aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | Fix "warning: ambiguous first argument; put parentheses or a space even ↵yuuji.yaginuma2018-11-281-3/+3
| | | | | | | | | | | | | | | | | | | | after `/' operator"
* | | | | Merge pull request #34546 from y-yagi/fix_ast_buildYuji Yaginuma2018-11-283-17/+3
|\ \ \ \ \ | | | | | | | | | | | | Fix broken ASt build
| * | | | | text is treated as `attachment`yuuji.yaginuma2018-11-281-2/+2
| | | | | |
| * | | | | Fix broken `ActiveStorage::BlobTest`yuuji.yaginuma2018-11-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | `ActiveStorage::Filename#parameters` was removed by #33829.
| * | | | | Remove duplicated testyuuji.yaginuma2018-11-281-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 06ab7b27ea1c1ab357085439abacdb464f6742bf, `GCSServiceTest#test_signed_URL_response_headers` is broken. https://travis-ci.org/rails/rails/jobs/460454477#L7084-L7087 This seems to be due to lack of `content_type` at upload. This is solved by specifying `conten_type`. However, since the same content is also tested with `test_upload_with_content_type`, it will be duplicated content, so I think that can remove `test_signed_URL_response_headers`.
* | | | | | Merge pull request #33835 from schneems/schneems/faster_cache_versionSean Griffin2018-11-272-4/+130
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Use raw time string from DB to generate ActiveRecord#cache_version
| * | | | | Prefer String#ljust over String#<< for paddinglsylvester2018-10-171-3/+2
| | | | | |
| * | | | | Do not silently fail to generate a cache_versionschneems2018-10-172-6/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an `updated_at` column exists on the model, but is not available on the instance (likely due to a select), we should raise an error rather than silently not generating a cache_version. Without this behavior it's likely that cache entries will not be able to be invalidated and this will happen without notice. This behavior was reported and described by @lsylvester in https://github.com/rails/rails/pull/34197#issuecomment-429668759.
| * | | | | Use raw time string from DB to generate ActiveRecord#cache_versionschneems2018-10-172-4/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the `updated_at` field is used to generate a `cache_version`. Some database adapters return this timestamp value as a string that must then be converted to a Time value. This process requires a lot of memory and even more CPU time. In the case where this value is only being used for a cache version, we can skip the Time conversion by using the string value directly. - This PR preserves existing cache format by converting a UTC string from the database to `:usec` format. - Some databases return an already converted Time object, in those instances, we can directly use `created_at`. - The `updated_at_before_type_cast` can be a value that comes from either the database or the user. We only want to optimize the case where it is from the database. - If the format of the cache version has been changed, we cannot apply this optimization, and it is skipped. - If the format of the time in the database is not UTC, then we cannot use this optimization, and it is skipped. Some databases (notably PostgreSQL) returns a variable length nanosecond value in the time string. If the value ends in a zero, then it is truncated For instance instead of `2018-10-12 05:00:00.000000` the value `2018-10-12 05:00:00` is returned. We detect this case and pad the remaining zeros to ensure consistent cache version generation. Before: Total allocated: 743842 bytes (6626 objects) After: Total allocated: 702955 bytes (6063 objects) (743842 - 702955) / 743842.0 # => 5.4% ⚡️⚡️⚡️⚡️⚡️ Using the CodeTriage application and derailed benchmarks this PR shows between 9-11% (statistically significant) performance improvement versus the commit before it. Special thanks to @lsylvester for helping to figure out a way to preserve the usec format and for helping with many implementation details.
