| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The commit which originally added this behavior did not consider that
doing `Subclass.new` does not actually populate the `type` field in the
attributes (though perhaps it should). We simply need to not use the
defaults for STI related things unless we are instantiating the base
class.
Fixes #23285.
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 5-0-beta-sec:
bumping version
fix version update task to deal with .beta1.1
Eliminate instance level writers for class accessors
allow :file to be outside rails root, but anything else must be inside the rails view directory
Don't short-circuit reject_if proc
stop caching mime types globally
use secure string comparisons for basic auth username / password
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When updating an associated record via nested attribute hashes the
reject_if proc could be bypassed if the _destroy flag was set in the
attribute hash and allow_destroy was set to false.
The fix is to only short-circuit if the _destroy flag is set and the
option allow_destroy is set to true. It also fixes an issue where
a new record wasn't created if _destroy was set and the option
allow_destroy was set to false.
CVE-2015-7577
|
|\ \
| | |
| | | |
[close #23009] Limit key length
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mysql has a weird bug where it cannot index a string column of utf8mb4 if it is over a certain character limit. To get compatibility with msql we can add a limit to the key column. 191 characters is a very long key, it seems reasonable to limit across all adapters since using a longer key wouldn't be supported in mysql.
Thanks to @kamipo for the original PR and the test refactoring.
Conversation: https://github.com/rails/rails/pull/23009#issuecomment-171416629
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add missing source_type if provided on hmt which belongs to an sti re…
|
| | | |
| | | |
| | | |
| | | | |
Fixes #23209
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- We don't need the select scope added by user as we only want to max
timestamp and size of the collection. So we already know which columns
to select.
- Additionally having user defined columns in select scope blows the cache_key
method with PostGreSQL because it needs all `selected` columns in the group_by
clause or aggregate function.
- Fixes #23038.
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
prathamesh-sonpatki/fix-cache-key-for-queries-with-offset
Fix ActiveRecord::Relation#cache_key for relations with no results
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- When relations return no result or 0 result then cache_key should
handle it gracefully instead of blowing up trying to access
`result[:size]` and `result[:timestamp]`.
- Fixes #23063.
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Using `references` or `belongs_to` in migrations will always add index
for the referenced column by default, without adding `index:true` option
to generated migration file.
- Users can opt out of this by passing `index: false`.
- Legacy migrations won't be affected by this change. They will continue
to run as they were before.
- Fixes #18146
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes incorrect assumptions made by e991c7b that we can assume the
DB is already casting the value for us. The enum type needs additional
information to perform casting, and needs a subtype.
I've opted not to call `super` in `cast`, as we have a known set of
types which we accept there, and the subtype likely doesn't accept them
(symbol -> integer doesn't make sense)
Close #23190
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
prathamesh-sonpatki/fix-cache-key-for-loaded-empty-collection
Fix ActiveRecord::Relation#cache_key for loaded empty collection
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Before this patch if we try to find cache_key of a loaded but empty
collection it used to give error because of trying to call `updated_at`
on `nil` value generated by
`collection.max_by(×tamp_column).public_send(timestamp_column)`.
- This commit fixes above error by checking if size is greater than zero
or not.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Closes #21986.
This makes it possible to write custom types that define a different
mapping for STI columns.
|
| | |
| | |
| | |
| | |
| | |
| | | |
instead of start_at/end_at based on comments
at https://github.com/rails/rails/pull/12257#issuecomment-74688344
|
|\ \ \
| | | |
| | | | |
Add `:expression` option support on the schema default
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Example:
create_table :posts do |t|
t.datetime :published_at, default: -> { 'NOW()' }
end
|
|\ \ \ \
| |_|/ /
|/| | |
| | | |
| | | | |
kamipo/sql_for_insert_returns_values_for_passing_to_exec_insert
`sql_for_insert` returns values for passing to `exec_insert`
|
| | | | |
|
| | | |
| | | |
| | | | |
😳
|
|/ / /
| | |
| | |
| | | |
This reverts commit 11e85b91731ca6125ee1db33553f984549a3bc2b.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
glittershark/if-and-unless-in-secure-token"
This reverts commit 224eddfc0eeff6555ae88691306e61c7a9e8b758, reversing
changes made to 9d681fc74c6251d5f2b93fa9576c9b2113116680.
When merging the pull request, I misunderstood `has_secure_token` as declaring a model
has a token from birth and through the rest of its lifetime.
