aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Fix the scoping with query methods in the scope blockRyuta Kamizono2018-11-303-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follow up #33394. #33394 only fixes the case of scoping with klass methods in the scope block which invokes `klass.all`. Query methods in the scope block also need to invoke `klass.all` to be affected by the scoping.
* | | | Use the full link URL instead of bit.ly [ci skip]Ryuta Kamizono2018-11-301-1/+2
| | | |
* | | | Don't expose internal `clock_gettime_supported?` class methodRyuta Kamizono2018-11-301-1/+2
| | | |
* | | | Merge pull request #34569 from gmcgibbon/allow_attribute_aliases_in_updateRafael França2018-11-293-3/+17
|\ \ \ \ | | | | | | | | | | Allow aliased attributes in update
| * | | | Allow aliased attributes in updateGannon McGibbon2018-11-293-3/+17
| | | | | | | | | | | | | | | | | | | | Allow aliased attributes to be used in `#update_columns` and `#update`.
* | | | | Merge pull request #34553 from mjtko/fix/issue-14802Rafael França2018-11-294-3/+30
|\ \ \ \ \ | |/ / / / |/| | | | Do nothing when the same block is included again
| * | | | Do nothing when the same block is included again.Mark J. Titorenko2018-11-294-3/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the same block is included multiple times, we no longer raise an exception or overwrite the included block instance variable. Fixes #14802. [Mark J. Titorenko + Vlad Bokov]
* | | | | Merge pull request #34564 from toncid/patch-2Arun Agrawal2018-11-291-0/+1
|\ \ \ \ \ | | | | | | | | | | | | Add a Delayed Job project link.
| * | | | | [ci skip] Add a Delayed Job project link.Tonči Damjanić2018-11-291-0/+1
|/ / / / / | | | | | | | | | | Delayed Job is mentioned multiple times in the document, but it is not linked from anywhere.
* | | | | Merge pull request #34562 from ruralocity/active-record-query-docs-improvementRafael França2018-11-281-7/+9
|\ \ \ \ \ | | | | | | | | | | | | Improve ActiveRecord::Querying documentation [ci skip]
| * | | | | Improve ActiveRecord::Querying documentation [ci skip]Aaron Sumner2018-11-281-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Break up long sentences * Reword some sentences to clarify subject, predicate, and object * Explain drawbacks of using count_by_sql
* | | | | | Merge pull request #34554 from sj26/group-exception-logsRafael França2018-11-281-5/+8
|\ \ \ \ \ \ | | | | | | | | | | | | | | Log exceptions atomically
| * | | | | | Avoid extra array allocationsSamuel Cochran2018-11-291-2/+2
| | | | | | |
| * | | | | | Log exceptions atomicallySamuel Cochran2018-11-281-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When distributed over multiple logger calls the lines can become intermixed with other log statements. Combining them into a single logger call makes sure they always get logged together.
* | | | | | | Merge pull request #34561 from gmcgibbon/allow_spaces_in_table_namesRafael França2018-11-283-1/+12
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Allow spaces in postgres table names
| * | | | | | Allow spaces in postgres table namesGannon McGibbon2018-11-283-1/+12
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | Fixes issue where "user post" is misinterpreted as "\"user\".\"post\"" when quoting table names with the postgres adapter.
* | | | | | Merge pull request #34534 from gmcgibbon/ar_query_scope_body_docRafael França2018-11-281-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Clarify scope body requirements
| * | | | | | Clarify scope body requirementsGannon McGibbon2018-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [ci skip]
* | | | | | | Add autoload hook for AbstractController::ActionNotFoundRafael Mendonça França2018-11-281-0/+1
| |/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The error can be reproduced with require "bundler/setup" require "action_controller" AbstractController::ActionNotFound
* | | | | | Merge pull request #34557 from sergioisidoro/sergio-patch-load-errorRafael França2018-11-281-2/+2
|\ \ \ \ \ \ | | | | | | | | | | | | | | Patch load error in case GemSpecError
| * | | | | | Patch load error in case GemSpecErrorsergioisidoro2018-11-281-2/+2
| | | | | | |
* | | | | | | Merge pull request #34550 from mogulla3/fix-argument-error-when-uploding-to-s3Eileen M. Uchitelle2018-11-282-1/+5
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Fix `ArgumentError` when uploading to amazon s3
| * | | | | | Fix `ArgumentError` when uploading to amazon s3Hiroki Sanpei2018-11-282-1/+5
|/ / / / / /
* | | | | | Use `Testing::Parallelization` in Action Packs's testyuuji.yaginuma2018-11-281-77/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Parallel execution of `ForkingExecutor` is the same approach as `Testing::Parallelization`. So do not need to have own code inside Action Pack. Let's use an already existing feature.
