| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric" | Steve Klabnik | 2013-02-26 | 1 | -25/+0 |
| | | | | | This reverts commit 921a296a3390192a71abeec6d9a035cc6d1865c8. | ||||
| * | Fix test failure for ruby 1.8. | Dylan Smith | 2013-02-08 | 1 | -1/+1 |
| | | | | | BigDecimal.new needs to take a string rather than an integer in ruby 1.8. | ||||
| * | active_record: Quote numeric values compared to string columns. | Dylan Smith | 2013-02-07 | 1 | -0/+25 |
| | | |||||
| * | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -1/+15 |
| | | | | | dealing with empty hashes. Thanks Damien Mathieu | ||||
| * | Additional fix for CVE-2012-2661 | Ernie Miller | 2012-06-11 | 1 | -0/+6 |
| | | | | | | | | | While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well. | ||||
| * | predicate builder should not recurse for determining where columns. | Aaron Patterson | 2012-05-30 | 1 | -0/+19 |
| Thanks to Ben Murphy for reporting this CVE-2012-2661 | |||||
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |