aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Make rails.js include the CSRF token in the X-CSRF-Token header with every ↵Michael Koziarski2011-02-081-0/+16
| | | | ajax request.
* Change the CSRF whitelisting to only apply to get requestsMichael Koziarski2011-02-083-147/+86
| | | | | | | | Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
* limit() should sanitize limit valuesAaron Patterson2011-02-083-16/+50
| | | | This fixes CVE-2011-0448
* Use Mime::Type references.José Valim2011-02-087-6/+26
|
* Ensure render is case sensitive even on systems with case-insensitive ↵José Valim2011-02-082-3/+22
| | | | | | filesystems. This fixes CVE-2011-0449
* Be sure to javascript_escape the email address to prevent apostrophes ↵Michael Koziarski2011-02-082-9/+11
| | | | | | inadvertently causing javascript errors. This fixes CVE-2011-0446
* ignore max identifier length queries from pgAaron Patterson2011-02-081-1/+1
|
* fields_for with inline blocks and nested attributes already persisted does ↵Santiago Pastorino2011-02-081-10/+7
| | | | | | not render properly [#6381 state:committed]
* Add tests showing the LH issue #6381: fields_for with inline blocks and ↵Carlos Antonio da Silva2011-02-081-1/+85
| | | | | | nested attributes already persisted Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* this test requires the job model, so we should require itAaron Patterson2011-02-081-0/+1
|
* use === so that regular expressions are not requiredAaron Patterson2011-02-081-5/+4
|
* use === so that regular expressions are not requiredAaron Patterson2011-02-082-6/+12
|
* make set_table_name take effect immediatelyJan2011-02-084-0/+22
|
* no more faker, rbench, or addressableAaron Patterson2011-02-072-114/+88
|
* cleaning up some warnings on 1.9.3Aaron Patterson2011-02-078-27/+25
|
* just return the record from insert_record, use truthiness for comparisonsAaron Patterson2011-02-072-3/+5
|
* require tag since we need it for this testAaron Patterson2011-02-071-0/+1
|
* Documentation for recent refinements to association deletionJon Leighton2011-02-071-3/+75
|
* Refactor the implementations of AssociatioCollection#delete and #destroy to ↵Jon Leighton2011-02-075-19/+15
| | | | be more consistent with each other, and to stop passing blocks around, thus making the execution easier to follow.
* This string should continueJon Leighton2011-02-071-1/+1
|
* Correctly update counter caches on deletion for has_many :through [#2824 ↵Jon Leighton2011-02-077-30/+130
| | | | state:resolved]. Also fixed a bunch of other counter cache bugs in the process, as once I fixed this one others started appearing like nobody's business.
* Support the :dependent option on has_many :through associations. For ↵Jon Leighton2011-02-078-19/+182
| | | | historical and practical reasons, :delete_all is the default deletion strategy employed by association.delete(*records), despite the fact that the default strategy is :nullify for regular has_many. Also, this only works at all if the source reflection is a belongs_to. For other situations, you should directly modify the through association.
* Make record.association.destroy(*records) on habtm and hm:t only delete ↵Jon Leighton2011-02-078-107/+248
| | | | records in the join table. This is to make the destroy method more consistent across the different types of associations. For more details see the CHANGELOG entry.
* we do not use this method, so deleteAaron Patterson2011-02-071-12/+0
|
* update ignored SQL for oracleAaron Patterson2011-02-071-1/+1
|
* removing some freedom patches. use notification system to count sql queriesAaron Patterson2011-02-071-17/+18
|
* mysql2 should log these sql statementsAaron Patterson2011-02-071-1/+1
|
* notifier should be saved and re-set, not deletedAaron Patterson2011-02-071-1/+2
|
* Use map + flatten hereSantiago Pastorino2011-02-071-3/+3
|
* the connection pool caches table_exists? callsAaron Patterson2011-02-072-8/+16
|
* Fixed broken, memoized attributes method exampleNathaniel Bibler2011-02-071-2/+2
| | | | | | [#6245 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Updated form rails guide for new place of authenticity_token optionTimothy N. Tsvetkov2011-02-071-3/+3
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* do not to_s where you are testing that a string value is stored for the ↵Akira Matsuda2011-02-071-1/+1
| | | | | | before_type_cast Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* avoid nil.dupAkira Matsuda2011-02-072-1/+9
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Add initial FileWatcher implementation. The Backend is just an abstract ↵wycats2011-02-063-0/+107
| | | | implementation, which will be inherited by backends that do the heavy lifting.
* put authenticity_token option in parity w/ remoteDan Pickett2011-02-062-6/+7
| | | | | | [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* fix db:fixtures:load with FIXTURES specified [#6061 state:resolved]John Hawthorn2011-02-062-2/+19
| | | | Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Allow page_cache_directory to be set as a PathnameAndre Arko2011-02-062-1/+12
| | | | | | For example, page_cache_directory = Rails.root.join("public/cache") Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Find all validators for multiple attributesCarl Lerche2011-02-052-2/+22
|
* Optionally pass in the attribute being validated to an instance method validatorCarl Lerche2011-02-053-1/+20
|
* Be able to pass a validator method to #validatesCarl Lerche2011-02-053-0/+22
|
* Provide a way to specify alternate option keys for validatesCarl Lerche2011-02-053-1/+22
|
* Do not require that validation attributes be specified as symbolsCarl Lerche2011-02-052-2/+12
|
* Added tests for form_for and an authenticity_token option. Added docs for ↵Timothy N. Tsvetkov2011-02-053-0/+72
| | | | | | | | for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. [#6228 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Update jQuery UJSSantiago Pastorino2011-02-051-149/+143
|
* Merge branch 'master' of git://github.com/lifo/docrailsXavier Noria2011-02-055-29/+57
|\
| * improve routing docs, mostly for #matchGabriel Horner2011-02-051-12/+34
| |
| * Updates to ActiveRecord::Timestamp documentation.Brian Morearty2011-02-051-6/+8
| | | | | | | | | | | | | | | | | | | | Change ActiveRecord::Base.xyz to config.active_record.xyz in docs. Remove <tt> from code samples. Update skip_time_zone_conversion_for_attributes code sample: put the call in the model class. Clarify that skip_time_zone_conversion_for_attributes skips converion when reading.
| * Change Time.zone= docs.Brian Morearty2011-02-041-4/+8
| | | | | | | | | | Update the example to show how to reset the current thread's Time.zone upon exiting a request.
| * keep options titles consistent to "Options"Gabriel Horner2011-02-033-7/+7
| |