* | | | | | Pass the test reporter by referenceyuuji.yaginuma2018-11-281-0/+1
| |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This prevents the array from being dumped as a DRbObject so we can reduce communication with the server. In DRb, if `Marshal.dump` fails, `Marshal.dump` is executed again after converting the object to `DRbObject`. This also possible to reduce the execution of `Marshal.dump` by converting to a format that can be marshalized in advance using `DRbObject`. This is the same approach to Action Pack's parallel test. Ref: 5751b7ea58d7cf259dda30fb42fff51fc6ae93d5
* | | | | Fix "warning: ambiguous first argument; put parentheses or a space even ↵yuuji.yaginuma2018-11-281-3/+3
| | | | | | | | | | | | | | | | | | | | after `/' operator"
* | | | | Merge pull request #34546 from y-yagi/fix_ast_buildYuji Yaginuma2018-11-283-17/+3
|\ \ \ \ \ | | | | | | | | | | | | Fix broken ASt build
| * | | | | text is treated as `attachment`yuuji.yaginuma2018-11-281-2/+2
| | | | | |
| * | | | | Fix broken `ActiveStorage::BlobTest`yuuji.yaginuma2018-11-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | `ActiveStorage::Filename#parameters` was removed by #33829.
| * | | | | Remove duplicated testyuuji.yaginuma2018-11-281-14/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 06ab7b27ea1c1ab357085439abacdb464f6742bf, `GCSServiceTest#test_signed_URL_response_headers` is broken. https://travis-ci.org/rails/rails/jobs/460454477#L7084-L7087 This seems to be due to lack of `content_type` at upload. This is solved by specifying `conten_type`. However, since the same content is also tested with `test_upload_with_content_type`, it will be duplicated content, so I think that can remove `test_signed_URL_response_headers`.
* | | | | | Merge pull request #33835 from schneems/schneems/faster_cache_versionSean Griffin2018-11-272-4/+130
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Use raw time string from DB to generate ActiveRecord#cache_version
| * | | | | Prefer String#ljust over String#<< for paddinglsylvester2018-10-171-3/+2
| | | | | |
| * | | | | Do not silently fail to generate a cache_versionschneems2018-10-172-6/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an `updated_at` column exists on the model, but is not available on the instance (likely due to a select), we should raise an error rather than silently not generating a cache_version. Without this behavior it's likely that cache entries will not be able to be invalidated and this will happen without notice. This behavior was reported and described by @lsylvester in https://github.com/rails/rails/pull/34197#issuecomment-429668759.
| * | | | | Use raw time string from DB to generate ActiveRecord#cache_versionschneems2018-10-172-4/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the `updated_at` field is used to generate a `cache_version`. Some database adapters return this timestamp value as a string that must then be converted to a Time value. This process requires a lot of memory and even more CPU time. In the case where this value is only being used for a cache version, we can skip the Time conversion by using the string value directly. - This PR preserves existing cache format by converting a UTC string from the database to `:usec` format. - Some databases return an already converted Time object, in those instances, we can directly use `created_at`. - The `updated_at_before_type_cast` can be a value that comes from either the database or the user. We only want to optimize the case where it is from the database. - If the format of the cache version has been changed, we cannot apply this optimization, and it is skipped. - If the format of the time in the database is not UTC, then we cannot use this optimization, and it is skipped. Some databases (notably PostgreSQL) returns a variable length nanosecond value in the time string. If the value ends in a zero, then it is truncated For instance instead of `2018-10-12 05:00:00.000000` the value `2018-10-12 05:00:00` is returned. We detect this case and pad the remaining zeros to ensure consistent cache version generation. Before: Total allocated: 743842 bytes (6626 objects) After: Total allocated: 702955 bytes (6063 objects) (743842 - 702955) / 743842.0 # => 5.4% ⚡️⚡️⚡️⚡️⚡️ Using the CodeTriage application and derailed benchmarks this PR shows between 9-11% (statistically significant) performance improvement versus the commit before it. Special thanks to @lsylvester for helping to figure out a way to preserve the usec format and for helping with many implementation details.
