| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
Typo fix for unscope [ci skip]
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.
Fixes: CVE-2014-0082
|
| |\
| |
| |
| |
| |
| | |
Conflicts:
actionview/CHANGELOG.md
activerecord/CHANGELOG.md
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Thanks Godfrey Chan for reporting this!
Fixes: CVE-2014-0080
|
| | |
| |
| |
| |
| |
| |
| | |
Previously the values of these options were trusted leading to
potential XSS vulnerabilities.
Fixes: CVE-2014-0081
|
| |\ \
| | |
| | | |
Sync 4.1 release notes with changes since 7f648bc7
|
| |/ / |
|
| |\ \
| | |
| | | |
Introduce `:plain`, `:html`, and `:body` render options.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Setting this attribute to `true` will remove the content type header
from the request. This is use in `render :body` feature.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
* Introduces `:plain`, `:html`, `:body` render option.
* Update guide to use `render :plain` instead of `render :text`.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This test were assuming that the list of render options will always be
the same. Fixing that so this doesn't break when we add/remove render
option in the future.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an option for to HTML content with a content type of
`text/html`. This rendering option calls `ERB::Util.html_escape`
internally to escape unsafe HTML string, so you will have to mark your
string as html safe if you have any HTML tag in it.
Please see #12374 for more detail.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is as an option to render content with a content type of
`text/plain`. This is the preferred option if you are planning to render
a plain text content.
Please see #12374 for more detail.
|
| | | | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an option for sending a raw content back to browser. Note that
this rendering option will unset the default content type and does not
include "Content-Type" header back in the response.
You should only use this option if you are expecting the "Content-Type"
header to not be set. More information on "Content-Type" header can be
found on RFC 2616, section 7.2.1.
Please see #12374 for more detail.
|
| |\ \
| | |
| | | |
Document `default_scope` changes
|
| | | |
| | |
| | |
| | | |
[ci skip]
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
and upgrating guides
[ci skip]
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Fix parameter naming in RemoteIp middleware constructor method [ci skip]
|
| | |/ /
| | |
| | |
| | |
| | | |
Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies
|
| | | | |
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Upgrade Doc: assets:precompile:all was removed on 4
|
| | |/ / |
|
| |/ / |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rails applications are expected to be always aware of the application
time zone.
To be consistent with that contract, we have to assume that a bare
date passed to time helpers is a date in the application time zone,
not in the system time zone. The system time zone is irrelevant, we
should totally ignore it.
For example,
travel_to user.birth_date + 40.years
should make that user be 40th years old regardless of the system
time zone. Without this patch that may not be true.
|
| |\ \
| | |
| | | |
streaming should change status of response when exception is caught
|
| | | |
| | |
| | |
| | |
| | |
| | | |
if the controller action has not yet streamed any data, actions should
process as normal, and errors should trigger the appropriate behavior
(500, or in the case of ActionController::BadRequest, a 400 Bad Request)
|
| |\ \ \
| | | |
| | | | |
Fix coffeescript sample [ci skip]
|
| | | | |
| | | |
| | | | |
Replace bind() with on() as suggested by the JQuery bind() documentation: https://api.jquery.com/bind/
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 3ea840355409dc205a9e0d027fc09f1452636969, reversing
changes made to e4cde5d58cbb09d1843796f96ba86225ff94fe05.
Conflicts:
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/query_methods.rb
Reason: using `from` without `select` should not change the select list
to SELECT * because it can lead different query results. If it is needed
to change the table to a subquery or a view you can pass a table alias
in the `from` call or use `select('subquery.*')`.
Fixes #14049.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Hstore arrays fix (follow up for #11444)
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We didn't have enough encoding for the wire protocol to store an array
of hstore types. So, further encode any hstore that is an array member.
Whilst we're here, ensure it's an HashWithIndifferentAccess being
returned, to be consistent with other serialized forms, and add testing
for arrays of hstore.
So now the following migration:
enable_extension "hstore"
create_table :servers do |t|
t.string :name
t.hstore :interfaces, array: true
end
produces a model that can used like this, to store an array of hashes:
server = Server.create(name: "server01", interfaces: [
{ name: "bge0", ipv4: "192.0.2.2", state: "up" },
{ name: "de0", state: "disabled", by: "misha" },
{ name: "fe0", state: "up" },
])
More at http://inopinatus.org/2013/07/12/using-arrays-of-hstore-with-rails-4/
|
| |\ \ \ \
| | | | |
| | | | | |
Guides fixes
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Explain how form_for :article is able to pull in the properties of @article
Make it clear that article_id is generated due to the association set up
Add link to the rails function that uses X-Sendfile.
Add links to apache and nginx docs for the header
|
