Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make rails.js include the CSRF token in the X-CSRF-Token header with every ↵ | Michael Koziarski | 2011-02-08 | 1 | -0/+16 |
| | | | | ajax request. | ||||
* | Change the CSRF whitelisting to only apply to get requests | Michael Koziarski | 2011-02-08 | 3 | -147/+86 |
| | | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447 | ||||
* | limit() should sanitize limit values | Aaron Patterson | 2011-02-08 | 3 | -16/+50 |
| | | | | This fixes CVE-2011-0448 | ||||
* | Use Mime::Type references. | José Valim | 2011-02-08 | 7 | -6/+26 |
| | |||||
* | Ensure render is case sensitive even on systems with case-insensitive ↵ | José Valim | 2011-02-08 | 2 | -3/+22 |
| | | | | | | filesystems. This fixes CVE-2011-0449 | ||||
* | Be sure to javascript_escape the email address to prevent apostrophes ↵ | Michael Koziarski | 2011-02-08 | 2 | -9/+11 |
| | | | | | | inadvertently causing javascript errors. This fixes CVE-2011-0446 | ||||
* | ignore max identifier length queries from pg | Aaron Patterson | 2011-02-08 | 1 | -1/+1 |
| | |||||
* | fields_for with inline blocks and nested attributes already persisted does ↵ | Santiago Pastorino | 2011-02-08 | 1 | -10/+7 |
| | | | | | | not render properly [#6381 state:committed] | ||||
* | Add tests showing the LH issue #6381: fields_for with inline blocks and ↵ | Carlos Antonio da Silva | 2011-02-08 | 1 | -1/+85 |
| | | | | | | nested attributes already persisted Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | this test requires the job model, so we should require it | Aaron Patterson | 2011-02-08 | 1 | -0/+1 |
| | |||||
* | use === so that regular expressions are not required | Aaron Patterson | 2011-02-08 | 1 | -5/+4 |
| | |||||
* | use === so that regular expressions are not required | Aaron Patterson | 2011-02-08 | 2 | -6/+12 |
| | |||||
* | make set_table_name take effect immediately | Jan | 2011-02-08 | 4 | -0/+22 |
| | |||||
* | no more faker, rbench, or addressable | Aaron Patterson | 2011-02-07 | 2 | -114/+88 |
| | |||||
* | cleaning up some warnings on 1.9.3 | Aaron Patterson | 2011-02-07 | 8 | -27/+25 |
| | |||||
* | just return the record from insert_record, use truthiness for comparisons | Aaron Patterson | 2011-02-07 | 2 | -3/+5 |
| | |||||
* | require tag since we need it for this test | Aaron Patterson | 2011-02-07 | 1 | -0/+1 |
| | |||||
* | Documentation for recent refinements to association deletion | Jon Leighton | 2011-02-07 | 1 | -3/+75 |
| | |||||
* | Refactor the implementations of AssociatioCollection#delete and #destroy to ↵ | Jon Leighton | 2011-02-07 | 5 | -19/+15 |
| | | | | be more consistent with each other, and to stop passing blocks around, thus making the execution easier to follow. | ||||
* | This string should continue | Jon Leighton | 2011-02-07 | 1 | -1/+1 |
| | |||||
* | Correctly update counter caches on deletion for has_many :through [#2824 ↵ | Jon Leighton | 2011-02-07 | 7 | -30/+130 |
| | | | | state:resolved]. Also fixed a bunch of other counter cache bugs in the process, as once I fixed this one others started appearing like nobody's business. | ||||
* | Support the :dependent option on has_many :through associations. For ↵ | Jon Leighton | 2011-02-07 | 8 | -19/+182 |
| | | | | historical and practical reasons, :delete_all is the default deletion strategy employed by association.delete(*records), despite the fact that the default strategy is :nullify for regular has_many. Also, this only works at all if the source reflection is a belongs_to. For other situations, you should directly modify the through association. | ||||
* | Make record.association.destroy(*records) on habtm and hm:t only delete ↵ | Jon Leighton | 2011-02-07 | 8 | -107/+248 |
| | | | | records in the join table. This is to make the destroy method more consistent across the different types of associations. For more details see the CHANGELOG entry. | ||||