* | | | | | Merge pull request #34544 from ahawrylak/fix-active-storage-docs-typoGannon McGibbon2018-11-271-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix minor Active Storage docs typo [ci skip]
| * | | | | | Fix minor Active Storage docs typo [ci skip]Adrian Hawrylak2018-11-281-1/+1
|/ / / / / /
* | | | | | Prevent content type and disposition bypass in storage service URLsRosa Gutierrez2018-11-2714-38/+172
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Force content-type to binary on service urls for relevant content types We have a list of content types that must be forcibly served as binary, but in practice this only means to serve them as attachment always. We should also set the Content-Type to the configured binary type. As a bonus: add text/cache-manifest to the list of content types to be served as binary by default. * Store content-disposition and content-type in GCS Forcing these in the service_url when serving the file works fine for S3 and Azure, since these services include params in the signature. However, GCS specifically excludes response-content-disposition and response-content-type from the signature, which means an attacker can modify these and have files that should be served as text/plain attachments served as inline HTML for example. This makes our attempt to force specific files to be served as binary and as attachment can be easily bypassed. The only way this can be forced in GCS is by storing content-disposition and content-type in the object metadata. * Update GCS object metadata after identifying blob In some cases we create the blob and upload the data before identifying the content-type, which means we can't store that in GCS right when uploading. In these, after creating the attachment, we enqueue a job to identify the blob, and set the content-type. In other cases, files are uploaded to the storage service via direct upload link. We create the blob before the direct upload, which happens independently from the blob creation itself. We then mark the blob as identified, but we have already the content-type we need without having put it in the service. In these two cases, then, we need to update the metadata in the GCS service. * Include content-type and disposition in the verified key for disk service This prevents an attacker from modifying these params in the service signed URL, which is particularly important when we want to force them to have specific values for security reasons. * Allow only a list of specific content types to be served inline This is different from the content types that must be served as binary in the sense that any content type not in this list will be always served as attachment but with its original content type. Only types in this list are allowed to be served either inline or as attachment. Apart from forcing this in the service URL, for GCS we need to store the disposition in the metadata. Fix CVE-2018-16477.
* | | | | | Do not deserialize GlobalID objects that were not generated by Active JobRafael Mendonça França2018-11-272-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Trusting any GlobaID object when deserializing jobs can allow attackers to access information that should not be accessible to them. Fix CVE-2018-16476.
* | | | | | Merge pull request #34528 from DmitryTsepelev/fix-ignored-attributesRafael França2018-11-275-1/+57
|\ \ \ \ \ \ | |_|_|_|/ / |/| | | | | Additional types of ResultSet should not contain keys of #attributes_to_define_after_schema_loads
| * | | | | Cached columns_hash fields should be excluded from ResultSet#column_typesDmitryTsepelev2018-11-275-1/+57
| | | | | |
* | | | | | More exercise singular association queryRyuta Kamizono2018-11-284-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | Follow up ba4e68f577efc76f351d30a2914e29942b97830e.
* | | | | | Ensure that singular association should execute limited queryRyuta Kamizono2018-11-282-5/+12
| | | | | |
* | | | | | Revert "Merge pull request #34538 from bogdan/reuse-find-target"Ryuta Kamizono2018-11-283-23/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit f2ab8b64d4d46d7199f94c3e21021f414a4d259a, reversing changes made to b9c7305dbe57931a153a540d49ae5d469af61a14. Reason: `scope.take` is not the same with `scope.to_a.first`.
* | | | | | Merge pull request #34538 from bogdan/reuse-find-targetEileen M. Uchitelle2018-11-273-29/+23
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Reuse code in AR::Association#find_target
| * | | | | Reuse code in AR::Association#find_targetBogdan Gusiev2018-11-273-29/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this patch, singular and collection associations had different implementations of the #find_target method. This patch reuses the code properly through extending the low level methods.
* | | | | | Merge pull request #34480 from tekin/configurable-implicit-ordering-columnEileen M. Uchitelle2018-11-274-2/+45
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make it possible to override the implicit order column
| * | | | | | Make implicit order column configurableTekin Suleyman2018-11-264-2/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When calling ordered finder methods such as +first+ or +last+ without an explicit order clause, ActiveRecord sorts records by primary key. This can result in unpredictable and surprising behaviour when the primary key is not an auto-incrementing integer, for example when it's a UUID. This change makes it possible to override the column used for implicit ordering such that +first+ and +last+ will return more predictable results. For Example: class Project < ActiveRecord::Base self.implicit_order_column = "created_at" end
* | | | | | | Revert "We still need the `Helpers` constant in the `ActiveRecord` namespace"Ryuta Kamizono2018-11-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d52f74480ae46cd3de7ce697093136b01c7a2172. Since 24adc20, the `Helpers` constant in the `ActiveRecord` namespace is not referenced anymore.
* | | | | | | `Mutable` helper is in `ActiveModel`Ryuta Kamizono2018-11-274-4/+4
|/ / / / / / | | | | | | | | | | | | | | | | | | It should be referenced by full qualified name from Active Record.
* | | | | | Convert ActionCable tests from CoffeeScript to ES2015 and replace Blade with ↵rmacklin2018-11-2623-4778/+2480
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Karma and Rollup (#34440) * Rename .coffee files in ActionCable test suite in prep for decaffeination * Decaffeinate ActionCable tests * Replace Blade with Karma and Rollup to run ActionCable JS tests - Add karma and qunit devDependencies - Add test script to ActionCable package - Use rollup to bundle ActionCable tests - Use karma as the ActionCable JS test runner * Replace vendored mock-socket with package devDependency in ActionCable * Move ActionCable yarn install to TravisCI before_install config * Clean up decaffeinated ActionCable tests to use consistent formatting