aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #26133 from smellsblue/dont-fail-on-non-stringRafael França2016-08-122-1/+9
|\ | | | | Ensure values are strings before calling gsub
| * Ensure values are strings before calling gsubMike Virata-Stone2016-08-122-1/+9
|/
* Merge pull request #26125 from qinix/fix-docJon Moss2016-08-111-3/+3
|\ | | | | [ci skip] Fix the wrong ActionCable documentation in the guide.
| * [ci skip] Fix documentation wrong for ActionCableEric Zhang2016-08-121-1/+1
| |
| * [ci skip] Fix documentation for ActionCable::Channel#broadcast_toEric Zhang2016-08-121-2/+2
| |
* | Merge pull request #26118 from alexcameron89/param-encoding-documentationJon Moss2016-08-111-0/+1
|\ \ | | | | | | [ci skip] Add documentation to Parameter Encoding
| * | [ci skip] Add documentation to Parameter EncodingAlex Kitchens2016-08-111-0/+1
| |/
* | Integration test to prevent regression for the 5th timeAaron Patterson2016-08-111-0/+47
| | | | | | | | | | | | | | | | Fix unsafe query generation risk. Redo of CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 CVE-2016-6317
* | Merge pull request #26124 from yahonda/diag26099Sean Griffin2016-08-111-4/+2
|\ \ | | | | | | Creating a new Topic class instead of class_eval for the existing one
| * | Creating a new Topic class instead of class_eval for the existing oneYasuo Honda2016-08-111-4/+2
| |/ | | | | | | | | | | since it affects another test `ReflectionTest#test_read_attribute_names` Address #26099
* | Merge pull request #26090 from kamipo/fix_warning_ambiguous_first_argumentSean Griffin2016-08-111-1/+1
|\ \ | | | | | | Fix warning: ambiguous first argument
| * | Fix warning: ambiguous first argumentRyuta Kamizono2016-08-121-1/+1
|/ /
* / ensure tag/content_tag escapes " in attribute valsAndrew Carpenter2016-08-112-1/+11
|/ | | | | | Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))` CVE-2016-6316
* Merge pull request #26116 from y-yagi/fix_name_error_in_engine_commands_tasksKasper Timm Hansen2016-08-112-0/+26
|\ | | | | add missing require rake
| * add missing require rakeyuuji.yaginuma2016-08-112-0/+26
| | | | | | | | | | In ff8035dfeed8c86594c32ef8e9204806e190cb58, require rake is deferred. Therefore, it is necessary to require rake even `Engine::CommandsTasks.
* | Merge pull request #26114 from kamipo/fix_test_failureKasper Timm Hansen2016-08-112-3/+3
|\ \ | |/ |/| Fix actionview test failure
| * Fix actionview test failureRyuta Kamizono2016-08-112-3/+3
|/ | | | Caused by #26092.
* Merge pull request #26110 from aditya-kapoor/minor-doc-fixGuillermo Iguaran2016-08-101-2/+5
|\ | | | | Minor doc fix related to ActiveModel::SecurePassword [ci skip]
| * Minor doc fix related to ActiveModel::SecurePassword [ci skip]Aditya Kapoor2016-08-111-2/+5
| |
* | prefer __dir__ over __FILE__ in File.expand_pathXavier Noria2016-08-116-6/+18
| | | | | | | | | | | | Thinking .. relative to files is not natural, we are used to think "parent of a directory", and we have __dir__ nowadays.
* | Merge pull request #25930 from mechanicles/doc-http-cache-foreverVipul A M2016-08-101-0/+24
|\ \ | | | | | | Add documentation for `http_cache_forever`. [ci skip]
| * | Add documentation for `http_cache_forever`. [ci skip]Santosh Wadghule2016-08-101-0/+24
| | |
* | | Merge pull request #26092 from kerrizor/kerrizor/force-param-encodingAaron Patterson2016-08-1010-20/+139
|\ \ \ | | | | | | | | Allow specifying encoding of parameters by action
| * | | Allow specifying encoding of parameters by actionKerri Miller2016-08-0910-20/+139
| | | | | | | | | | | | | | | | | | | | At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action.
* | | | Merge pull request #26102 from gsamokovarov/schema-statements-typoYves Senn2016-08-102-1/+7
|\ \ \ \ | | | | | | | | | | Fix a NoMethodError schema_statements.rb
| * | | | Fix a NoMethodError schema_statements.rbGenadi Samokovarov2016-08-102-1/+7
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you call `remove_index` with wrong options, say a type, like I did, you get: ``` == 20160810072541 RemoveUniqueIndexOnGoals: migrating ========================= -- remove_index(:goal, {:coulmn=>:kid_id, :unique=>true}) rails aborted! StandardError: An error has occurred, this and all later migrations canceled: undefined method `ArgumentError' for #<ActiveRecord::ConnectionAdapters::PostgreSQLAdapter:0x007fb7dec91b28> ``` What happened is that I mistyped column (coulmn) and got a `NoMethodError`, because of a missing comma during the raise. This made Ruby think we're calling the method `ArgumentError`.
* / | | Remove unused methodAndrew White2016-08-101-5/+0
|/ / / | | | | | | | | | | | | | | | | | | In c546a2b parameter handling in AC test cases was changed to round tripping through encoders/decoders so that they matched reality and in 0adb8f8 the old methods were removed but the `html_format?` method was overlooked.
