aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | | | | | | | | Merge pull request #23291 from maclover7/suckerpunch-docs-updateJon Moss2016-01-271-6/+4
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Update sucker_punch adapter's description
| * | | | | | | | | Update sucker_punch adapter's descriptionJon Moss2016-01-271-6/+4
| | |_|_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | | | | remove == from AcceptItemAaron Patterson2016-01-271-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove nonsense definition of == from `AcceptItem`. The definition only compared names and not `q` values or even object identity. The only use was in the `assort!` method that really just wanted the index of the item given the item's name. Instead we just change the caller to use `index` with the block form.
* | | | | | | | | remove useless private methodsAaron Patterson2016-01-271-13/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit refactors the private methods that were just aliases to [] to just directly use [] and cache the return values on the stack.
* | | | | | | | | change `@app_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-16/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | same strategy as `@text_xml_idx`: cache it on the stack to avoid ivar lookups and the `||=` call.
* | | | | | | | | change `@text_xml_idx` to an lvar and cache it on the stackAaron Patterson2016-01-271-13/+11
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this eliminates the ivar lookup and also eliminates the `||=` conditional that happens every time we called the `text_xml_idx` method.
* | | | | | | | Remove celluloid from the GemfileRafael Mendonça França2016-01-273-25/+1
| | | | | | | |
* | | | | | | | Merge pull request #23284 from maclover7/suckerpunch-2Eileen M. Uchitelle2016-01-274-9/+21
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Update ActiveJob adapter for sucker_punch 2.0
| * | | | | | | | Update ActiveJob adapter for sucker_punch 2.0Jon Moss2016-01-274-9/+21
| | |_|_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR includes two changes for 2.0.0: - Breaking API change around `async.perform` --> `perform_async` - New addition of `perform_in`, which now allows end users of the adapter to use the `enqueued_at` public API method.
* | | | | | | | Add tests to #23288Rafael Mendonça França2016-01-271-0/+1
| | | | | | | |
* | | | | | | | Merge pull request #23288 from bdewater/sprockets3-sha2-altRafael França2016-01-272-1/+6
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix img alt attribute generation when using Sprockets >= 3.0
| * | | | | | | | Fix img alt attribute generation when using Sprockets >= 3.0Bart de Water2016-01-272-1/+6
| | | | | | | | |
* | | | | | | | | Merge pull request #23289 from keram/patch-1Arthur Nogueira Neves2016-01-271-2/+2
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix typo in strong params hash deprecation message
| * | | | | | | | | Fix typo in strong params hash deprecation messageMarek2016-01-271-2/+2
|/ / / / / / / / / | | | | | | | | | | | | | | | | | | and remove unecessary spaces in string interpolation.
* / / / / / / / / Do not use default attributes for STI when instantiating a subclassSean Griffin2016-01-272-1/+9
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The commit which originally added this behavior did not consider that doing `Subclass.new` does not actually populate the `type` field in the attributes (though perhaps it should). We simply need to not use the defaults for STI related things unless we are instantiating the base class. Fixes #23285.
* | | | | | | | Merge pull request #23281 from djoume/patch-1Kasper Timm Hansen2016-01-271-3/+3
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix small typos in asset_pipeline.md
| * | | | | | | | Fix typos in asset_pipeline.mdDjoume Salvetti2016-01-271-3/+3
|/ / / / / / / /
* | | | | | | | Merge pull request #21791 from sonalkr132/persistence-docArthur Nogueira Neves2016-01-271-8/+9
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Improvement in ActiveRecord::Persistence doc [ci skip]
| * | | | | | | | Improvement in ActiveRecord::Persistence doc [ci skip]Aditya Prakash2015-10-171-8/+9
| | | | | | | | |
* | | | | | | | | Merge pull request #23278 from eldano/fix_docVipul A M2016-01-271-1/+1
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix doc
| * | | | | | | | | Fix doc [ci skip]Daniel Gomez de Souza2016-01-271-1/+1
|/ / / / / / / / /
* | | | | | | | | Merge pull request #23277 from rails/revert-23152-actioncable-concurrentDavid Heinemeier Hansson2016-01-2727-385/+106
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Revert "Eliminate the EventMachine dependency"
| * | | | | | | | | Revert "Eliminate the EventMachine dependency"David Heinemeier Hansson2016-01-2727-385/+106
|/ / / / / / / / /
* | | | | | | | | Merge pull request #23275 from aditya-kapoor/remove-dupsप्रथमेश Sonpatki2016-01-271-4/+0