* | | | | | Merge pull request #34544 from ahawrylak/fix-active-storage-docs-typoGannon McGibbon2018-11-271-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix minor Active Storage docs typo [ci skip]
| * | | | | | Fix minor Active Storage docs typo [ci skip]Adrian Hawrylak2018-11-281-1/+1
|/ / / / / /
* | | | | | Prevent content type and disposition bypass in storage service URLsRosa Gutierrez2018-11-2714-38/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Force content-type to binary on service urls for relevant content types We have a list of content types that must be forcibly served as binary, but in practice this only means to serve them as attachment always. We should also set the Content-Type to the configured binary type. As a bonus: add text/cache-manifest to the list of content types to be served as binary by default. * Store content-disposition and content-type in GCS Forcing these in the service_url when serving the file works fine for S3 and Azure, since these services include params in the signature. However, GCS specifically excludes response-content-disposition and response-content-type from the signature, which means an attacker can modify these and have files that should be served as text/plain attachments served as inline HTML for example. This makes our attempt to force specific files to be served as binary and as attachment can be easily bypassed. The only way this can be forced in GCS is by storing content-disposition and content-type in the object metadata. * Update GCS object metadata after identifying blob In some cases we create the blob and upload the data before identifying the content-type, which means we can't store that in GCS right when uploading. In these, after creating the attachment, we enqueue a job to identify the blob, and set the content-type. In other cases, files are uploaded to the storage service via direct upload link. We create the blob before the direct upload, which happens independently from the blob creation itself. We then mark the blob as identified, but we have already the content-type we need without having put it in the service. In these two cases, then, we need to update the metadata in the GCS service. * Include content-type and disposition in the verified key for disk service This prevents an attacker from modifying these params in the service signed URL, which is particularly important when we want to force them to have specific values for security reasons. * Allow only a list of specific content types to be served inline This is different from the content types that must be served as binary in the sense that any content type not in this list will be always served as attachment but with its original content type. Only types in this list are allowed to be served either inline or as attachment. Apart from forcing this in the service URL, for GCS we need to store the disposition in the metadata. Fix CVE-2018-16477.
* | | | | | Do not deserialize GlobalID objects that were not generated by Active JobRafael Mendonça França2018-11-272-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trusting any GlobaID object when deserializing jobs can allow attackers to access information that should not be accessible to them. Fix CVE-2018-16476.
* | | | | | Merge pull request #34528 from DmitryTsepelev/fix-ignored-attributesRafael França2018-11-275-1/+57
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Additional types of ResultSet should not contain keys of #attributes_to_define_after_schema_loads
| * | | | | Cached columns_hash fields should be excluded from ResultSet#column_typesDmitryTsepelev2018-11-275-1/+57
| | | | | |
* | | | | | More exercise singular association queryRyuta Kamizono2018-11-284-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | Follow up ba4e68f577efc76f351d30a2914e29942b97830e.
* | | | | | Ensure that singular association should execute limited queryRyuta Kamizono2018-11-282-5/+12
| | | | | |
* | | | | | Revert "Merge pull request #34538 from bogdan/reuse-find-target"Ryuta Kamizono2018-11-283-23/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f2ab8b64d4d46d7199f94c3e21021f414a4d259a, reversing changes made to b9c7305dbe57931a153a540d49ae5d469af61a14. Reason: `scope.take` is not the same with `scope.to_a.first`.
* | | | | | Merge pull request #34538 from bogdan/reuse-find-targetEileen M. Uchitelle2018-11-273-29/+23
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Reuse code in AR::Association#find_target
| * | | | | Reuse code in AR::Association#find_targetBogdan Gusiev2018-11-273-29/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this patch, singular and collection associations had different implementations of the #find_target method. This patch reuses the code properly through extending the low level methods.
* | | | | | Merge pull request #34480 from tekin/configurable-implicit-ordering-columnEileen M. Uchitelle2018-11-274-2/+45
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make it possible to override the implicit order column
| * | | | | | Make implicit order column configurableTekin Suleyman2018-11-264-2/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling ordered finder methods such as +first+ or +last+ without an explicit order clause, ActiveRecord sorts records by primary key. This can result in unpredictable and surprising behaviour when the primary key is not an auto-incrementing integer, for example when it's a UUID. This change makes it possible to override the column used for implicit ordering such that +first+ and +last+ will return more predictable results. For Example: class Project < ActiveRecord::Base self.implicit_order_column = "created_at" end
* | | | | | | Revert "We still need the `Helpers` constant in the `ActiveRecord` namespace"Ryuta Kamizono2018-11-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d52f74480ae46cd3de7ce697093136b01c7a2172. Since 24adc20, the `Helpers` constant in the `ActiveRecord` namespace is not referenced anymore.
