aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Introduce ActiveRecord::IrreversibleOrderErrorBogdan Gusiev2016-01-274-2/+69
| | | | | Raises when #reverse_order can not process SQL order instead of making invalid SQL before this patch
* doc typoAkira Matsuda2016-01-271-2/+2
| | | | [ci skip]
* INSERT INTO schema_migrations in 1 SQLAkira Matsuda & Naoto Koshikawa2016-01-272-10/+13
| | | | | | | We found that inserting all 600 schema_migrations for our mid-sized app takes about a minute on a cloud based CI environment. I assume that the original code did not use multi-row-insert because SQLite3 was not supporting the syntax back then, but it's been supported since 3.7.11: http://www.sqlite.org/releaselog/3_7_11.html
* add a skip for failing testAaron Patterson2016-01-261-1/+2
|
* fix permitted? conditional for `render` callsAaron Patterson2016-01-262-3/+17
|
* Merge pull request #23242 from maclover7/fix-error-secAaron Patterson2016-01-262-9/+6
|\ | | | | Fix undefined error for `ActionController::Parameters`
| * Fix sanitizer testsJon Moss2016-01-261-3/+3
| | | | | | | | | | These tests were failing due to backwards incompatible changes, as apart of the v1.0.3 release of rails-html-sanitizer.
| * Fix undefined error for `ActionController::Parameters`Jon Moss2016-01-261-6/+3
| |
* | clear view path cache between testsAaron Patterson2016-01-261-0/+5
| | | | | | | | | | | | | | | | The cache for `render file:` seems to also be used in the case of `render(string)`. If one is supposed to be a hit and the other is supposed to be a miss, and they both reference the same file, then the cache could return incorrect values. This commit clears the cache between runs so that we get non-cached behavior.
* | Merge pull request #23256 from pauloancheta/masterRafael França2016-01-261-1/+1
|\ \ | | | | | | documentation fix
| * | reflect mapping to match initializePaulo Ancheta2016-01-251-1/+1
| | |
* | | Merge pull request #23228 from claudiob/no-emClaudio B2016-01-253-7/+6
|\ \ \ | | | | | | | | [ci skip] Don’t explicitly mention EventMachine
| * | | [ci skip] Don’t explicitly mention EventMachineclaudiob2016-01-253-7/+6
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #23152 eliminated the EventMachine dependency, we don’t need to explicitly mention EventMachine. Nevertheless, I'm not 100% sure about saying "the websocket-driver loop" driver… any suggestions, @matthewd or @pixeltrix ? :sweat_smile: [ci skip]
* | | Merge pull request #23251 from kamipo/update_gemfile_lockSean Griffin2016-01-251-32/+32
|\ \ \ | |_|/ |/| | Update `Gemfile.lock`
| * | Update `Gemfile.lock`Ryuta Kamizono2016-01-261-32/+32
|/ /
* | Merge branch '5-0-beta-sec'Aaron Patterson2016-01-2532-41/+168
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * | bumping versionAaron Patterson2016-01-2511-11/+11
| | |
| * | fix version update task to deal with .beta1.1Aaron Patterson2016-01-251-1/+1
| | |
| * | Eliminate instance level writers for class accessorsAaron Patterson2016-01-226-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
| * | allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-229-16/+93
| | | | | | | | | | | | | | | | | | rails view directory CVE-2016-0752
| * | Don't short-circuit reject_if procAndrew White2016-01-222-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
| * | stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
| * | use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-222-1/+13
| | | | | | | | | | | | | | | | | | this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
* | | Merge pull request #23226 from vipulnsward/20808-fixJon Moss2016-01-254-1/+5
|\ \ \ | | | | | | | | Fix nodoc to internal class error document some of them
| * | | Fix nodoc to internal class error document some of themVipul A M2016-01-254-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip] Fixes #20808 [Vipul A M & Julio Lopez]
* | | | Merge pull request #23161 from schneems/schneems/fix-mysql-internalmetadataRichard Schneeman2016-01-252-9/+36
|\ \ \ \ | | | | | | | | | | [close #23009] Limit key length
| * | | | [close #23009] Limit key lengthschneems2016-01-212-9/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mysql has a weird bug where it cannot index a string column of utf8mb4 if it is over a certain character limit. To get compatibility with msql we can add a limit to the key column. 191 characters is a very long key, it seems reasonable to limit across all adapters since using a longer key wouldn't be supported in mysql. Thanks to @kamipo for the original PR and the test refactoring. Conversation: https://github.com/rails/rails/pull/23009#issuecomment-171416629
* | | | | Merge pull request #23208 from vipulnsward/testing-pass-2Jon Moss2016-01-251-14/+14
|\ \ \ \ \ | | | | | | | | | | | | Pass 2 over testing guide
| * | | | | Pass 2 over testing guideVipul A M2016-01-231-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Grammar fixes - Wordsmitting - Fixed wrong statement about association usage in fixtures - Changed association name from 'one' to 'first' instead - More consistent usage of we/our - Mentions assert_select is below, not already covered in Integration test. [ci skip]
* | | | | | Merge pull request #23229 from vipulnsward/23221-also-verify-countKasper Timm Hansen2016-01-251-0/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | When verifying size of relation, also verify count is ok.
