| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -1/+15 |
| | | | | | dealing with empty hashes. Thanks Damien Mathieu | ||||
| * | Additional fix for CVE-2012-2661 | Ernie Miller | 2012-06-11 | 1 | -0/+6 |
| | | | | | | | | | While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well. | ||||
| * | predicate builder should not recurse for determining where columns. | Aaron Patterson | 2012-05-30 | 1 | -0/+19 |
| Thanks to Ben Murphy for reporting this CVE-2012-2661 | |||||
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |