpack/actionpack.gemspec
|
| | | |
| | |
| | |
| | | |
Eliminate Rack::File headers deprecation warning
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(cherry picked from commit e2e513621d732abb8efff9120bd9a444836720d6)
(cherry picked from commit dcdde7da481e11660634278a8004175a1ce20f39)
Backport of #6183, original issue was #6179
Conflicts:
activesupport/lib/active_support/core_ext/time/calculations.rb
activesupport/test/core_ext/time_ext_test
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
| | | |
| | |
| | |
| | | |
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an improvement for issue #8673:
"Comparing a BigDecimal to true/false on write_attribute is slow"
It seems to be an issue with Ruby itself, related to the "coerce" method
being called in TrueClass/FalseClass due to the == condition, triggering
method_missing, then raising a NameError that's later catched.
This issue was also opened in Ruby tracker:
https://bugs.ruby-lang.org/issues/7645.
This refactoring avoid the coerce call by using a case statement, which
gives us better readability as well. A simple benchmark:
----------
require 'benchmark/ips'
require 'bigdecimal'
Benchmark.ips do |x|
x.report("== true") { BigDecimal('3') == true }
x.report("TrueClass") { TrueClass === BigDecimal('3') }
x.report("== 0") { BigDecimal('3') == 0 }
x.report("Numeric") { Numeric === BigDecimal('3') }
end
Calculating -------------------------------------
== true 6427 i/100ms
TrueClass 47297 i/100ms
== 0 35923 i/100ms
Numeric 55530 i/100ms
-------------------------------------------------
== true 75878.5 (±21.6%) i/s - 359912 in 5.004392s
TrueClass 1249547.0 (±13.1%) i/s - 6148610 in 5.035964s
== 0 666856.3 (±13.3%) i/s - 3268993 in 5.013789s
Numeric 1269300.9 (±11.3%) i/s - 6274890 in 5.028458s
----------
Master has a very different implementation, and there are apparently no
similar conversions at this point, it's mainly delegated to the column
type cast, but I'll check if something needs to be changed there as well.
Closes #8673.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #8804 [ci skip]
Conflicts:
activerecord/lib/active_record/scoping/named.rb
|
| | | |
| | |
| | |
| | | |
prepared_statements as value
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also covers any non-castable case by returning nil, which
is in-line with the intention of the former implementation,
but covers the odd cases which respond to to_i but raise
an error when it's called, such as NaN, Infinity and -Infinity.
Fixes #8757
Backport of #8781
Conflicts:
activerecord/CHANGELOG.md
activerecord/test/cases/column_test.rb
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
actionpack/lib/action_view/helpers/form_helper.rb
actionpack/test/template/form_helper_test.rb
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2)
[ci skip]
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
| |\ \ \
| |_|/
|/| |
| | |
| | | |
Backport 4f0f1b5 into 3-2-stable.
When running the test with warnings enabled, it fails without this change.
|
| |/ /
| |
| |
| |
| | |
Conflicts:
actionpack/test/controller/render_test.rb
|
| | |
| |
| |
| |
| | |
Conflicts:
.travis.yml
|
| |\ \
| | |
| | | |
Fix undefined method `to_i' introduced since 3.2.8
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit fixes a bug introduced in 96a13fc7 which breaks behaviour of
integer fields in 3.2.8.
In 3.2.8, setting the value of an integer field to a non-integer (eg.
Array, Hash, etc.) would default to 1 (true) :
# 3.2.8
p = Post.new
p.category_id = [ 1, 2 ]
p.category_id # => 1
p.category_id = { 3 => 4 }
p.category_id # => 1
In 3.2.9 and above, this will raise a NoMethodError :
# 3.2.9
p = Post.new
p.category_id = [ 1, 2 ]
NoMethodError: undefined method `to_i' for [1, 2]:Array
Whilst at first blush this appear to be sensible, it combines in bad
ways with scoping.
For example, it is common to use scopes to control access to data :
@collection = Posts.where(:category_id => [ 1, 2 ])
@new_post = @collection.new
In 3.2.8, this would work as expected, creating a new Post object
(albeit with @new_post.category_id = 1). However, in 3.2.9 this will
cause the NoMethodError to be raised as above.
It is difficult to avoid triggering this error without descoping before
calling .new, breaking any apps running on 3.2.8 that rely on this
behaviour.
This patch deviates from 3.2.8 in that it does not retain the somewhat
spurious behaviour of setting the attribute to 1. Instead, it explicitly
sets these invalid values to nil :
p = Post.new
p.category_id = [ 1, 2 ]
p.category_id # => nil
This also fixes the situation where a scope using an array will
"pollute" any newly instantiated records.
@new_post = @collection.new
@new_post.category_id # => nil
Finally, 3.2.8 exhibited a behaviour where setting an object to an
integer field caused it to be coerced to "1". This has not been
retained, as it is spurious and surprising in the same way that setting
Arrays and Heshes was :
c = Category.find(6)
p = Post.new
# 3.2.8
p.category_id = c
p.category_id # => 1
# This patch
p.category_id = c
p.category_id # => nil
This commit includes explicit test cases that expose the original issue
with calling new on a scope that uses an Array. As this is a common
situation, an explicit test case is the best way to prevent regressions
in the future.
It also updates and separates existing tests to be explicit about the
situation that is being tested (eg. AR objects vs. other objects vs.
non-integers)
|
| |\ \
| | |
| | |
| | |
| | | |
update directory tree in the generated README in Rails 3.2
[ci skip]
|
| |/ /
| |
| |
| | |
[ci skip]
|
| |\ \
| | |
| | | |
Merged latest released tag (v3.2.10) into the stable branch (3-2-stable)
|
| | |\|
| | |
| | |
| | | |
Latest released tag was not fully merged into the stable branch (missed version bumping)
|
| | | | |
|
| |/ /
| |
| |
| | |
Fix typo on form_tag_helper.rb [ci skip]
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | | |
Backport #8701, do not append a second slash with `trailing_slash: true`
Closes #8700
|
| |/ / |
|
| | |
| |
| |
| | |
Fix format and wrong changelog entry
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-stable:
fix block.arity raise nil error when not given a block to "content_tag_for"
removes the Ajax on Rails early draft
Revert "Merge pull request #8665 from senny/8661_should_not_append_charset_if_already_present"
backport #8662, charset should not be appended for `head` responses
Revert "Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options."
Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options.
backport #8616, quote column names in generated fixture files
|
| | |\ \
| | | |
| | | | |
fix block.arity will raise nil error
|
