aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Fix failing railties testsCarlos Antonio da Silva2014-08-191-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | A combination of two commits led into these failures: * The addition of a new active_record config in 24bb8347b6ff0da90059314d9aece7a2c94a272c * The revert of the config to use config.x as options holder in 43073b393d234acd094ac7c220163f4e419d11f5 These tests remove activerecord from the load path, however the configuration is still in the application file, and they blow up.
* | Fix blank link on config/application.rb app template [ci skip]Carlos Antonio da Silva2014-08-191-1/+1
| |
* | Synced AR release notes [ci-skip]Godfrey Chan2014-08-191-0/+18
| |
* | Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-192-8/+71
|\ \ | | | | | | CSRF token mask from breach-mitigation-rails gem
| * | Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-192-8/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks.
* | | Synced Active Support release notes [ci skip]Godfrey Chan2014-08-191-0/+21
| | | | | | | | | | | | [Godfrey Chan, Genadi Samokovarov]
* | | Use the released turbolinks gemCarlos Antonio da Silva2014-08-191-3/+1
| | |
* | | Fix setting simple values to the new config.xCarlos Antonio da Silva2014-08-194-13/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously setting simple values to the config.x object resulted in the following: config.x.super_debugger = true config.x.super_debugger #=> {} Which was against the examples showed in the changelog/release notes.
* | | Point to right sass-rails versionRafael Mendonça França2014-08-191-1/+1
| | |
* | | Synced Active Model changelogs [ci skip]Godfrey Chan2014-08-191-4/+16
| | | | | | | | | | | | Godfrey Chan, Genadi Samokovarov
* | | Use web-console 2.0.0.beta2 on new appsGuillermo Iguaran2014-08-191-1/+1
| | |
* | | Require sprockets-rails 3.0.0.beta1Rafael Mendonça França2014-08-192-2/+1
| | |
* | | Revert "Improve custom configuration"Rafael Mendonça França2014-08-198-145/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit de4891344ccc074f6d5693f4fac6ad610584e336. Conflicts: railties/lib/rails/railtie/configuration.rb It added regression. Will be back after the beta
* | | Require rack/utilsRafael Mendonça França2014-08-191-0/+2
| | |
* | | Merge pull request #16561 from gsamokovarov/mention-web-console-in-changelogGuillermo Iguaran2014-08-192-0/+10
|\ \ \ | | | | | | | | Mention web-console in 4.2 release notes
| * | | Mention web-console in 4.2 release notesGenadi Samokovarov2014-08-202-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mention the web-console inclusion in the default Gemfile in the Release notes and the railties changelog. We can eventually mention it in the upgrade guide, if needed. [ci skip]
* | | | Merge pull request #16475 from tomkadwill/has_many_scope_documentationZachary Scott2014-08-191-0/+11
|\ \ \ \ | | | | | | | | | | [ci skip] Added documentation for belongs_to scope parameter
| * | | | [ci skip] Added documentation for belongs_to scope parameterTom Kadwill2014-08-191-0/+11
| | | | |
* | | | | We always get the value so no need to check nil or HashRafael Mendonça França2014-08-191-6/+2
| | | | |
* | | | | Move date and time requires to time_travel_test, also includeZachary Scott2014-08-192-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'abstract_unit'. cc #16564
* | | | | Add TODO note about the gems missing releaseRafael Mendonça França2014-08-191-1/+3
| | | | |
* | | | | Remove git dependeciesRafael Mendonça França2014-08-191-2/+0
| | | | |
* | | | | Use released rails-html-sanitizerRafael Mendonça França2014-08-192-2/+2
| | | | |
* | | | | Use released rails-deprecated_sanitizerRafael Mendonça França2014-08-193-3/+2
| | | | |
* | | | | Bump ActiveJob's GlobalID dep to 0.2.3+ to fix Railties testsJeremy Kemper2014-08-191-1/+1
| | | | |
* | | | | Merge pull request #16564 from zzak/move_time_travel_testJeremy Kemper2014-08-192-69/+68
|\ \ \ \ \ | | | | | | | | | | | | Move TimeHelperTest to TimeTravelTest from `as/test_test.rb`
| * | | | | Move TimeHelperTest to TimeTravelTest from `as/test_test.rb`Zachary Scott2014-08-192-69/+68
| | | | | |
* | | | | | Fix the rails-dom-testing dependecyRafael Mendonça França2014-08-193-1/+3
| | | | | |
* | | | | | Merge pull request #16563 from arthurnn/add_ar_raise_trans_optionRafael Mendonça França2014-08-191-0/+5
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add default .raise_in_transactional_callbacks option to template
| * | | | | | Add default .raise_in_transactional_callbacks option to templateArthur Neves2014-08-191-0/+5
| | | | | | |
* | | | | | | loofah require dependecy is not needed anymoreRafael Mendonça França2014-08-192-4/+0
| | | | | | |
* | | | | | | Merge pull request #16349 from jmcnevin/masterRafael Mendonça França2014-08-192-9/+23
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Correctly determine if migration is needed.
