aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Expand)AuthorAgeFilesLines
...
| * fix protocol checking in sanitization [CVE-2013-1857]Aaron Patterson2013-03-152-2/+12
| * fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]Charlie Somerville2013-03-152-3/+8
| * Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-123-1/+26
| * bumping to rc2Aaron Patterson2013-03-061-1/+1
| * Preparing for 3.2.13.rc1 releaseSteve Klabnik2013-02-271-2/+2
| * Update CHANGELOGs for 3.2.13 release.Steve Klabnik2013-02-271-0/+5
* | do not freeze NumberHelper defaults.Yves Senn2013-03-181-2/+2
* | Extract hardcoded lists to Redo::RestaurantsListJuan Barreneche2013-03-143-1/+21
* | Merge pull request #9616 from exviva/multiple_select_name_double_square_bracketsCarlos Antonio da Silva2013-03-093-2/+27
* | Update CHANGELOGs for 3.2.13.rc1Steve Klabnik2013-03-051-0/+2
* | Backport fixes about #7774 to 3-2-stablemaximerety2013-03-053-2/+16
* | Merge pull request #9531 from erik-escobedo/patch-1Guillermo Iguaran2013-03-031-1/+1
|\ \
| * | Fix typo on CHANGELOG.mdÉrik Escobedo2013-03-031-1/+1
| |/
* / remove unused path_without_format variableKornelius Kalnbach2013-03-031-2/+0
|/
* Check for `method_missing` in public and protectedPrem Sichanugrist2013-02-241-1/+2
* There is already a Set of non-hidden action_names lying around.thedarkone2013-02-241-8/+2
* Ruby 2 compat. CGI.escapeHTML has changed the way it escapes apostrophes a fe...Jeremy Kemper2013-02-241-1/+1
* Ruby 2.0.0 defaults source encoding to utf-8 so we need to specifically tag t...Aaron Patterson2013-02-241-0/+1
* Use 1.8 hash styleCarlos Antonio da Silva2013-02-221-1/+1
* determine the match shorthand target early.Yves Senn2013-02-223-9/+54
* Change tabs to spaces in form options helper [ci skip]Carlos Antonio da Silva2013-02-211-2/+2
* Do not put the version in unreleased changes [ci skip]Rafael Mendonça França2013-02-141-1/+1
* Fix the CHANGELOG headers [ci skip]Rafael Mendonça França2013-02-141-0/+2
* Fixed changelog typos [ci skip]Jon McCartie2013-02-141-1/+1
* Update changelogs with version/release dates [ci skip]Carlos Antonio da Silva2013-02-111-3/+6
* Merge branch '3-2-sec' into 3-2-stableAaron Patterson2013-02-111-1/+1
|\
| * bumping versionAaron Patterson2013-02-101-1/+1
| * Bump rack dependency to 1.4.5Santiago Pastorino2013-02-091-1/+1
* | Bump rack dependency to 1.4.5Santiago Pastorino2013-02-081-1/+1
* | Fix markdown syntax in actionpack CHANGELOG.Steve Klabnik2013-02-011-1/+2
* | Add another NumberHelper missing dependencyRodrigo Rosenfeld Rosas2013-01-291-0/+1
* | Add NumberHelper missing dependencyRodrigo Rosenfeld Rosas2013-01-291-0/+1
* | Duplicate possible frozen string from routeAndrew White2013-01-212-2/+10
* | Remove warning of not used variableCarlos Antonio da Silva2013-01-171-1/+1
* | Do not run this streaming test in Ruby 1.8, fix syntax errorCarlos Antonio da Silva2013-01-171-5/+8
* | Merge pull request #5288 from lest/patch-2José Valim2013-01-173-0/+21
* | fixes #8631 local inflections from interfereing with HTTP_METHOD_LOOKUP dispa...Aditya Sanghi2013-01-163-1/+32
* | Merge pull request #8914 from nilbus/fix-header-bloatRafael Mendonça França2013-01-153-2/+10
* | Merge pull request #8907 from rubys/masterRafael Mendonça França2013-01-121-1/+2
* | Remove unnecessary caching of ParameterFilterAndrew White2013-01-121-3/+1
* | Fix JSON params parsing regression for non-object JSON content.Dylan Smith2013-01-113-2/+13
* | Reorder AP changelog and remove duplicated entry [ci skip]Carlos Antonio da Silva2013-01-101-11/+9
* | Merge pull request #8756 from causes/js_include_tag_fixGuillermo Iguaran2013-01-103-9/+28
|\ \
| * | Fix javascript_include_tag when no js runtime is availableNoah Silas2013-01-073-9/+28
* | | Fixes issue where duplicate assets can be required with sprockets.jejacks0n2013-01-105-2/+16
* | | Update changelogs with release date [ci skip]Carlos Antonio da Silva2013-01-091-2/+4
* | | Merge branch '3-2-sec' into 3-2-secmergeAaron Patterson2013-01-087-11/+57
|\ \ \ | | |/ | |/|
| * | bumping versionAaron Patterson2013-01-081-1/+1
| * | CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.Jeremy Kemper2013-01-081-0/+13
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealin...Aaron Patterson2013-01-085-8/+42