aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
* Update changelogs with release date [ci skip]Carlos Antonio da Silva2013-01-091-2/+4
|
* Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-087-11/+57
|\ | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: bumping version CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu Avoid Rack security warning no secret provided Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
| * bumping versionAaron Patterson2013-01-081-1/+1
| |
| * CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| |
| * * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵Aaron Patterson2013-01-085-8/+42
| | | | | | | | dealing with empty hashes. Thanks Damien Mathieu
| * Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Changelog improvements [ci skip]Carlos Antonio da Silva2013-01-081-6/+5
| |
* | Bump rack dependency to 1.4.3Carlos Antonio da Silva2013-01-082-1/+5
| | | | | | | | | | | | | | | | | | | | It includes security bug fixes and changes the initialization of Rack::File to accept a hash, otherwise generating warnings. See 295806e for the warnings fix. Conflicts: actionpack/actionpack.gemspec
* | Merge pull request #8812 from rubys/masterCarlos Antonio da Silva2013-01-081-1/+1
| | | | | | | | Eliminate Rack::File headers deprecation warning
* | Avoid Rack security warning no secret providedSantiago Pastorino2013-01-081-0/+2
| | | | | | | | This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
* | Do not call fields_for from form_for, to avoid instantiating two buildersCarlos Antonio da Silva2013-01-062-9/+19
| | | | | | | | | | | | Conflicts: actionpack/lib/action_view/helpers/form_helper.rb actionpack/test/template/form_helper_test.rb
* | Remove suggestion that Procs can be used as session secrets.James Coglan2013-01-051-7/+4
| | | | | | | | | | | | | | | | (cherry picked from commit 6500d7994e94af439587ba0b6088b14532940ad2) [ci skip] Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
* | backport #4f0f1b5 into 3-2-stable. because 1.9.3-p362 warned unused variables.SHIBATA Hiroshi2013-01-051-1/+2
| | | | | | | | | | Conflicts: actionpack/test/controller/render_test.rb
* | Merge pull request #8716 from miguelff/3-2-stableRafael Mendonça França2013-01-031-1/+1
|\ \ | | | | | | Merged latest released tag (v3.2.10) into the stable branch (3-2-stable)
| * | Merge tag 'v3.2.10' into 3-2-stableMiguel2013-01-031-1/+1
| |\| | | | | | | | | | Latest released tag was not fully merged into the stable branch (missed version bumping)
| | * bumping version to 3.2.10Aaron Patterson2012-12-231-1/+1
| | |
* | | Merge pull request #8719 from pcasaretto/fix-actionview-doc-typoCarlos Antonio da Silva2013-01-031-1/+1
|/ / | | | | | | Fix typo on form_tag_helper.rb [ci skip]
* | Use Ruby 1.8 syntaxRafael Mendonça França2013-01-021-2/+2
| |
* | Backport #8701, do not append a second slash with `trailing_slash: true`Yves Senn2013-01-023-6/+33
| |
* | Add release date of 3.2.10Rafael Mendonça França2013-01-021-1/+5
| | | | | | | | Fix format and wrong changelog entry
* | Improve CHANGELOG message [ci skip]Rafael Mendonça França2013-01-021-3/+2
| |
* | Merge branch '3-2-stable' into 3-2-secmergeAaron Patterson2013-01-023-1/+16
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-stable: fix block.arity raise nil error when not given a block to "content_tag_for" removes the Ajax on Rails early draft Revert "Merge pull request #8665 from senny/8661_should_not_append_charset_if_already_present" backport #8662, charset should not be appended for `head` responses Revert "Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options." Fix `validates_presence_of` with `:allow_nil` or `:allow_blank` options. backport #8616, quote column names in generated fixture files
| * | fix block.arity raise nil error when not given a block to "content_tag_for"jasl2013-01-023-1/+16
| | |
* | | Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2012-12-231-1/+3
|\ \ \ | |/ / |/| / | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-sec: CVE-2012-5664 options hashes should only be extracted if there are extra parameters updating changelog updating the changelogs updating the changelog for the CVE Add release date of Rails 3.2.9 to documentation Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activerecord/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md
| * updating the changelogsAaron Patterson2012-12-231-0/+2
| |
| * Add release date of Rails 3.2.9 to documentationclaudiob2012-12-231-1/+1
| | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md
* | Don't use 1.9 hash syntax on 3-2-stableAndrew White2012-12-141-8/+8
| |
* | Clear url helper methods when routes are reloadedAndrew White2012-12-143-6/+104
| | | | | | | | | | | | | | | | Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work properly and could be the source of a memory leak. Closes #8488.
