aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* fix version update task to deal with .beta1.1Aaron Patterson2016-01-251-1/+1
|
* Eliminate instance level writers for class accessorsAaron Patterson2016-01-226-8/+9
| | | | | | | | | Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
* allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-229-16/+93
| | | | | | rails view directory CVE-2016-0752
* Don't short-circuit reject_if procAndrew White2016-01-222-2/+25
| | | | | | | | | | | | | When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
* stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
* use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-222-1/+13
| | | | | | this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
* Add CHANGELOG headers for Rails 5.0.0.beta1eileencodes2015-12-1810-0/+50
|
* Merge pull request #22462 from lxsameer/i18n_html_wrapRafael França2015-12-185-0/+32
|\ | | | | wrapping i18n missing keys made optional
| * debug_missing_translation configuration added to action_viewSameer Rahmani2015-12-185-0/+32
| | | | | | | | | | | | | | | | | | `I18n.translate` helper will wrap the missing translation keys in a <span> tag only if `debug_missing_translation` configuration has a truthy value. Default value is `true`. For example in `application.rb`: # in order to turn off missing key wrapping config.action_view.debug_missing_translation = false
* | Change `alpha` to `beta1` to prep for release of Rails 5eileencodes2015-12-1812-43/+43
| | | | | | | | :tada: :beers:
* | Add task to test the release preparationRafael Mendonça França2015-12-182-2/+5
| |
* | Merge pull request #22668 from ryohashimoto/151219_receiveKasper Timm Hansen2015-12-181-1/+1
|\ \ | | | | | | Fix `receive` spelling
| * | Fix `receive` spellingRyo Hashimoto2015-12-191-1/+1
| | |
* | | Merge pull request #22658 from greysteil/handle-specified-schema-in-index-removeMatthew Draper2015-12-192-3/+30
|\ \ \ | | | | | | | | Handle specified schemas when removing a Postgres index
| * | | Handle specified schemas when removing a Postgres indexGrey Baker2015-12-182-3/+30
| | |/ | |/|
* | | Merge pull request #22667 from akshay-vishnoi/base_test_caseRafael França2015-12-181-0/+22
|\ \ \ | |_|/ |/| | [ActionCable] Test invalid action on channel
| * | [ActionCable] Test invalid action on channelAkshay Vishnoi2015-12-181-0/+22
| | |
* | | Fix `receive` spelling and add whitespaceKasper Timm Hansen2015-12-181-3/+3
|/ / | | | | | | | | Found `recieve` next to the correctly spelled method name, fixed it. Also we prefer a one space padding within hashes, add that.
* | Merge pull request #22666 from akshay-vishnoi/base_test_caseRafael França2015-12-181-1/+11
|\ \ | | | | | | [ActionCable] test perform action with default action
| * | [ActionCable] test perform action with default actionAkshay Vishnoi2015-12-181-1/+11
| | |
* | | Fix test that fails in isolationeileencodes2015-12-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test needs to have a require for the Listen gem or else it returns an error when run by itself or with a certain order in the Active Support tests. We use `silence_warnings` because Listen has some warnings about private methods. It's already silenced when it's required in Active Support EventedFileUpdateChecker. ``` 1) Error: EventedFileUpdateCheckerTest#test_should_not_execute_the_block_if_no_paths_are_given: NameError: uninitialized constant EventedFileUpdateCheckerTest::Listen test/evented_file_update_checker_test.rb:21:in `teardown' ```
* | | Delete duplicate testeileencodes2015-12-181-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test was was in here twice so we were seeing this error: ``` activesupport/test/caching_test.rb:658: warning: method redefined; discarding old test_local_cache_of_read_nil activesupport/test/caching_test.rb:634: warning: previous definition of test_local_cache_of_read_nil was here ```
* | | Don't need to use `Array.wrap`Rafael Mendonça França2015-12-182-2/+2
|/ /
* | Merge pull request #22650 from derekprior/dp-actionpack-warningsRafael França2015-12-181-0/+5
|\ \ | | | | | | Fix "instance variable not initialized" in tests
| * | Fix "instance variable not initialized" in testsDerek Prior2015-12-171-0/+5
| | | | | | | | | | | | | | | | | | | | | The ActionPack test suite had a handful of these warnings when run. This was due to `assert_response` being tested outside the context of a controller instance where those instance variables would already have been initialized.
