| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* `each`
* `each_pair`
* `delete`
* `select!`
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is to make sure that `permitted` status is maintained on the
resulting object.
I found these methods that needs to be redefined by looking for
`self.class.new` in the code.
* extract!
* transform_keys
* transform_values
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`ActionController::Parameters#to_h` now returns a `Hash` with
unpermitted keys removed. This change is to reflect on a security
concern where some method performed on an `ActionController::Parameters`
may yield a `Hash` object which does not maintain `permitted?` status.
If you would like to get a `Hash` with all the keys intact, duplicate
and mark it as permitted before calling `#to_h`.
params = ActionController::Parameters.new(name: 'Senjougahara Hitagi')
params.to_h # => {}
unsafe_params = params.dup.permit!
unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
safe_params = params.permit(:name)
safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
This change is consider a stopgap as we cannot chage the code to stop
`ActionController::Parameters` to inherit from
`HashWithIndifferentAccess` in the next minor release.
Also, adding a CHANGELOG entry to mention that
`ActionController::Parameters` will not inheriting from
`HashWithIndifferentAccess` in the next major version.
|
| |
|
|
|
|
|
|
| |
seamusabshere/numerify-pool-checkout-timeout-from-urls-4-1-stable
Make sure :checkout_timeout and :dead_connection_timeout are numbers
Conflicts:
activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb
|
| |\
| |
| |
| |
| | |
eileencodes/remove-unnecessary-to_s-from-add_constraints-method
Remove to_s from reflection.type in add_constraints
|
| |/
|
|
|
|
|
| |
The instance var is already saved as a string in the initialization
method of AssociationReflection.
See https://github.com/rails/rails/blob/master/activerecord/lib/active_record/reflection.rb#L273
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Fix after_commit warning message
|
| |/ |
|
| |\
| |
| | |
Fix broken link to Upgrading Ruby on Rails Guide [ci skip]
|
| | |
| |
| |
| |
| |
| | |
in the 4.2 Release Notes [skip ci]
Change to link suggested by @zzak [skip ci]
|
| | |
| |
| |
| | |
Fixes #15821.
|
| |\ \
| | |
| | | |
Add activejob guide to documents.yml [ci skip]
|
| | | | |
|
| |\ \ \
| |/ /
|/| | |
[ActiveJob] Add queue_name_prefix
|
| | | |
| | |
| | |
| | |
| | |
| | | |
We can split queues on a per environement basis as well as seggregate per application so we can split queues on a per env basis
ActiveJob::Base.queue_name_prefix = 'foo'
|
| |\ \ \
| |/ /
|/| | |
fix broken link to rails blog [ci skip]
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add option to stop swallowing errors on callbacks.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, Active Record will rescue any errors raised within
after_rollback/after_create callbacks and print them to the
logs. Next versions of rails will not rescue those errors anymore,
and just bubble them up, as the other callbacks.
This adds a opt-in flag to enable that behaviour, of not rescuing
the errors.
Example:
# For not swallow errors in after_commit/after_rollback
config.active_record.errors_in_transactional_callbacks = true
[fixes #13460]
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |_|/
|/| | |
|
| | |/
|/| |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
| |
If the request parameters are passed to create_with and where they can
be used to do mass assignment when used in combination with
Relation#create.
Fixes CVE-2014-3514
Conflicts:
activerecord/lib/active_record/relation/query_methods.rb
|
| | |
|
| |\
| |
| |
| |
| | |
byroot/add-test-case-for-nested-array-in-where-conditions
Add a test case of nested empty array values in conditions
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Post.where(id: [[]]).to_a
Used to fail with a SQL syntax error (until 4.1):
SELECT ... WHERE id in ();
It now properly generate:
SELECT ... WHERE 1=0;
|
| | | |
|
| |\ \
| | |
| | | |
Fix rails-html_sanitizer in Gemfile template
|
| |/ /
| |
| | |
[skip ci]
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
Fix ActiveJob isolation tests.
|
| |/ / |
|
| | | |
|
| |\ \
| | |
| | |
| | | |
Use #model_name on instances instead of classes
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This allows rails code to be more confdent when asking for a model name, instead of having to ask for the class.
Rails core discussion here: https://groups.google.com/forum/#!topic/rubyonrails-core/ThSaXw9y1F8
|
| |\ \ \
| | | |
| | | | |
Add a `required` option to the model generator
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Syntax was chosen to follow the passing of multiple options to
decimal/numeric types. Curly braces, and allowing any of `,`, `.`, or
`-` to be used as a separator to avoid the need for shell quoting. (I'm
intending to expand this to all columns, but that's another PR.
The `required` option will cause 2 things to change. `required: true`
will be added to the association. `null: false` will be added to the
column in the migration.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
Gemfile
|
| | |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Conflicts:
actionpack/CHANGELOG.md
|
| | | | | | | |
|