* | we do not use this method, so delete | Aaron Patterson | 2011-02-07 | 1 | -12/+0 |
| | |||||
* | update ignored SQL for oracle | Aaron Patterson | 2011-02-07 | 1 | -1/+1 |
| | |||||
* | removing some freedom patches. use notification system to count sql queries | Aaron Patterson | 2011-02-07 | 1 | -17/+18 |
| | |||||
* | mysql2 should log these sql statements | Aaron Patterson | 2011-02-07 | 1 | -1/+1 |
| | |||||
* | notifier should be saved and re-set, not deleted | Aaron Patterson | 2011-02-07 | 1 | -1/+2 |
| | |||||
* | Use map + flatten here | Santiago Pastorino | 2011-02-07 | 1 | -3/+3 |
| | |||||
* | the connection pool caches table_exists? calls | Aaron Patterson | 2011-02-07 | 2 | -8/+16 |
| | |||||
* | Fixed broken, memoized attributes method example | Nathaniel Bibler | 2011-02-07 | 1 | -2/+2 |
| | | | | | | [#6245 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Updated form rails guide for new place of authenticity_token option | Timothy N. Tsvetkov | 2011-02-07 | 1 | -3/+3 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | do not to_s where you are testing that a string value is stored for the ↵ | Akira Matsuda | 2011-02-07 | 1 | -1/+1 |
| | | | | | | before_type_cast Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | avoid nil.dup | Akira Matsuda | 2011-02-07 | 2 | -1/+9 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Add initial FileWatcher implementation. The Backend is just an abstract ↵ | wycats | 2011-02-06 | 3 | -0/+107 |
| | | | | implementation, which will be inherited by backends that do the heavy lifting. | ||||
* | put authenticity_token option in parity w/ remote | Dan Pickett | 2011-02-06 | 2 | -6/+7 |
| | | | | | | [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | fix db:fixtures:load with FIXTURES specified [#6061 state:resolved] | John Hawthorn | 2011-02-06 | 2 | -2/+19 |
| | | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Allow page_cache_directory to be set as a Pathname | Andre Arko | 2011-02-06 | 2 | -1/+12 |
| | | | | | | For example, page_cache_directory = Rails.root.join("public/cache") Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Find all validators for multiple attributes | Carl Lerche | 2011-02-05 | 2 | -2/+22 |
| | |||||
* | Optionally pass in the attribute being validated to an instance method validator | Carl Lerche | 2011-02-05 | 3 | -1/+20 |
| | |||||
* | Be able to pass a validator method to #validates | Carl Lerche | 2011-02-05 | 3 | -0/+22 |
| | |||||
* | Provide a way to specify alternate option keys for validates | Carl Lerche | 2011-02-05 | 3 | -1/+22 |
| | |||||
* | Do not require that validation attributes be specified as symbols | Carl Lerche | 2011-02-05 | 2 | -2/+12 |
| | |||||
* | Added tests for form_for and an authenticity_token option. Added docs for ↵ | Timothy N. Tsvetkov | 2011-02-05 | 3 | -0/+72 |
| | | | | | | | | for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Update jQuery UJS | Santiago Pastorino | 2011-02-05 | 1 | -149/+143 |
| | |||||
* | Merge branch 'master' of git://github.com/lifo/docrails | Xavier Noria | 2011-02-05 | 5 | -29/+57 |
|\ | |||||
| * | improve routing docs, mostly for #match | Gabriel Horner | 2011-02-05 | 1 | -12/+34 |
| | | |||||
| * | Updates to ActiveRecord::Timestamp documentation. | Brian Morearty | 2011-02-05 | 1 | -6/+8 |
| | | | | | | | | | | | | | | | | | | | | Change ActiveRecord::Base.xyz to config.active_record.xyz in docs. Remove <tt> from code samples. Update skip_time_zone_conversion_for_attributes code sample: put the call in the model class. Clarify that skip_time_zone_conversion_for_attributes skips converion when reading. | ||||
| * | Change Time.zone= docs. | Brian Morearty | 2011-02-04 | 1 | -4/+8 |
| | | | | | | | | | | Update the example to show how to reset the current thread's Time.zone upon exiting a request. | ||||
| * | keep options titles consistent to "Options" | Gabriel Horner | 2011-02-03 | 3 | -7/+7 |
| | |