aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Preparing for 4.1.0.beta2 releaseRafael Mendonça França2014-02-1811-9/+17
|
* Correctly escape PostgreSQL arrays.Aaron Patterson2014-02-182-1/+13
| | | | | | Thanks Godfrey Chan for reporting this! Fixes: CVE-2014-0080
* Escape format, negative_format and units options of number helpersRafael Mendonça França2014-02-182-5/+53
| | | | | | | Previously the values of these options were trusted leading to potential XSS vulnerabilities. Fixes: CVE-2014-0081
* Its beta1 all aroundDavid Heinemeier Hansson2013-12-172-2/+2
|
* Fix dependency orderDavid Heinemeier Hansson2013-12-171-1/+1
|
* Get ready to release 4.1.0.beta1David Heinemeier Hansson2013-12-177-7/+7
|
* Remove the navigator for now. Its ugly and it promises more than it can ↵David Heinemeier Hansson2013-12-171-6/+1
| | | | deliver. These other views (properties, routes) are not designed to be loaded in isolation
* Clearly limit new CSRF protection to GET requestsJeremy Kemper2013-12-172-2/+17
|
* Mention new CSRF protection gotcha in upgrade guideJeremy Kemper2013-12-171-1/+26
|
* Discuss Action Pack's new CSRF protection from remote script tags and what ↵Jeremy Kemper2013-12-171-132/+146
| | | | it means for your app. In short, update your tests if they don't already use the 'xhr :post' style.
* Fix integration test to pass same-origin verificationJeremy Kemper2013-12-171-1/+1
|
* Merge pull request #13345 from jeremy/get-csrfJeremy Kemper2013-12-176-28/+143
|\ | | | | CSRF protection from cross-origin <script> tags
| * CSRF protection from cross-origin <script> tagsJeremy Kemper2013-12-176-28/+143
| | | | | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking
* | Merge pull request #13314 from laurocaetano/blacklist_array_methodsJeremy Kemper2013-12-174-30/+59
|\ \ | | | | | | | | | | | | | | | | | | Create a blacklist to disallow mutator methods to be delegated to Array Conflicts: guides/source/upgrading_ruby_on_rails.md
| * | Create a blacklist to disallow mutator methods to be delegated to `Array`.Lauro Caetano2013-12-174-30/+59
| | | | | | | | | | | | | | | | | | | | | | | | This change was necessary because the whitelist wouldn't work. It would be painful for users trying to update their applications. This blacklist intent to prevent odd bugs and confusion in code that call mutator methods directely on the `Relation`.
* | | Add changelog entries about secrets.yml and secrets.secret_key_baseGuillermo Iguaran2013-12-171-0/+29
| | |
* | | Merge pull request #13346 from chancancode/release_notes_etcYves Senn2013-12-174-47/+147
|\ \ \ | | | | | | | | Release notes fixes [ci skip]
| * | | Some assorted fixes for the 4.1 release notes:Godfrey Chan2013-12-174-47/+147
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added release notes for secrets.yml and mentioned it in the highlights * Added release notes for Mailer previews and mentioned it in the highlights * Added release notes for Module#concerning * Removed mention for AV extraction from the highlights * Rearranged the major features to put highlighted features first * Various improvements and typo fixes [ci skip]
* | | Merge pull request #13341 from carlosantoniodasilva/ca-i18nCarlos Antonio da Silva2013-12-1710-14/+94
|\ \ \ | |/ / |/| | | | | | | | | | | | | | Default I18n.enforce_available_locales to true We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option. Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.
| * | Require I18n >= 0.6.9Carlos Antonio da Silva2013-12-171-1/+1
| | | | | | | | | | | | | | | | | | The option enforce_available_locales is only available on latest versions, so require the last available one which has the option + other related fixes and should not have backward compatibility issues.
| * | Add changelog and upgrading notice related to I18n enforce_available_locales ↵Carlos Antonio da Silva2013-12-172-5/+30
| | | | | | | | | | | | handling
| * | Disable available locales checks to avoid warnings running the testsCarlos Antonio da Silva2013-12-175-0/+15
| | |
| * | Default I18n.enforce_available_locales to trueCarlos Antonio da Silva2013-12-172-8/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option. Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.
* | | concern doesn't include the module automaticallyRafael Mendonça França2013-12-171-1/+0
| | | | | | | | | | | | [ci skip]
* | | Merge pull request #13343 from akshay-vishnoi/test-casesRafael Mendonça França2013-12-171-0/+4
|\ \ \ | | | | | | | | test case for #limit added - picking latest value from limit
| * | | test case for #limit added - picking latest value from limitAkshay Vishnoi2013-12-171-0/+4
| | | |
* | | | release notes link to fixed versions of the API. [ci skip]Yves Senn2013-12-172-2/+2
| |/ / |/| | | | | | | | | | | | | | | | | As discussed with @fxn the release notes are a snapshot document. The links going out to the API should represent that exact snapshot. This means we always link to the full final release. For example the 3.2 release notes link to http://api.rubyonrails.org/v3.2.0.
