aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix `singleton_class?`Vipul A M2015-01-021-3/+5
| | | | | | | | Due to changes from http://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/39628 current `singleton_class?` implementation fails. Changed based on reference from http://bugs.ruby-lang.org/issues/7609 Conflicts: activesupport/lib/active_support/core_ext/class/attribute.rb
* parse stringified mime typeAman Gupta2015-01-021-1/+1
|
* fix yaml compat on ruby 2.2Aman Gupta2015-01-021-1/+3
|
* fix regex caseAman Gupta2015-01-021-1/+1
|
* restore I18n.locale after testAman Gupta2015-01-021-0/+8
|
* convert another incompatible assert_raise invocationAman Gupta2015-01-021-1/+2
|
* switch to minitest and test-unit compatible assert_raise syntaxKouhei Sutou2015-01-021-1/+2
|
* blacklist test-unit's @internal_data ivarAman Gupta2015-01-021-0/+1
|
* try using newer test-unit gemAman Gupta2015-01-021-1/+1
|
* added dependency of test-unit into activesupportSHIBATA Hiroshi2015-01-021-0/+1
|
* Lock i18n to a version that works with Ruby 1.8Rafael Mendonça França2015-01-021-0/+2
|
* Merge pull request #18160 from tmm1/3-2-ruby-2-2Rafael Mendonça França2015-01-023-6/+12
|\ | | | | | | 3-2-stable: add ruby 2.2 compatibility
| * Check `respond_to` before delegation due to: ↵Aaron Patterson2014-12-221-1/+7
| | | | | | | | https://github.com/ruby/ruby/commit/d781caaf313b8649948c107bba277e5ad7307314
| * fix ruby 2.2 warning: circular argument referenceAman Gupta2014-12-222-5/+5
| |
* | Test Rails 3.2 with Ruby 2.1 and 2.2Rafael Mendonça França2015-01-011-0/+2
|/
* bumping version for relesaseAaron Patterson2014-11-169-9/+9
|
* correctly escape backslashes in request path globsAaron Patterson2014-11-162-2/+44
| | | | | | | | | Conflicts: actionpack/lib/action_dispatch/middleware/static.rb make sure that unreadable files are also not leaked CVE-2014-7829
* Merge branch '3.2.20' into 3-2-stableAaron Patterson2014-10-3011-10/+47
|\ | | | | | | | | | | * 3.2.20: bumping version to 3.2.20 FileHandler should not be called for files outside the root
| * bumping version to 3.2.20Aaron Patterson2014-10-299-9/+9
| |
| * FileHandler should not be called for files outside the rootAaron Patterson2014-10-292-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | FileHandler#matches? should return false for files that are outside the "root" path. Conflicts: actionpack/lib/action_dispatch/middleware/static.rb Conflicts: actionpack/lib/action_dispatch/middleware/static.rb actionpack/test/dispatch/static_test.rb
* | Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-042-12/+11
| | | | | | | | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
* | Merge branch '3-2-sec' into 3-2-stableRafael Mendonça França2014-07-0218-12/+58
|\|
| * Preparing for 3.2.19 releaseRafael Mendonça França2014-07-0216-9/+50
| |
| * Check against bit string values using multiline regexpRafael Mendonça França2014-07-022-3/+8
| | | | | | | | Fix CVE-2014-3482.
* | Use a version of execjs compatible with Ruby 1.8Rafael Mendonça França2014-06-261-0/+3
|/
* Make sure Active Support configurations are applied correctlyRafael Mendonça França2014-06-262-0/+19
| | | | | | | Before this patch configuration set using config.active_support would not be set. Closes #15364
* Revert "Merge pull request #15794 from vishalzambre/patch-1"Guillermo Iguaran2014-06-181-1/+1
| | | | | | | This reverts commit 6d800a909e24465ca6f3fa5206222fa7d78967f6, reversing changes made to 6a051299f98ee43864326c6c0a4f7d169d22b3f8. We don't apply non-security fixes to 3-2-stable branch!!!