|\ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / |/| | | | | | | | remove duplication section [ci skip]
| * | | | | | | | remove duplication section [ci skip]Aditya Kapoor2016-01-271-4/+0
| | |/ / / / / / | |/| | | | | |
* | | | | | | | doc typoAkira Matsuda2016-01-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | | | INSERT INTO schema_migrations in 1 SQLAkira Matsuda & Naoto Koshikawa2016-01-272-10/+13
|/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We found that inserting all 600 schema_migrations for our mid-sized app takes about a minute on a cloud based CI environment. I assume that the original code did not use multi-row-insert because SQLite3 was not supporting the syntax back then, but it's been supported since 3.7.11: http://www.sqlite.org/releaselog/3_7_11.html
* | | | | | | add a skip for failing testAaron Patterson2016-01-261-1/+2
| | | | | | |
* | | | | | | fix permitted? conditional for `render` callsAaron Patterson2016-01-262-3/+17
| | | | | | |
* | | | | | | Merge pull request #23242 from maclover7/fix-error-secAaron Patterson2016-01-262-9/+6
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Fix undefined error for `ActionController::Parameters`
| * | | | | | | Fix sanitizer testsJon Moss2016-01-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These tests were failing due to backwards incompatible changes, as apart of the v1.0.3 release of rails-html-sanitizer.
| * | | | | | | Fix undefined error for `ActionController::Parameters`Jon Moss2016-01-261-6/+3
| | |_|/ / / / | |/| | | | |
* | | | | | | clear view path cache between testsAaron Patterson2016-01-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cache for `render file:` seems to also be used in the case of `render(string)`. If one is supposed to be a hit and the other is supposed to be a miss, and they both reference the same file, then the cache could return incorrect values. This commit clears the cache between runs so that we get non-cached behavior.
* | | | | | | Merge pull request #23256 from pauloancheta/masterRafael França2016-01-261-1/+1
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | documentation fix
| * | | | | | | reflect mapping to match initializePaulo Ancheta2016-01-251-1/+1
| | | | | | | |
* | | | | | | | Merge pull request #23228 from claudiob/no-emClaudio B2016-01-253-7/+6
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | [ci skip] Don’t explicitly mention EventMachine
| * | | | | | | | [ci skip] Don’t explicitly mention EventMachineclaudiob2016-01-253-7/+6
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since #23152 eliminated the EventMachine dependency, we don’t need to explicitly mention EventMachine. Nevertheless, I'm not 100% sure about saying "the websocket-driver loop" driver… any suggestions, @matthewd or @pixeltrix ? :sweat_smile: [ci skip]
* | | | | | | | Merge pull request #23251 from kamipo/update_gemfile_lockSean Griffin2016-01-251-32/+32
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | Update `Gemfile.lock`
| * | | | | | | Update `Gemfile.lock`Ryuta Kamizono2016-01-261-32/+32
|/ / / / / / /
* | | | | | | Merge branch '5-0-beta-sec'Aaron Patterson2016-01-2532-41/+168
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * | | | | | | bumping versionAaron Patterson2016-01-2511-11/+11
| | | | | | | |
| * | | | | | | fix version update task to deal with .beta1.1Aaron Patterson2016-01-251-1/+1
| | | | | | | |
| * | | | | | | Eliminate instance level writers for class accessorsAaron Patterson2016-01-226-8/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
| * | | | | | | allow :file to be outside rails root, but anything else must be inside the ↵Aaron Patterson2016-01-229-16/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rails view directory CVE-2016-0752
| * | | | | | | Don't short-circuit reject_if procAndrew White2016-01-222-2/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
| * | | | | | | stop caching mime types globallyAaron Patterson2016-01-221-2/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
| * | | | | | | use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-222-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
* | | | | | | | Merge pull request #23226 from vipulnsward/20808-fixJon Moss2016-01-254-1/+5
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix nodoc to internal class error document some of them
| * | | | | | | | Fix nodoc to internal class error document some of themVipul A M2016-01-254-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip] Fixes #20808 [Vipul A M & Julio Lopez]
* | | | | | | | | Merge pull request #23161 from schneems/schneems/fix-mysql-internalmetadataRichard Schneeman2016-01-252-9/+36
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | [close #23009] Limit key length
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 19:01:16 +0000