| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Complete work on 3.2 for render_data_leak patch. | Arthur Neves | 2016-02-29 | 1 | -7/+19 |
| | | | | | | | | | | | | | | | | | | | Render could leak access to external files before this patch. A previous patch(CVE-2016-0752), attempted to fix this. However the tests were miss-placed outside the TestCase subclass, so they were not running. We should allow :file to be outside rails root, but anything else must be inside the rails view directory. The implementation has changed a bit though. Now the patch is more similar with the 4.x series patches. Now `render 'foo/bar'`, will add a special key in the options hash, and not use the :file one, so when we look up that file, we don't set the fallbacks, and only lookup a template, to constraint the folders that can be accessed. CVE-2016-2097 | ||||
| * | We need [] method here. previously it's an array. | Arun Agrawal | 2011-08-13 | 1 | -0/+4 |
| | | |||||
| * | just use map and case / when rather than modifying the iterating array | Aaron Patterson | 2011-08-09 | 1 | -5/+8 |
| | | |||||
| * | only typecast what we need to typecast | Aaron Patterson | 2011-08-09 | 1 | -11/+9 |
| | | |||||
| * | Favor composition over inheritance. | Aaron Patterson | 2011-08-09 | 1 | -6/+48 |
| | | |||||
| * | be explicit about arguments passed around | Aaron Patterson | 2011-08-08 | 1 | -2/+2 |
| | | |||||
| * | Optimize the most common resolver case. | José Valim | 2011-05-09 | 1 | -1/+1 |
| | | |||||
| * | Revert to use === only here because of perf. :( | José Valim | 2011-05-08 | 1 | -3/+1 |
| | | |||||
| * | Added activesupport requires for Array.wrap in previously modified files | Burke Libbey | 2011-05-07 | 1 | -0/+2 |
| | | |||||
| * | Remove redundant check for is_a?(String) | Burke Libbey | 2011-05-06 | 1 | -1/+1 |
| | | |||||
| * | Added a test for MissingTemplate change, and changed to use Array.wrap() as | Burke Libbey | 2011-05-06 | 1 | -1/+1 |
| | | | | | requested by josevalim. | ||||
| * | ActionView::PathSet# accepts String or Array | David Chelimsky | 2011-04-13 | 1 | -0/+1 |
| | | | | | | | - Closes #6692 Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
| * | Clean up PathSet. | José Valim | 2010-12-27 | 1 | -19/+4 |
| | | |||||
| * | Final tidy up on templates inheritance. | José Valim | 2010-12-27 | 1 | -7/+2 |
| | | |||||
| * | A bunch of cleanup on the inherited template patch | wycats | 2010-12-26 | 1 | -7/+25 |
| | | |||||
| * | #948 template_inheritance | artemave | 2010-12-26 | 1 | -6/+10 |
| | | |||||
| * | Ensure resolvers backward compatibility. | José Valim | 2010-12-09 | 1 | -4/+2 |
| | | |||||
| * | SReorganize autoloads slightly and move two files to lib/action_view root. | José Valim | 2010-10-14 | 1 | -0/+41 |
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |