| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since 06ab7b27ea1c1ab357085439abacdb464f6742bf,
`GCSServiceTest#test_signed_URL_response_headers` is broken.
https://travis-ci.org/rails/rails/jobs/460454477#L7084-L7087
This seems to be due to lack of `content_type` at upload.
This is solved by specifying `conten_type`.
However, since the same content is also tested with `test_upload_with_content_type`,
it will be duplicated content, so I think that can remove `test_signed_URL_response_headers`.
|
| |\
| |
| | |
Fix minor Active Storage docs typo [ci skip]
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Force content-type to binary on service urls for relevant content types
We have a list of content types that must be forcibly served as binary,
but in practice this only means to serve them as attachment always. We
should also set the Content-Type to the configured binary type.
As a bonus: add text/cache-manifest to the list of content types to be
served as binary by default.
* Store content-disposition and content-type in GCS
Forcing these in the service_url when serving the file works fine for S3
and Azure, since these services include params in the signature.
However, GCS specifically excludes response-content-disposition and
response-content-type from the signature, which means an attacker can
modify these and have files that should be served as text/plain attachments
served as inline HTML for example. This makes our attempt to force
specific files to be served as binary and as attachment can be easily
bypassed.
The only way this can be forced in GCS is by storing
content-disposition and content-type in the object metadata.
* Update GCS object metadata after identifying blob
In some cases we create the blob and upload the data before identifying
the content-type, which means we can't store that in GCS right when
uploading. In these, after creating the attachment, we enqueue a job to
identify the blob, and set the content-type.
In other cases, files are uploaded to the storage service via direct
upload link. We create the blob before the direct upload, which happens
independently from the blob creation itself. We then mark the blob as
identified, but we have already the content-type we need without having
put it in the service.
In these two cases, then, we need to update the metadata in the GCS
service.
* Include content-type and disposition in the verified key for disk service
This prevents an attacker from modifying these params in the service
signed URL, which is particularly important when we want to force them
to have specific values for security reasons.
* Allow only a list of specific content types to be served inline
This is different from the content types that must be served as binary
in the sense that any content type not in this list will be always
served as attachment but with its original content type. Only types in
this list are allowed to be served either inline or as attachment.
Apart from forcing this in the service URL, for GCS we need to store the
disposition in the metadata.
Fix CVE-2018-16477.
|
| |
|
|
|
|
|
| |
Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.
Fix CVE-2018-16476.
|
| |\
| |
| | |
Additional types of ResultSet should not contain keys of #attributes_to_define_after_schema_loads
|
| | | |
|
| | |
| |
| |
| | |
Follow up ba4e68f577efc76f351d30a2914e29942b97830e.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
This reverts commit f2ab8b64d4d46d7199f94c3e21021f414a4d259a, reversing
changes made to b9c7305dbe57931a153a540d49ae5d469af61a14.
Reason: `scope.take` is not the same with `scope.to_a.first`.
|
| |\ \
| |/
|/| |
Reuse code in AR::Association#find_target
|
| | |
| |
| |
| |
| |
| |
| | |
Before this patch, singular and collection associations
had different implementations of the #find_target method.
This patch reuses the code properly through extending the low level
methods.
|
| |\ \
| | |
| | | |
Make it possible to override the implicit order column
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When calling ordered finder methods such as +first+ or +last+ without an
explicit order clause, ActiveRecord sorts records by primary key. This
can result in unpredictable and surprising behaviour when the primary
key is not an auto-incrementing integer, for example when it's a UUID.
This change makes it possible to override the column used for implicit
ordering such that +first+ and +last+ will return more predictable
results. For Example:
class Project < ActiveRecord::Base
self.implicit_order_column = "created_at"
end
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit d52f74480ae46cd3de7ce697093136b01c7a2172.
Since 24adc20, the `Helpers` constant in the `ActiveRecord` namespace is
not referenced anymore.
|
| |/ /
| |
| |
| | |
It should be referenced by full qualified name from Active Record.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Karma and Rollup (#34440)
* Rename .coffee files in ActionCable test suite in prep for decaffeination
* Decaffeinate ActionCable tests
* Replace Blade with Karma and Rollup to run ActionCable JS tests
- Add karma and qunit devDependencies
- Add test script to ActionCable package
- Use rollup to bundle ActionCable tests
- Use karma as the ActionCable JS test runner
* Replace vendored mock-socket with package devDependency in ActionCable
* Move ActionCable yarn install to TravisCI before_install config
* Clean up decaffeinated ActionCable tests to use consistent formatting
|
| | |
| |
| |
| |
| | |
We are dealing with the rack env so it is better to specify it in the
tests.
|
| | |
| |
| |
| | |
Closes #34530.
|
| |\ \
| | |
| | | |
Bump the minimum version of PostgreSQL to 9.3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
https://www.postgresql.org/support/versioning/
- 9.1 EOLed on September 2016.
- 9.2 EOLed on September 2017.
9.3 is also not supported since Nov 8, 2018. https://www.postgresql.org/about/news/1905/
I think it may be a little bit early to drop PostgreSQL 9.3 yet.
* Deprecated `supports_ranges?` since no other databases support range data type
* Add `supports_materialized_views?` to abstract adapter
Materialized views itself is supported by other databases, other connection adapters may support them
* Remove `with_manual_interventions`
It was only necessary for PostgreSQL 9.1 or earlier
* Drop CI against PostgreSQL 9.2
|
| |\ \ \
| |_|/
|/| | |
Test when using MySQL `exec_query` returns `ActiveRecord::Result` all…
|
| | |/
| |
| |
| |
| | |
When running `exec_query` with `INSERT` (or other write commands), MySQL
returns `ActiveRecord::Result`.
|
| |\ \
| | |
| | | |
Use cache_key_with_version instead of cache_key for the example in Low-Level Caching [ci skip]
|
| |/ /
| |
| |
| | |
Caching [ci skip]
|
| | |
| |
| |
| | |
https://travis-ci.org/rails/rails/jobs/459534536#L1280
|
| |\ \
| | |
| | |
| | |
| | | |
yahonda/sqlite3_returns_primary_key_in_expected_order
SQLite 3.7.16+ returns the order of the primary key columns
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
https://www.sqlite.org/releaselog/3_7_16.html
> 9 Enhance the PRAGMA table_info command so that the "pk" column is an increasing integer to show the order of columns in the primary key.
Rails 6 supports SQLite 3.8 then we can remove this skip condition.
|
| |\ \
| |/
|/| |
Updating the Testing Guide to Reflect Emails Enqueued With ActiveJob
|
| |/ |
|
| | |
|
| |\
| |
| | |
Remove unnecessary reduce in Duration#inspect
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
When the `Duration` class was introduced in 276c9f29, the `parts` were
represented as an array of arrays
(for example `[[:seconds, 5], [:days, 3], [:seconds, 7]]`).
At that time the `reduce` in `#inspect` made sense,
since we would need to get the totals for each part
(the example would become `{ seconds: 12, days: 3 }`).
With the current version of `Duration` we call `to_h` on the `parts`
immediately on initialize, so now the `reduce` doesn't seem to be doing
anything meaningful.
|
| |\
| |
| | |
Pluralized enum raises error when attempting to modify
|
| | | |
|
| |\ \
| |/
|/| |
rubyonrails.org has been ready for https
|
| |/ |
|
| |\
| |
| | |
Allow using queue prefix with a default queue name
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #34366
Currently setting queue_name_prefix will not combine a prefix with the
default_queue_name; it will only affect queue names set with `queue_as`.
With this PR the prefix will affect the default_queue_name as well.
Closes #19831
Currently setting default_queue_name doesn't actually affect the
queue_name default (although default_queue_name does get used if you
pass a falsey `part_name` to `queue_as`). This PR would get
default_queue_name working as expected as well.
Because the queue_name default is now a lambda wrapping the
default_queue_name, rather than the default_queue_name itself, I had to
update one test to use the instance method `#queue_name` (which
`instance_exec`s the value) instead of the class method. I think this
change is OK, since only the instance method is documented.
There was a question about whether we want a `default_queue_name`
configuration. If we want to get rid of it, I would also be happy to
open a PR for that instead. It has been around for a while now, but it
also hasn't really worked for a while now.
r? @matthewd
since you had an opinion about this before
|
| |\ \
| | |
| | | |
Deliver parameterized mail with DeliveryJob
|
| | | |
| | |
| | |
| | |
| | | |
Deliver parameterized mail with `ActionMailer::DeliveryJob`
and remove `ActionMailer::Parameterized::DeliveryJob`.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
minimalweb/progressive_jpeg_inclusion_as_variable_content_type
Add progressive JPG MIME-type to default variable content types
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Redact SQL in errors
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Move `ActiveRecord::StatementInvalid` SQL to error property.
Also add bindings as an error property.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Keep executions for each specific declaration
Fixes #34337
ActiveJob used the global executions counter to control the number of
times a job should be retried. The problem with this approach was that
in case a job raised different exceptions during its executions they
weren't retried the number of times defined by their `attemps` number.
**Example:**
Having the following job:
```ruby
class BuggyJob < ActiveJob::Base
retry_on CustomException, attemps: 3
retry_on OtherException, attempts: 3
end
```
If the job raised `CustomException` in the first two executions and then
it raised `OtherException`, the job wasn't retried anymore because the
global executions counter was already indicating 3 attempts.
With this patch each `retry_on` declaration has its specific counter so
that the first two executions that raise `CustomException` don't affect
the retries count that future exceptions may have.
* Revert "clarifies documentation around the attempts arugment to retry_on"
This reverts commit 86aa8f8c5631f77ed9a208e5107003c01512133e.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Use direction instead of rtl flag
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Improve readability by using `direction` as CSS does.
More info: https://developer.mozilla.org/en-US/docs/Web/CSS/direction
Continues: #34486
[Alberto Almagro + Ufuk Kayserilioglu]
|
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Add ? for Whats Rails
|
| |/ / / / / |
|