* Merge pull request #15794 from vishalzambre/patch-1Guillermo Iguaran2014-06-181-1/+1
|\ | | | | File.exists? is a deprecated name, use File.exist?
| * File.exists? is a deprecated name, use File.exist?Vishal Zambre2014-06-181-1/+1
|/ | | File.exists? is a deprecated name, use File.exist?
* Feature detect based on Ruby version.Aaron Patterson2014-05-181-1/+1
| | | | | | | I didn't want to do this, FNM_EXTGLOB is defined on 2.1.x, but Dir.glob returns the wrong value on Ruby less than 2.2.0. Checking for a case-insensitive FS seems too hard, so just check Ruby version Checking for a case-insensitive FS seems too hard, so just check Ruby version.
* feature detect for FNM_EXTGLOB for older Ruby. Fixes #15053Aaron Patterson2014-05-101-5/+21
|
* use fnmatch to test for case insensitive file systemsAaron Patterson2014-05-091-4/+2
| | | | | | this is due to: https://bugs.ruby-lang.org/issues/5994
* Merge branch '3-2-sec' into 3-2-stableRafael Mendonça França2014-05-0619-14/+155
|\ | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * Fix broken tests of the previous releaseRafael Mendonça França2014-05-062-6/+6
| |
| * Preparing for 3.2.18 releaseRafael Mendonça França2014-05-0616-9/+115
| |
| * Only accept actions without File::SEPARATOR in the name.Rafael Mendonça França2014-05-052-4/+41
| | | | | | | | | | | | This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130
* | Merge branch '3-2-17' into 3-2-stableRafael Mendonça França2014-02-1814-12/+103
|\| | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * Preparing for 3.2.17 releaseRafael Mendonça França2014-02-1810-9/+19
| |
| * Use the reference for the mime type to get the formatRafael Mendonça França2014-02-182-1/+18
| | | | | | | | | | | | | | | | Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
| * Escape format, negative_format and units options of number helpersRafael Mendonça França2014-02-182-1/+64
| | | | | | | | | | | | | | Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081
* | Merge pull request #13613 from simi/patch-1Damien Mathieu2014-01-061-1/+1
|\ \ | | | | | | Fix force_ssl.rb documentation. Close tt tag.
| * | Fix force_ssl.rb documentation. Close tt tag.Josef Šimánek2014-01-061-1/+1
|/ / | | | | [ci skip]
* | Merge pull request #13315 from tyre/patch-1Rafael Mendonça França2013-12-131-1/+1
|\ \ | | | | | | Update Session Store Documentation
| * | Update Session Store DocumentationChris Maddox2013-12-131-1/+1
|/ / | | | | session_id doesn't need to be a text column, just string (VARCHAR)
* | Merge pull request #13183 from sorah/never_ignore_i18n_translate_raise_optionCarlos Antonio da Silva2013-12-043-1/+24
| | | | | | | | | | | | | | Escalate missing error when :raise is true in translate helper, fix regression introduced by security fix. Conflicts: actionpack/CHANGELOG.md
* | Fix documentation of number_to_currency helperRafael Mendonça França2013-12-042-5/+5
| | | | | | | | | | | | Now users have to explicit mark the unit as safe if they trust it. Closes #13161
* | Merge pull request #13162 from makandra/3-2-stableRafael Mendonça França2013-12-041-4/+4
|\ \ | |/ |/| Repair a test broken by the number_to_currency XSS fix
| * repair a test broken by the number_to_currency XSS fixTobias Kraze2013-12-041-4/+4
|/
* updating the changelogAaron Patterson2013-12-0210-9/+17
|
* Deep Munge the parameters for GET and POSTMichael Koziarski2013-12-022-2/+17
| | | | | | | | | | | The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-24 03:36:44 +0000