* | | Merge pull request #20797 from byroot/prevent-url-for-ac-parametersRafael França2015-12-186-14/+14
|\ \ \ | | | | | | | | Prevent ActionController::Parameters in url_for
| * | | Prevent ActionController::Parameters from being passed to url_for directlyJean Boussier2015-12-156-14/+14
| | | |
* | | | Merge pull request #22660 from y-yagi/add_line_break_between_methodsRafael França2015-12-181-1/+1
|\ \ \ \ | | | | | | | | | | add line break between method of generated channel js
| * | | | add line break between method of generated channel jsyuuji.yaginuma2015-12-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ``` # before App.appearance = App.cable.subscriptions.create "AppearanceChannel", connected: -> # Called when the subscription is ready for use on the server disconnected: -> # Called when the subscription has been terminated by the server received: (data) -> # Called when there's incoming data on the websocket for this channel appear: -> @perform 'appear' away: -> @perform 'away' ``` ``` # after App.appearance = App.cable.subscriptions.create "AppearanceChannel", connected: -> # Called when the subscription is ready for use on the server disconnected: -> # Called when the subscription has been terminated by the server received: (data) -> # Called when there's incoming data on the websocket for this channel appear: -> @perform 'appear' away: -> @perform 'away' ```
* | | | | Merge pull request #22665 from akshay-vishnoi/base_test_caseRafael França2015-12-181-0/+4
|\ \ \ \ \ | | | | | | | | | | | | [ActionCable] Test available actions on Channel
| * | | | | [ActionCable] Test available actions on ChannelAkshay Vishnoi2015-12-181-0/+4
| | | | | |
* | | | | | Do not check the version anymoreRafael Mendonça França2015-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Our logic is complex now and we don't need to check the version to asset the behavior so I'm removing the checking here.
* | | | | | Merge pull request #22657 from matthewd/loosen-versionRafael Mendonça França2015-12-184-3/+32
|\ \ \ \ \ \ | |/ / / / / |/| | | | | | | | | | | Allow normal version updates within a release series
| * | | | | Allow normal version updates within a release seriesMatthew Draper2015-12-184-3/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We originally chose to apply very strict versioning on the `rails` entry in the Gemfile, because our future versioning policy was not strongly defined. Now it is, and our policy is very much designed on the expectation that people will regularly update to the latest patch level in their release series... so we should encourage that. Of course, Gemfile.lock will do its job and prevent unplanned updates, just as it does for every other gem in the bundle... but if you run `bundle update`, we want to get you the latest bug/security fixes without requiring a manual edit of the Gemfile entry. Our current version could be a few different shapes, so it takes a bit of work to find the right specifier, but in principle, we match anything of the form x.y.*, where x.y matches our current release series.
* | | | | | Same gemspec formats everywhereDavid Heinemeier Hansson2015-12-182-2/+2
| | | | | |
* | | | | | Stray lineDavid Heinemeier Hansson2015-12-181-1/+2
| | | | | |
* | | | | | SimplifyDavid Heinemeier Hansson2015-12-181-9/+2
| | | | | |
* | | | | | Now available in action_cableDavid Heinemeier Hansson2015-12-181-2/+2
| | | | | |
* | | | | | Refer to rails command instead of rake in a bunch of placesDavid Heinemeier Hansson2015-12-1816-40/+40
| | | | | | | | | | | | | | | | | | | | | | | | Still more to do. Please assist!
* | | | | | Explain reason for eager loadingDavid Heinemeier Hansson2015-12-181-0/+1
| | | | | |
* | | | | | Explain Redis' role in Action CableDavid Heinemeier Hansson2015-12-181-0/+1
| | | | | |
* | | | | | [ci skip] Revert most of ff851017Kasper Timm Hansen2015-12-181-2/+2
| | | | | | | | | | | | | | | | | | We went back to `Thread.current[]` in 33e11e59.
* | | | | | Merge pull request #22656 from akshay-vishnoi/fix-typosKasper Timm Hansen2015-12-183-5/+5
|\ \ \ \ \ \ | | | | | | | | | | | | | | [ci skip] Fix grammar
| * | | | | | [ci skip] Fix grammarAkshay Vishnoi2015-12-183-5/+5
| | | | | | |
* | | | | | | Bring comment in line with rest of initializersDavid Heinemeier Hansson2015-12-181-2/+2
| | | | | | |
* | | | | | | Explain the concept of config initializers for backwards compatibilityDavid Heinemeier Hansson2015-12-183-2/+5
| | | | | | |
* | | | | | | Fix spacingDavid Heinemeier Hansson2015-12-181-1/+1
| | | | | | |
* | | | | | | These options are not changed nearly often enough to warrant inclusion like ↵David Heinemeier Hansson2015-12-181-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this at a high level
* | | | | | | Better explanationDavid Heinemeier Hansson2015-12-181-2/+6
| | | | | | |
* | | | | | | Use the rails command, not rake, for all rails commandsDavid Heinemeier Hansson2015-12-182-6/+6
| | | | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 08:38:49 +0000