| * | | | | | | Correctly determine if migration is needed.Jeremy McNevin2014-08-132-9/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This method would assume that if last migration in the migrations directory matched the current schema version, that the database was up to date, but this does not account for new migrations with older timestamps that may be pending.
* | | | | | | | Merge pull request #16536 from rails/improve-custom-configurationRafael Mendonça França2014-08-198-46/+149
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Improve custom configuration
| * | | | | | | | Improve custom configurationRafael Mendonça França2014-08-198-46/+149
| | |_|_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Hashes can be assigned 2. We don't need a special level anymore The method chain only works in the top level. If users need a second level they need to assign a OrderedOptions to the key: config.resque.server = ActiveSupport::OrderedOptions.new config.resque.server.url = "http://localhost" config.resque.server.port = 3000 [Rafael Mendonça França + Carlos Antonio da Silva]
* | | | | | | | Protect against error when parsing parameters with Bad RequestRafael Mendonça França2014-08-193-2/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related with #11795.
* | | | | | | | Merge pull request #16299 from sikachu/ps-safer-ac-paramsJeremy Kemper2014-08-195-39/+382
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | Update `ActionController::Parameters` to be more secure on parameters handling
| * | | | | | | User `#to_hash` instead of calling `super`Prem Sichanugrist2014-08-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ruby 1.9.3 does not implement Hash#to_h, so we can't call `super` on it.
| * | | | | | | Fix failing test on several methods on ParameterPrem Sichanugrist2014-08-183-3/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * `each` * `each_pair` * `delete` * `select!`
| * | | | | | | Seperate Parameters accessors and mutators testsPrem Sichanugrist2014-08-183-57/+215
| | | | | | | |
| * | | | | | | Refactor code to reduce duplicate `self.class.new`Prem Sichanugrist2014-08-181-12/+10
| | | | | | | |
| * | | | | | | Add missing `Hash` methods to `AC::Parameters`Prem Sichanugrist2014-08-182-0/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to make sure that `permitted` status is maintained on the resulting object. I found these methods that needs to be redefined by looking for `self.class.new` in the code. * extract! * transform_keys * transform_values
| * | | | | | | Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-183-0/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* | | | | | | | Merge pull request #16562 from arthurnn/missing_string_requireRafael Mendonça França2014-08-191-0/+1
|\ \ \ \ \ \ \ \ | |_|_|_|/ / / / |/| | | | | | | Add missing AS require
| * | | | | | | Add missing AS requireArthur Neves2014-08-191-0/+1
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | `strip_heredoc` method is defined on active_support/core_ext/string
* | | | | | | Merge branch 'master' of github.com:rails/docrailsVijay Dev2014-08-1914-33/+62
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/lib/action_controller/metal/mime_responds.rb actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb activerecord/lib/active_record/type/value.rb
| * | | | | | [ci skip] Update links in getting_started guide.Juanito Fatas2014-08-161-5/+5
| | | | | | |
| * | | | | | `overriden` => `overridden`Vipul A M2014-08-131-1/+1
| | | | | | |
| * | | | | | Uppercase HTML in docs.Hendy Tanata2014-08-0814-37/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [skip ci]
| * | | | | | [ci skip] Document ActionDispatch::Staticschneems2014-08-051-0/+9
| | | | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-23 09:03:25 +0000