* | | Merge pull request #26095 from kamipo/fix_broken_alignment_by_auto_correctXavier Noria2016-08-0920-39/+77
|\ \ \ | |_|/ |/| | Fix broken alignments caused by auto-correct commit 411ccbd
| * | Fix broken alignments caused by auto-correct commit 411ccbdRyuta Kamizono2016-08-1020-39/+77
|/ / | | | | | | Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
* | Merge pull request #24476 from vipulnsward/24314-eagerloading-doc-updateVipul A M2016-08-091-2/+3
|\ \ | | | | | | Document know limitation about using `references` in conjunction with custom select clauses [ci skip]
| * | Document know limitation about using `references` in conjunction with eager ↵Vipul A M2016-08-091-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | loading causing it to ignore custom select clauses. [ci skip] Fixes #24314
* | | Merge pull request #26042 from bogdanvlviv/debugging_guideVipul A M2016-08-091-0/+1
|\ \ \ | |/ / |/| | Add link to 'Pry' in debugging guide [ci skip]
| * | Add link to 'Pry' in debugging guide [ci skip]bogdanvlviv2016-08-071-0/+1
| | |
* | | Merge pull request #26086 from y-yagi/update_rescue_responses_defaultJon Moss2016-08-081-0/+2
|\ \ \ | |_|/ |/| | update list of rescue_responses default [ci skip]
| * | update list of rescue_responses default [ci skip]yuuji.yaginuma2016-08-091-0/+2
|/ / | | | | | | Follow up to fe859a54219740fa8b4e09a592820d2ee12ba222
* | revises more Lint/EndAlignment offensesXavier Noria2016-08-088-30/+30
| |
* | Merge pull request #26067 from yahonda/oracle_can_use_fetch_firstYves Senn2016-08-082-4/+4
|\ \ | | | | | | Use `FETCH FIRST` for Oracle12 and test `ROWNUM <=` for Oracle 11g or older version to test sql limit behavior
| * | Use `FETCH FIRST` for Oracle12 database and Arel Oracle12 visitorYasuo Honda2016-08-082-4/+4
|/ / | | | | | | | | also test `ROWNUM <=` for Oracle 11g or older version of Oracle and Oracle visitor Oracle 12c database and Arel Oracle12 visitor supports better top N query.
* | let instance thread_mattr_* methods delegate to the class-level onesXavier Noria2016-08-081-4/+10
| | | | | | | | | | | | | | This code has too much duplication and the rationale for the concatenation may not be obvious to the reader. You define the ones at class-level, explain why does the code concatenates there, and then the convenience ones at instance-level just delegate.
* | Merge pull request #25681 from willnet/fix-thread_mattr_accessorYves Senn2016-08-083-4/+48
|\ \ | | | | | | | | | Fix `thread_mattr_accessor` share variable superclass with subclass
| * | Fix `thread_mattr_accessor` share variable superclass with subclasswillnet2016-08-043-8/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation of `thread_mattr_accessor` set variable sharing superclass with subclass. So the method doesn't work as documented. Precondition class Account thread_mattr_accessor :user end class Customer < Account end Account.user = "DHH" Account.user #=> "DHH" Customer.user = "Rafael" Customer.user # => "Rafael" Documented behavior Account.user # => "DHH" Actual behavior Account.user # => "Rafael" Current implementation set variable statically likes `Thread[:attr_Account_user]`, and customer also use it. Make variable name dynamic to use own thread-local variable.
* | | damn typos [ci skip]Xavier Noria2016-08-081-1/+1
| | |
* | | explain why aliasing uses explicit selfs [ci skip]Xavier Noria2016-08-081-0/+3
| | |
* | | code gardening: removes redundant selfsXavier Noria2016-08-0874-122/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | A few have been left for aesthetic reasons, but have made a pass and removed most of them. Note that if the method `foo` returns an array, `foo << 1` is a regular push, nothing to do with assignments, so no self required.
* | | revises most Lint/EndAlignment offensesXavier Noria2016-08-0713-55/+58
| | | | | | | | | | | | Some case expressions remain, need to think about those ones.
* | | applies project convention for string literalsXavier Noria2016-08-071-1/+1
| | |
* | | adds missing comma in assert callXavier Noria2016-08-071-2/+2
| | |
* | | copy-edits an exception messageXavier Noria2016-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Inserted spaces in the name of Rails components. Since I was on it, also used PostgreSQL instead of Postgres because albeit Postgres is an accepted alias, PostgreSQL is the official name and the actual name of the adapter. See https://wiki.postgresql.org/wiki/ProjectName with regard to PostgreSQL vs Postgres.
* | | Assign config on base instead of on `@controller`.Kasper Timm Hansen2016-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some test runs `ActionController::Base.enable_fragment_cache_logging` would be false, based on the test order. Turns out it was off because we assigned the config to the `@controller` variable, and not on `ActionController::Base`. The test failure was reproducible with, and now passes after this: ``` bin/test test/controller/log_subscriber_test.rb --seed 19918 ```
* | | Extract common view cache dependency setup.Kasper Timm Hansen2016-08-071-8/+9
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 21:44:57 +0000