| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[Guides] Sentence break for clarity [ci-skip]
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Fix incorrect unsubscription.
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Use `#bytesize` instead of `#size` when checking for cookie overflow
|
|/ / / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.
Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also reordered some of the items to put newer ones on top (same order as
CHANGELOGs), which makes it easier to diff while we are still working on it.
|
| | | | | | |
|
|\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
Removed the single space character for Safari
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
The old behavior was added as a workaround for a bug in an early version of
Safari, where the HTTP headers are not returned correctly if the response
body has a 0-length. This is been fixed since and the workaround is no
longer necessary.
Use `render body: ' '` if the old behavior is desired.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Address CVE-2014-4671 (JSONP Flash exploit)
|
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
gcampbell-rosetta_flash
* 'rosetta_flash' of https://github.com/gcampbell/rails:
Address CVE-2014-4671 (JSONP Flash exploit)
Conflicts:
actionpack/CHANGELOG.md
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Adds a comment before JSONP callbacks. See
http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more
details on the exploit in question.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Force encoding of US-ASCII to UTF-8 in unescape_uri.
|
|/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Because URI paths may contain non US-ASCII characters we need to force
the encoding of any unescaped URIs to UTF-8 if they are US-ASCII.
This essentially replicates the functionality of the monkey patch to
URI.parser.unescape in active_support/core_ext/uri.rb.
Fixes #16104.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[ci skip] Fixed link to strong params in Getting Started section 5.6.
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
egilburg/rails_4_1_upgrade_guide_json_time_with_zone_precision
[ci skip] Document millisecond precision change in ActiveSupport::TimeWithZone#as_json
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | | |
ActiveSupport::TimeWithZone#as_json
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Reduce number of subscriptions created.
|
| | | | | | | |
|
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Since 6857415187810f1289068a448268264d0cf0844f we are using #safe_join to
join the content when an Array is given, so we must include the dependent
module here to make sure it's available when this module is used alone.
This was making Simple Form tests to fail with current master due to the
missing dependency.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[ci skip] Fix 4.2 release notes list items. [Matthew Draper & Juanito Fatas]
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
[ci skip] Fix 4.2 release notes rendered display.
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | | |
Use proper possessive punctuation [ci skip]
|
|/ / / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
correct markdown usage [ci skip]
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
This updates rails to use edge rack
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
https://github.com/rack/rack/commit/5a5aee36
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
As Rack has some non backwards compatible changes added required
modifications to keep behaviour in rails close to same as before.
Also modified generators to include rack/rack for not yet released
version of rack
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Add changelog for PR #14899
|
|/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The changelog entry for #14899 was missing.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
zuhao/refactor_activerecord_belongs_to_associations_test
Include fixtures to prevent foreign key violation.
|
|/ / / / / / / / |
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/
|/| | | | | | |
| | | | | | | |
| | | | | | | | |
zuhao/refactor_activerecord_nested_through_associations_test
Warm up cache to prevent assertion failure.
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Remove PG's definition of `type_cast`
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
All cases except for `nil` in an array have been removed. `nil` in an
array is handled by the Array type object.
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|/ / / /
|/| | | | | | | | |
Don't rely on the sql type to quote XML columns in PG
|
| |/ / / / / / / |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
It always responds to mounted_helpers now
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Avoid retrieving connection in ActiveRecord::QueryCache multiple times.
|
| |/ / / / / / / |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Remove the `text?` predicate from the type objects
|
| |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This was only used for uniqueness validations. The first usage was in
conjunction with `limit`. Types which cast to string, but are not
considered text cannot have a limit. The second case was only with an
explicit `:case_sensitive => true` option given by the user.
|