* | | | | | | `Mutable` helper is in `ActiveModel`Ryuta Kamizono2018-11-274-4/+4
|/ / / / / / | | | | | | | | | | | | | | | | | | It should be referenced by full qualified name from Active Record.
* | | | | | Convert ActionCable tests from CoffeeScript to ES2015 and replace Blade with ↵rmacklin2018-11-2623-4778/+2480
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Karma and Rollup (#34440) * Rename .coffee files in ActionCable test suite in prep for decaffeination * Decaffeinate ActionCable tests * Replace Blade with Karma and Rollup to run ActionCable JS tests - Add karma and qunit devDependencies - Add test script to ActionCable package - Use rollup to bundle ActionCable tests - Use karma as the ActionCable JS test runner * Replace vendored mock-socket with package devDependency in ActionCable * Move ActionCable yarn install to TravisCI before_install config * Clean up decaffeinated ActionCable tests to use consistent formatting
* | | | | | Use env instead of headers on those testsRafael Mendonça França2018-11-261-14/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are dealing with the rack env so it is better to specify it in the tests.
* | | | | | Do not use deprecated Object#!~ in Ruby 2.6Rafael Mendonça França2018-11-261-1/+5
| |_|_|/ / |/| | | | | | | | | | | | | | Closes #34530.
* | | | | Merge pull request #34520 from yahonda/bump_pg93Rafael França2018-11-2612-410/+385
|\ \ \ \ \ | | | | | | | | | | | | Bump the minimum version of PostgreSQL to 9.3
| * | | | | Bump the minimum version of PostgreSQL to 9.3Yasuo Honda2018-11-2512-410/+385
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://www.postgresql.org/support/versioning/ - 9.1 EOLed on September 2016. - 9.2 EOLed on September 2017. 9.3 is also not supported since Nov 8, 2018. https://www.postgresql.org/about/news/1905/ I think it may be a little bit early to drop PostgreSQL 9.3 yet. * Deprecated `supports_ranges?` since no other databases support range data type * Add `supports_materialized_views?` to abstract adapter Materialized views itself is supported by other databases, other connection adapters may support them * Remove `with_manual_interventions` It was only necessary for PostgreSQL 9.1 or earlier * Drop CI against PostgreSQL 9.2
* | | | | | Merge pull request #34521 from azbshiri/mysql-exec-query-resultEileen M. Uchitelle2018-11-262-2/+15
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Test when using MySQL `exec_query` returns `ActiveRecord::Result` all…
| * | | | | When running exec_query MySQL always returns ActiveRecord::ResultAlireza Bashiri2018-11-252-2/+15
| |/ / / / | | | | | | | | | | | | | | | | | | | | When running `exec_query` with `INSERT` (or other write commands), MySQL returns `ActiveRecord::Result`.
* | | | | Merge pull request #34525 from tnantoka/cache-key-low-level-cachingRyuta Kamizono2018-11-261-1/+1
|\ \ \ \ \ | | | | | | | | | | | | Use cache_key_with_version instead of cache_key for the example in Low-Level Caching [ci skip]
| * | | | | Use cache_key_with_version instead of cache_key for the example in Low-Level ↵tnantoka2018-11-261-1/+1
|/ / / / / | | | | | | | | | | | | | | | Caching [ci skip]
* | | | | Fix random CI failure due to non-deterministic sorting orderRyuta Kamizono2018-11-261-2/+2
| | | | | | | | | | | | | | | | | | | | https://travis-ci.org/rails/rails/jobs/459534536#L1280
* | | | | Merge pull request #34522 from ↵Ryuta Kamizono2018-11-261-2/+0
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | yahonda/sqlite3_returns_primary_key_in_expected_order SQLite 3.7.16+ returns the order of the primary key columns
| * | | | | SQLite 3.7.16+ returns the order of the primary key columnsYasuo Honda2018-11-251-2/+0
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://www.sqlite.org/releaselog/3_7_16.html > 9 Enhance the PRAGMA table_info command so that the "pk" column is an increasing integer to show the order of columns in the primary key. Rails 6 supports SQLite 3.8 then we can remove this skip condition.