| * | | | | | When verifying size of relation, also verify count is ok.Vipul A M2016-01-251-0/+1
| | |_|/ / / | |/| | | |
* | | | | | Merge pull request #23210 from sachin21/change_permissionYves Senn2016-01-251-0/+0
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Change permission to readonly [ci skip]
| * | | | | Change permission to readonlySatoshi Ohmori2016-01-231-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changed from 755 to 644. I executed `chmod -x guides/assets/javascripts/responsive-tables.js`. [ci skip]
* | | | | | Merge pull request #23221 from vipulnsward/23209-fix-missin_source_typeRafael França2016-01-246-0/+26
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add missing source_type if provided on hmt which belongs to an sti re…
| * | | | | | Add missing source_type if provided on hmt which belongs to an sti recordVipul A M2016-01-246-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #23209
* | | | | | | Merge pull request #23051 from prathamesh-sonpatki/fix-collection-cache-keyRafael França2016-01-242-0/+7
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix AR::Relation#cache_key to remove select scope added by user
| * | | | | | | Fix AR::Relation#cache_key to remove select scope added by userPrathamesh Sonpatki2016-01-242-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - We don't need the select scope added by user as we only want to max timestamp and size of the collection. So we already know which columns to select. - Additionally having user defined columns in select scope blows the cache_key method with PostGreSQL because it needs all `selected` columns in the group_by clause or aggregate function. - Fixes #23038.
* | | | | | | | Revert "Merge pull request #23218 from karlfreeman/bump_mail"Rafael Mendonça França2016-01-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 62aa850fee2070ec3e2d9e4f925dfd7790d27b5e, reversing changes made to 8c1f248c58ba65a786ae295def325c8982e7f431. There is no reason to disallow mail 2.5 so we don't need to bump the version constraint since people are still able to use mail 2.6 and get all the memory saving that was pointed in the pull request description.
* | | | | | | | Merge pull request #23185 from droptheplot/actioncable-custom-channelsKasper Timm Hansen2016-01-241-3/+5
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | ActionCable: Allow adding custom paths for channels
| * | | | | | | Rename channels_path var and fix channel_paths method for ActionCable configSergey Novikov2016-01-231-5/+5
| | | | | | | |
| * | | | | | | Allow adding custom paths for action_cable channelsSergey Novikov2016-01-221-2/+4
| | | | | | | |
* | | | | | | | Merge pull request #23218 from karlfreeman/bump_mailSantiago Pastorino2016-01-241-1/+1
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Bump mail gem constraint from [~> 2.5, >= 2.5.4] to ~> 2.6
| * | | | | | | | Bump mail gem constraint from [~> 2.5, >= 2.5.4] to ~> 2.6Karl Freeman2016-01-241-1/+1
| | |/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mails downstream dependency (Mime-types) has been shown to decrease memory usage significantly in its 3.0 release. This memory decrease will be a big win for users upgrading to Rails 5. Lets nudge users to upgrade Mail alongside Rails.
* | | | | | | | Merge pull request #23081 from ↵Kasper Timm Hansen2016-01-242-2/+13
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prathamesh-sonpatki/fix-cache-key-for-queries-with-offset Fix ActiveRecord::Relation#cache_key for relations with no results
| * | | | | | | | Fix ActiveRecord::Relation#cache_key for relations with no resultsPrathamesh Sonpatki2016-01-222-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - When relations return no result or 0 result then cache_key should handle it gracefully instead of blowing up trying to access `result[:size]` and `result[:timestamp]`. - Fixes #23063.
* | | | | | | | | Merge pull request #23212 from vipulnsward/bin-railsKasper Timm Hansen2016-01-249-95/+96
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Be consistent in testing outputs from railties test and use /bin/rails
| * | | | | | | | | Be consistent in testing outputs from railties test and use /bin/rails ↵Vipul A M2016-01-249-95/+96
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | everywhere(the default behaviour now) instead of mix of /bin/rake /bin/rails everywhere [Ryo Hashimoto & Vipul A M]
* | | | | | | | | Merge pull request #23152 from matthewd/actioncable-concurrentDavid Heinemeier Hansson2016-01-2427-106/+385
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Eliminate the EventMachine dependency
| * | | | | | | | | Ditch the EM error logging helperMatthew Draper2016-01-243-11/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We're no longer doing our work in the EM event loop, so errors are quite unlikely, and if they do occur, they're not really our responsibility to handle.
| * | | | | | | | | Import the relevant portions of faye-websocketMatthew Draper2016-01-2414-44/+332
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (as adapted to use concurrent-ruby / nio4r instead of eventmachine)