| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Raises when #reverse_order can not process SQL order instead of making
invalid SQL before this patch
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
| |
We found that inserting all 600 schema_migrations for our mid-sized app takes about a minute on a cloud based CI environment.
I assume that the original code did not use multi-row-insert because SQLite3 was not supporting the syntax back then,
but it's been supported since 3.7.11: http://www.sqlite.org/releaselog/3_7_11.html
|
| |
|
| |
|
|\
| |
| | |
Fix undefined error for `ActionController::Parameters`
|
| |
| |
| |
| |
| | |
These tests were failing due to backwards incompatible changes, as apart
of the v1.0.3 release of rails-html-sanitizer.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The cache for `render file:` seems to also be used in the case of
`render(string)`. If one is supposed to be a hit and the other is
supposed to be a miss, and they both reference the same file, then the
cache could return incorrect values. This commit clears the cache
between runs so that we get non-cached behavior.
|
|\ \
| | |
| | | |
documentation fix
|
| | | |
|
|\ \ \
| | | |
| | | | |
[ci skip] Don’t explicitly mention EventMachine
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since #23152 eliminated the EventMachine dependency, we don’t need to
explicitly mention EventMachine.
Nevertheless, I'm not 100% sure about saying "the websocket-driver loop"
driver… any suggestions, @matthewd or @pixeltrix ? :sweat_smile:
[ci skip]
|
|\ \ \
| |_|/
|/| | |
Update `Gemfile.lock`
|
|/ / |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instance level writers can have an impact on how the Active Model /
Record objects are saved. Specifically, they can be used to bypass
validations. This is a problem if mass assignment protection is
disabled and specific attributes are passed to the constructor.
CVE-2016-0753
|
| | |
| | |
| | |
| | |
| | |
| | | |
rails view directory
CVE-2016-0752
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When updating an associated record via nested attribute hashes the
reject_if proc could be bypassed if the _destroy flag was set in the
attribute hash and allow_destroy was set to false.
The fix is to only short-circuit if the _destroy flag is set and the
option allow_destroy is set to true. It also fixes an issue where
a new record wasn't created if _destroy was set and the option
allow_destroy was set to false.
CVE-2015-7577
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Unknown mime types should not be cached globally. This global cache
leads to a memory leak and a denial of service vulnerability.
CVE-2016-0751
|
| | |
| | |
| | |
| | |
| | |
| | | |
this will avoid timing attacks against applications that use basic auth.
CVE-2015-7576
|
|\ \ \
| | | |
| | | | |
Fix nodoc to internal class error document some of them
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[ci skip]
Fixes #20808
[Vipul A M & Julio Lopez]
|
|\ \ \ \
| | | | |
| | | | | |
[close #23009] Limit key length
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Mysql has a weird bug where it cannot index a string column of utf8mb4 if it is over a certain character limit. To get compatibility with msql we can add a limit to the key column. 191 characters is a very long key, it seems reasonable to limit across all adapters since using a longer key wouldn't be supported in mysql.
Thanks to @kamipo for the original PR and the test refactoring.
Conversation: https://github.com/rails/rails/pull/23009#issuecomment-171416629
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Pass 2 over testing guide
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- Grammar fixes
- Wordsmitting
- Fixed wrong statement about association usage in fixtures
- Changed association name from 'one' to 'first' instead
- More consistent usage of we/our
- Mentions assert_select is below, not already covered in Integration test.
[ci skip]
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
When verifying size of relation, also verify count is ok.
|
| | |_|/ / /
| |/| | | | |
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
Change permission to readonly [ci skip]
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
changed from 755 to 644.
I executed `chmod -x guides/assets/javascripts/responsive-tables.js`.
[ci skip]
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Add missing source_type if provided on hmt which belongs to an sti re…
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes #23209
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Fix AR::Relation#cache_key to remove select scope added by user
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
- We don't need the select scope added by user as we only want to max
timestamp and size of the collection. So we already know which columns
to select.
- Additionally having user defined columns in select scope blows the cache_key
method with PostGreSQL because it needs all `selected` columns in the group_by
clause or aggregate function.
- Fixes #23038.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This reverts commit 62aa850fee2070ec3e2d9e4f925dfd7790d27b5e, reversing
changes made to 8c1f248c58ba65a786ae295def325c8982e7f431.
There is no reason to disallow mail 2.5 so we don't need to bump the
version constraint since people are still able to use mail 2.6 and get
all the memory saving that was pointed in the pull request description.
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
ActionCable: Allow adding custom paths for channels
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Bump mail gem constraint from [~> 2.5, >= 2.5.4] to ~> 2.6
|
| | |/ / / / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Mails downstream dependency (Mime-types) has been shown to decrease
memory usage significantly in its 3.0 release. This memory decrease
will be a big win for users upgrading to Rails 5.
Lets nudge users to upgrade Mail alongside Rails.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
prathamesh-sonpatki/fix-cache-key-for-queries-with-offset
Fix ActiveRecord::Relation#cache_key for relations with no results
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
- When relations return no result or 0 result then cache_key should
handle it gracefully instead of blowing up trying to access
`result[:size]` and `result[:timestamp]`.
- Fixes #23063.
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Be consistent in testing outputs from railties test and use /bin/rails
|
| | |/ / / / / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
everywhere(the default behaviour now) instead of mix of /bin/rake /bin/rails everywhere
[Ryo Hashimoto & Vipul A M]
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Eliminate the EventMachine dependency
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
We're no longer doing our work in the EM event loop, so errors are quite
unlikely, and if they do occur, they're not really our responsibility to
handle.
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
(as adapted to use concurrent-ruby / nio4r instead of eventmachine)
|