* | | | | Merge pull request #34524 from tomrossi7/updating-docsGannon McGibbon2018-11-251-7/+23
|\ \ \ \ \ | |/ / / / |/| | | | Updating the Testing Guide to Reflect Emails Enqueued With ActiveJob
| * | | | Updating the Testing Guide to Reflect Emails Enqueued With ActiveJob [ci skip]Tom Rossi2018-11-251-7/+23
|/ / / /
* | | | ASt direct uploads: account for <button type="submit"> elementsTasos Maschalidis2018-11-242-4/+4
| | | |
* | | | Merge pull request #34519 from composerinteralia/duration-inspectRyuta Kamizono2018-11-251-1/+0
|\ \ \ \ | | | | | | | | | | Remove unnecessary reduce in Duration#inspect
| * | | | Remove unnecessary reduce in Duration#inspectDaniel Colson2018-11-241-1/+0
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the `Duration` class was introduced in 276c9f29, the `parts` were represented as an array of arrays (for example `[[:seconds, 5], [:days, 3], [:seconds, 7]]`). At that time the `reduce` in `#inspect` made sense, since we would need to get the totals for each part (the example would become `{ seconds: 12, days: 3 }`). With the current version of `Duration` we call `to_h` on the `parts` immediately on initialize, so now the `reduce` doesn't seem to be doing anything meaningful.
* | | | Merge pull request #34517 from EByrdS/immutable-enumRafael França2018-11-233-0/+19
|\ \ \ \ | | | | | | | | | | Pluralized enum raises error when attempting to modify
| * | | | Raises error when attempting to modify enum valuesebyrds2018-11-233-0/+19
| | | | |
* | | | | Merge pull request #34515 from BenjaminKim/patch-1Rafael França2018-11-231-1/+1
|\ \ \ \ \ | |/ / / / |/| | | | rubyonrails.org has been ready for https
| * | | | rubyonrails.org has been ready for httpsBenjamin Kim2018-11-241-1/+1
|/ / / /
* | | | Merge pull request #34376 from composerinteralia/default_queue_nameRafael França2018-11-232-2/+29
|\ \ \ \ | | | | | | | | | | Allow using queue prefix with a default queue name
| * | | | Allow using queue prefix with a default queue nameDaniel Colson2018-11-032-2/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #34366 Currently setting queue_name_prefix will not combine a prefix with the default_queue_name; it will only affect queue names set with `queue_as`. With this PR the prefix will affect the default_queue_name as well. Closes #19831 Currently setting default_queue_name doesn't actually affect the queue_name default (although default_queue_name does get used if you pass a falsey `part_name` to `queue_as`). This PR would get default_queue_name working as expected as well. Because the queue_name default is now a lambda wrapping the default_queue_name, rather than the default_queue_name itself, I had to update one test to use the instance method `#queue_name` (which `instance_exec`s the value) instead of the class method. I think this change is OK, since only the instance method is documented. There was a question about whether we want a `default_queue_name` configuration. If we want to get rid of it, I would also be happy to open a PR for that instead. It has been around for a while now, but it also hasn't really worked for a while now. r? @matthewd since you had an opinion about this before
* | | | | Merge pull request #34367 from gmcgibbon/rm_parameterized_delivery_jobRafael França2018-11-239-51/+50
|\ \ \ \ \ | | | | | | | | | | | | Deliver parameterized mail with DeliveryJob
| * | | | | Deliver parameterized mail with DeliveryJobGannon McGibbon2018-11-229-51/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Deliver parameterized mail with `ActionMailer::DeliveryJob` and remove `ActionMailer::Parameterized::DeliveryJob`.
* | | | | | Merge pull request #34455 from ↵Rafael França2018-11-233-1/+6
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | minimalweb/progressive_jpeg_inclusion_as_variable_content_type Add progressive JPG MIME-type to default variable content types