* | Merge pull request #8490 from mattv/fix_request_raw_postRafael Mendonça França2012-12-113-2/+15
| | | | | | | | | | | | Fix rewinding in ActionDispatch::Request#raw_post Conflicts: actionpack/CHANGELOG.md
* | Make distance_of_time_in_words work with DateTime offsetsAndrew White2012-12-042-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because DateTime#to_time returns self when it has a non-zero offset and subtracting two DateTime instances returns a Rational then the distance_of_time_in_words methods outputs an incorrect value. This is fixed in master because we can rely on Ruby 1.9.3's implementation of to_time but it can't be fixed on Ruby 1.8.7 as there is no way to map the DateTime to a Time with a non-zero offset. We can workaround the problem by casting to Float before doing the subtraction in the distance_of_time_in_words method. Closes #8390
* | Make output of distance_of_time_in_words consistentAndrew White2012-12-042-4/+21
| | | | | | | | | | | | | | | | | | | | This commit fixes the output of distance_of_time_in_words when using integer or duration arguments. Previously a distance of more than 30 seconds would be output as 'Less than 1 minute' when using integer arguments and '1 minute' when using two Time instances more than 30 seconds apart. Cherry picked from 5fdd4cd9e47be972f146a8a17a74c8f4700e2ac0
* | Use 1.8 hash styleCarlos Antonio da Silva2012-12-031-1/+1
| |
* | Override <%== to always behave as literal text rather than toggling based on ↵Jeremy Kemper2012-12-033-4/+21
| | | | | | | | | | | | | | whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged. Conflicts: actionpack/test/template/template_test.rb
* | Merge pull request #8402 from ↵Rafael Mendonça França2012-12-023-2/+17
| | | | | | | | | | | | | | | | | | senny/8376_descriptive_error_message_for_partial_layout_true More descriptive error when rendering a partial with `:layout => true` Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_view/renderer/partial_renderer.rb
* | Accept symbols as #send_data :disposition valueElia Schito2012-11-273-2/+16
| |
* | @steveklabnik can't spell 'distance.'Steve Klabnik2012-11-261-1/+1
| |
* | Add i18n scope to disance_of_time_in_words.Steve Klabnik2012-11-263-7/+21
| | | | | | | | This is a backport of rails/rails#7997.
* | Add changelog entry for #6003 backportCarlos Antonio da Silva2012-11-161-0/+15
| |
* | Refactor Generator class to not rely on in-place editing the controllerAndrew White2012-11-162-11/+16
| |
* | Fix bug when url_for changes controller.Nikita Beloglazov2012-11-162-2/+11
| |
* | Merge pull request #8235 from tilsammans/dont_escape_actionmailer_when_plaintextJosé Valim2012-11-163-1/+27
| | | | | | | | | | | | | | | | Introduce `ActionView::Template::Handlers::ERB.escape_whitelist` Conflicts: actionpack/CHANGELOG.md actionpack/test/template/template_test.rb
* | [ci skip] Correct examples for form_tag helper.DawidJanczak2012-11-141-2/+2
| |
* | Update mocha version to 0.13.0 and change requiresCarlos Antonio da Silva2012-11-132-3/+3
| |
* | Add release date of Rails 3.2.9 to documentationclaudiob2012-11-121-1/+1
| |
* | Merge branch '3-2-9' into 3-2-stableSantiago Pastorino2012-11-121-1/+1
|\|
| * Bump to 3.2.9Santiago Pastorino2012-11-121-1/+1
| |
* | Merge branch '3-2-9' into 3-2-stableSantiago Pastorino2012-11-091-1/+1
|\|
| * Bump up to 3.2.9.rc3Santiago Pastorino2012-11-091-1/+1
| |
| * Merge pull request #8161 from guilleiguaran/downgrade-sprocketsRafael Mendonça França2012-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.
* | Merge pull request #8161 from guilleiguaran/downgrade-sprocketsRafael Mendonça França2012-11-091-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | Lock sprockets to 2.2.x REASON: We had some pending fixes in sprockets and sass-rails to make possible to use sprockets version > 2.2. We will do a more conservative sprockets upgrade for this release. In a next release we can relax the dependency again. See #8099 for more information.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 09:22:49 +0000