Therefore, supporting conditional creation doesn't make sense. You should never mark a
model as having a secure token if there's a time when it shouldn't have it on creation.
|
|\ \ \
| | | |
| | | | |
`substitute_at` is no longer used
|
| |/ /
| | |
| | |
| | | |
Arel handles substitution for bind parameters by now.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The code that set the from clause was removed in
bdc5141652770fd227455681cde1f9899f55b0b9. I did not give any reason for
doing so. My assumption was that I intended to change it to use the
clause objects, but forgot. We appeared to not have test coverage for
this case.
Fixes #22996
|
|\ \ \
| |/ /
|/| |
| | |
| | | |
schneems/schneems/migration-sets-environment-value
Set environment even when no migration runs
|
| | |
| | |
| | |
| | |
| | | |
This PR addresses the issue described in https://github.com/rails/rails/pull/22967#issuecomment-170251635. If the database is non empty and has no new migrations than `db:migrate` will not set the environment. This PR works by always setting the environment value on successful `up` migration regardless of whether or not a migration was actually executed.
|
| | | |
|
| | |
| | |
| | |
| | | |
Closes #22584.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When you are using scopes and you chaining these scopes it is hard to
know which are the values that are incompatible. This way you can read
the message and know for which values you need to look for.
[Herminio Torres]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 5d41cb3bfd6b19833261622ce5d339b1e580bd8b.
This implementation does not properly handle cases involving predicates
which are not associated with a bind param. I have the fix in mind, but
don't have time to implement just yet. It will be more similar to #22823
than not.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While the predicates are an arel equality node where the left side is a
full arel attribute, the binds just have the name of the column and
nothing else. This means that while splitting the predicates can include
the table as a factor, the binds cannot. It's entirely possible that we
might be able to have the bind params carry a bit more information (I
don't believe the name is used for anything but logging), and that is
probably a worthwhile change to make in the future.
However the simplest (and likely slightly faster) solution is to simply
use the indices of the conflicts in both cases. This means that we only
have to compute the collision space once, instead of twice even though
we're doing an additional array iteration. Regardless, this method isn't
a performance hotspot.
Close #22823.
[Ben Woosley & Sean Griffin]
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Given a default_scope on a parent of the current class, where that
parent is not the base class, the parent's STI condition would become
attached to the evaluated default scope, and then override the child's
own STI condition.
Instead, we can treat the STI condition as though it is a default scope,
and skip it in this situation: the scope will be merged into the base
relation, which already contains the correct STI condition.
Fixes #22426.
|
|/ /
| |
| |
| |
| |
| |
| | |
While the commit message (and changelog example) in
5e0b555b453ea2ca36986c111512627d806101e7 talked about sibling classes,
the added test had a child ignore its parent's scoping, which seems less
reasonable.
|
| |
| |
| |
| | |
`connection_adapters/mysql/type_metadata.rb`
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running passing condition assertions in the same test the user had already
been saved at that point.
Split out so we have a not yet persisted user.
Rename condition tests to improve clarity a bit.
|
| |
| |
| |
| |
| |
| | |
Fix the NoMethodErrors introduced in 224eddf, when adding conditional token creation.
The model declarations but the column wasn't added to the schema.
|
| |
| |
| |
| |
| | |
Pass through :if and :unless options from has_secure_token to the
generated before_create callback
|
|\ \
| | |
| | | |
Get update_attributes working with SchemaMigration
|
| | |
| | |
| | |
| | | |
You cannot use `update_attributes` on models that do not have a primary key. Since SchemaMigration versions are guaranteed to be unique (they have a unique index on them) we can safely use them as a primary key.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is an alternate implementation to #22875, that generalizes a lot of
the logic that type decorators are going to need, in order to have them
work with arrays, ranges, etc. The types have the ability to map over a
value, with the default implementation being to just yield that given
value. Array and Range give more appropriate definitions.
This does not automatically make ranges time zone aware, as they need to
be added to the `time_zone_aware` types config, but we could certainly
make that change if we feel it is appropriate. I do think this would be
a breaking change however, and should at least have a deprecation cycle.
Closes #22875.
/cc @matthewd
|
|\ \ \
| |/ /
|/| | |
Prevent destructive action on production database
|
| | | |
|
| | |
| | |
| | |
| | | |
Discussion: https://github.com/rails/rails/pull/22967#discussion_r49137035
|