* | | Fix indent on AS changelog [ci skip]Carlos Antonio da Silva2013-12-171-18/+18
| | |
* | | minor doc reword. Upgrade Rails itself not to Rails. [ci skip]Yves Senn2013-12-171-3/+3
| |/ |/| | | | | /cc @chancancode
* | Merge pull request #13347 from jeremy/concerningJeremy Kemper2013-12-174-0/+219
|\ \ | | | | | | Introduce Module#concerning
| * | Introduce Module#concerningJeremy Kemper2013-12-174-0/+219
|/ / | | | | | | | | | | A natural, low-ceremony way to separate responsibilities within a class. Imported from https://github.com/37signals/concerning#readme
* | MySQL: remove the old-school 'packets out of order' messageJeremy Kemper2013-12-171-6/+0
| | | | | | | | Blast from the past, MySQL 4 era, when the password hashing style changed.
* | use `bin/spring` in release notes. [ci skip]Yves Senn2013-12-171-1/+1
| | | | | | | | | | | | | | Follow up to: https://github.com/rails/rails/commit/828a8f214535e59d709fd4862605902d1cc21632#commitcomment-4879462 This will be available after https://github.com/jonleighton/spring/commit/c6e25804b3338959d87a29f40967a333c650c031 is released.
* | Merge pull request #13332 from rails/pixeltrix/mail_viewGuillermo Iguaran2013-12-1621-26/+765
|\ \ | | | | | | WIP: Integration of mail_view gem
| * | Add mailer previews feature based on mail_view gemAndrew White2013-12-1717-6/+736
| | |
| * | Add an application controller for internal controllersAndrew White2013-12-173-18/+23
| | |
| * | Fix method redefinition warningAndrew White2013-12-171-2/+6
|/ /
* | Merge pull request #12873 from martinemde/fix-where-assoc-nilCarlos Antonio da Silva2013-12-163-3/+104
|\ \ | |/ |/| Better support for AR:B.where(belongs_to_assoc: val) which previously generated invalid SQL
| * Better support for `where()` conditions that use an association name.Martin Emde2013-12-163-3/+104
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using the name of an association in `where` previously worked only if the value was a single `ActiveRecrd::Base` object. e.g. Post.where(author: Author.first) Any other values, including `nil`, would cause invalid SQL to be generated. This change supports arguments in the `where` query conditions where the key is a `belongs_to` association name and the value is `nil`, an `Array` of `ActiveRecord::Base` objects, or an `ActiveRecord::Relation` object. # Given the Post model class Post < ActiveRecord::Base belongs_to :author end # nil value finds records where the association is not set Post.where(author: nil) # SELECT "posts".* FROM "posts" WHERE "posts"."author_id" IS NULL # Array values find records where the association foreign key # matches the ids of the passed ActiveRecord models, resulting # in the same query as Post.where(author_id: [1,2]) authors_array = [Author.find(1), Author.find(2)] Post.where(author: authors_array) # ActiveRecord::Relation values find records using the same # query as Post.where(author_id: Author.where(last_name: "Emde")) Post.where(author: Author.where(last_name: "Emde")) Polymorphic `belongs_to` associations will continue to be handled appropriately, with the polymorphic `association_type` field added to the query to match the base class of the value. This feature previously only worked when the value was a single `ActveRecord::Base`. class Post < ActiveRecord::Base belongs_to :author, polymorphic: true end Post.where(author: Author.where(last_name: "Emde")) # Generates a query similar to: Post.where(author_id: Author.where(last_name: "Emde"), author_type: "Author")
* Remove the link for code.whytheluckystiff.netRafael Mendonça França2013-12-161-1/+1
| | | | | This is not a valid URL. [ci skip]
* Merge pull request #13338 from shreve/patch-1Rafael Mendonça França2013-12-161-1/+1
|\ | | | | Fix url leak in application templates guide
| * Fix url leak in application templates guideJacob Evan Shreve2013-12-161-1/+1
|/ | | Encapsulate url that was including the trailing quote and colon.
* Merge pull request #13321 from mezis/fix-safebuffer-interpolation-masterJeremy Kemper2013-12-162-7/+37
|\ | | | | Fixes interpolation on SafeBuffer
| * Fixes interpolation on SafeBufferJulien Letessier2013-12-142-7/+37
| | | | | | | | | | | | | | | | | | Interpolation was untested and did not work with hash arguments. Adds - support for interpolation with hash argument - tests for the above - tests for safe/unsafe interpolation
* | Fix missing closing rdoc tag [ci skip]Carlos Antonio da Silva2013-12-161-1/+1
| |
* | Merge pull request #13328 from teohm/dbconsole_support_database_urlYves Senn2013-12-163-35/+76
|\ \ | | | | | | Fixed rails dbconsole to support DATABASE_URL
| * | fixed rails dbconsole to support ENV['DATABASE_URL'].Huiming Teo2013-12-163-35/+76
| | |
* | | Merge pull request #13333 from kia84/masterYves Senn2013-12-151-0/+1
|\ \ \ | | | | | | | | Added `absence` parameter to pluralization table [ci skip]
| * | | Added `absence` parameter to pluralization tableIvan2013-12-161-0/+1
|/ / / | | | | | | Added `absence` parameter to table in section `5.1.2 Error Message Interpolation`.
* | | Merge pull request #13307 from akshay-vishnoi/typoRafael Mendonça França2013-12-154-6/+6
|\ \ \ | | | | | | | | Spelling and Grammar check [ci skip]
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-23 02:46:01 +0000