| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Trusting any GlobaID object when deserializing jobs can allow
attackers to access information that should not be accessible to them.
Fix CVE-2018-16476.
|
| |
|
|
|
|
|
| |
Restore HashWithIndifferentAccess support to
ActiveJob::Arguments.deserialize.
|
| |
|
|\
| |
| | |
Improve ActiveJob custom argument serializers #30941
|
| |
| |
| |
| |
| | |
The serializer serializes an instance of `ActiveSupport::TimeWithZone`.
The serializer deserializes value to `ActiveSupport::TimeWithZone` if possible.
|
|/ |
|
|
|
|
|
| |
This will make easier to be backwards compatible when changing the
serialization implementation.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can speed up things for the supported types by keeping the code in the
way it was.
We can also avoid to loop trough all serializers in the deserialization by
trying to access the class already in the Hash.
We could also speed up the custom serialization if we define the class
that is going to be serialized when registering the serializers, but
that will remove the possibility of defining a serialzer for a
superclass and have the subclass serialized using it.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`BigDecimal.new` has been deprecated in BigDecimal 1.3.3
which will be a default for Ruby 2.5.
Refer
https://github.com/ruby/bigdecimal/commit/533737338db915b00dc7168c3602e4b462b23503
* This commit has been made as follows:
```
cd rails
git grep -l BigDecimal.new | grep -v guides/source/5_0_release_notes.md | grep -v activesupport/test/xml_mini_test.rb | xargs sed -i -e "s/BigDecimal.new/BigDecimal/g"
```
- `activesupport/test/xml_mini_test.rb`
Editmanually to remove `.new` and `::`
- guides/source/5_0_release_notes.md
This is a Rails 5.0 release notes.
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
| |
and we create test name nased on arg class. Append ar as well to the test name
|
|
|
|
|
|
| |
- Added tests for checking all reserved hash keys of ActiveJob::Arguments.
- Moved unrelated code from the test to the correct place, i.e. newly created
test.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unfortunately, the HashWithIndifferent access approach is insufficient
for our needs. It's perfectly reasonable to want to use keyword
arguments with Active Job, which we will see as a symbol keyed hash. For
Ruby to convert this back to keyword arguments, it must deserialize to a
symbol keyed hash.
There are two primary changes to the serialization behavior. We first
treat a HWIA separately, and mark it as such so we can convert it back
into a HWIA during deserialization.
For normal hashes, we keep a list of all symbol keys, and convert them
back to symbol keys after deserialization.
Fixes #18741.
|
|
|
|
| |
Serialize Global IDs as special objects, distinguishable from Strings
|
|
* Disallow deserialization of non-primitive objects
* Broaden coverage; remove superfluous tests
|