| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| |
| |
| |
| | |
dealing with empty hashes. Thanks Damien Mathieu
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It includes security bug fixes and changes the initialization of
Rack::File to accept a hash, otherwise generating warnings.
See 295806e for the warnings fix.
Conflicts:
actionpack/actionpack.gemspec
|
| | |
|
| |
| |
| |
| | |
Fix format and wrong changelog entry
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-stable:
fix block.arity raise nil error when not given a block to "content_tag_for"
removes the Ajax on Rails early draft
Revert "Merge pull request #8665 from senny/8661_should_not_append_charset_if_already_present"
backport #8662, charset should not be appended for `head` responses
Revert "Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options."
Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options.
backport #8616, quote column names in generated fixture files
|
| | | |
|
|\ \ \
| |/ /
|/| /
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
CVE-2012-5664 options hashes should only be extracted if there are extra parameters
updating changelog
updating the changelogs
updating the changelog for the CVE
Add release date of Rails 3.2.9 to documentation
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activerecord/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| | |
Clear url helper methods when routes are reloaded by removing the
methods explicitly rather than just clearing the module because it
didn't work properly and could be the source of a memory leak.
Closes #8488.
|
| |
| |
| |
| |
| |
| | |
Fix rewinding in ActionDispatch::Request#raw_post
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
senny/8376_descriptive_error_message_for_partial_layout_true
More descriptive error when rendering a partial with `:layout => true`
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_view/renderer/partial_renderer.rb
|
| | |
|
| | |
|
| |
| |
| |
| | |
This is a backport of rails/rails#7997.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`
Conflicts:
actionpack/CHANGELOG.md
actionpack/test/template/template_test.rb
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Fix #8086 (BestStandardsSupport rewrites app X-UA-Compatible header)
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| | |
this is a backport of #8115 to fix #7842
|
|/
|
|
|
|
|
| |
Support :multiple option on input tags that also have :index
Conflicts:
actionpack/lib/action_view/helpers/tags/base.rb
actionpack/lib/action_view/helpers/tags/collection_check_boxes.rb
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 61d5d2d8a97fd289b81991cd79dca3112e7ca135.
Conflicts:
actionpack/CHANGELOG.md
REASON: This added a backward incompatible change.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 7d17cd2cbfc086f5aa9dd636e1207eb130150428.
Conflicts:
actionpack/CHANGELOG.md
Reason: This added a regression since people were relying on this buggy behavior.
This will introduce back #3849 but we will be backward compatible in
stable release.
Fixes #8068.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
senny/7459_prefix_tempalte_assertion_variables"
This reverts commit 2bad605873b5b720d77ae6388a995827ab7fe705.
Conflicts:
actionpack/CHANGELOG.md
Reason: This added a regression related with shoulda-matchers, since it
is expecting the instance variable @layouts
See https://github.com/thoughtbot/shoulda-matchers/blob/9e1188eea68c47d9a56ce6280e45027da6187ab1/lib/shoulda/matchers/action_controller/render_with_layout_matcher.rb#L74
This will introduce back #7459 but this stable release will be backward compatible.
Related with #8068.
|
|
|
|
|
| |
Accept either :remote or 'remote' in both the html_options and
(url_)options hash arguments to link_to.
|
|
|
|
|
|
| |
can't pass :locals to #assert_template without a view test case (#3415)
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
|
|
| |
prefix TemplateAssertions ivars.
Closes #7459
Conflicts:
actionpack/lib/action_controller/test_case.rb
actionpack/lib/action_view/test_case.rb
|
|
|
|
| |
resource and resources do no longer modify passed options
|
|
|
|
| |
Bump Sprockets requirements from 2.1+ to 2.2+ and let it answer "should we compile this asset?" for us.
|
| |
|
|
|
|
|
|
|
| |
REBASED: fixing assert_template bug when template matches expected, but not ends with
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/test_case.rb
|
|
|
|
|
|
|
|
|
|
| |
To test uploading a file without using fixture_file_upload, a posted
ActionDispatch::Http::UploadedFile should not be paramified (just like
Rack::Test::UploadedFile).
(Rack::Test::UploadedFile and ActionDispatch::Http::UploadedFile don't
share the same API, tempfile is not accessible on
Rack::Test::UploadedFile as discussed in
https://github.com/brynary/rack-test/issues/30)
|
|
|
|
|
|
| |
This reverts commit 54f55746a70a7091341e84236498203118a7fbb4.
Reason: the last commit fixed the failing case
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1ac19c11792a745cd654f02dfaed8e93f95b3c70.
Conflicts:
actionpack/CHANGELOG.md
Reason: This is causing failures in the railties build.
See http://travis-ci.org/#!/rails/rails/jobs/2491787
Related with #7672
|
|
|
|
|
|
| |
Removing to_shorthand to fix #6497
Conflicts:
actionpack/CHANGELOG.md
|
|
|
|
|
|
|
| |
Previously, the `asset_path` internals only respected the `:digest`
option, but ignored the global config setting. This meant that
`config.digest = false` could not be used in conjunction with
`config.compile = false` this corrects the behavior.
|
|
|
|
|
|
| |
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_controller/log_subscriber.rb
|
|
|
|
| |
Check 810a50d for the rationale.
|
|
|
|
|
|
|
|
|
|
|
|
| |
we should take disabled option not only from `html_options` hash but from
`options` hash too like `build_select` method does it. So
datetime_select("post", "updated_at", { :discard_minute => true }, { :disabled => true })
datetime_select("post", "updated_at", :discard_minute => true , :disabled => true)
both these variants work now
closes #7431
|
|
|
|
|
|
| |
option_tags coerced to "" instead of nil
Closes #7404
|
|
|
|
| |
file's path, so opening the file to set the response body is wasteful. Set a FileBody wrapper instead that responds to to_path and streams the file if needed.
|
|
|
|
| |
session stores
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Thanks to Marek Labos & Nethemba
CVE-2012-3465
|