aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib
Commit message (Collapse)AuthorAgeFilesLines
* bumping versionAaron Patterson2016-01-251-1/+1
|
* use secure string comparisons for basic auth username / passwordAaron Patterson2016-01-221-0/+27
| | | | | | | | | | | | this will avoid timing attacks against applications that use basic auth. Conflicts: activesupport/lib/active_support/security_utils.rb Conflicts: actionpack/lib/action_controller/metal/http_authentication.rb CVE-2015-7576
* Preparing for 3.2.22 releaseRafael Mendonça França2015-06-161-1/+1
|
* enforce a depth limit on XML documentsAaron Patterson2015-06-163-10/+15
| | | | | | | | | | XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack. CVE-2015-3227 Conflicts: activesupport/lib/active_support/xml_mini.rb
* Fix ruby 2.2 comparable warningsJoey Geiger2015-01-291-0/+1
| | | | | Check for correct value type in activerecord/fixtures.rb Check that zone can respond to expected values to make the comparison.
* Remove hard dependency on test-unitRafael Mendonça França2015-01-072-2/+11
| | | | | Instead show a error message asking users to add the gem to their Gemfile if test-unit could not be loaded.
* use self.method syntax to resolve circular argument issuesAman Gupta2015-01-021-1/+1
|
* Fix `singleton_class?`Vipul A M2015-01-021-3/+5
| | | | | | | | Due to changes from http://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/39628 current `singleton_class?` implementation fails. Changed based on reference from http://bugs.ruby-lang.org/issues/7609 Conflicts: activesupport/lib/active_support/core_ext/class/attribute.rb
* fix yaml compat on ruby 2.2Aman Gupta2015-01-021-1/+3
|
* Check `respond_to` before delegation due to: ↵Aaron Patterson2014-12-221-1/+7
| | | | https://github.com/ruby/ruby/commit/d781caaf313b8649948c107bba277e5ad7307314
* fix ruby 2.2 warning: circular argument referenceAman Gupta2014-12-221-1/+1
|
* bumping version for relesaseAaron Patterson2014-11-161-1/+1
|
* bumping version to 3.2.20Aaron Patterson2014-10-291-1/+1
|
* Preparing for 3.2.19 releaseRafael Mendonça França2014-07-021-1/+1
|
* Make sure Active Support configurations are applied correctlyRafael Mendonça França2014-06-261-0/+7
| | | | | | | Before this patch configuration set using config.active_support would not be set. Closes #15364
* Revert "Merge pull request #15794 from vishalzambre/patch-1"Guillermo Iguaran2014-06-181-1/+1
| | | | | | | This reverts commit 6d800a909e24465ca6f3fa5206222fa7d78967f6, reversing changes made to 6a051299f98ee43864326c6c0a4f7d169d22b3f8. We don't apply non-security fixes to 3-2-stable branch!!!
* File.exists? is a deprecated name, use File.exist?Vishal Zambre2014-06-181-1/+1
| | | File.exists? is a deprecated name, use File.exist?
* Preparing for 3.2.18 releaseRafael Mendonça França2014-05-061-1/+1
|
* Preparing for 3.2.17 releaseRafael Mendonça França2014-02-181-1/+1
|
* updating the changelogAaron Patterson2013-12-021-1/+1
|
* bumping to 3.2.15Aaron Patterson2013-10-151-1/+1
|
* Merge branch '3-2-15' into 3-2-secAaron Patterson2013-10-151-2/+2
|\ | | | | | | | | | | | | | | | | | | | | * 3-2-15: bumping to rc3 Revert "Merge pull request #12413 from arthurnn/inverse_of_on_build" Revert "Merge pull request #12443 from arthurnn/add_inverse_of_add_target" bumping to rc2 Merge pull request #12443 from arthurnn/add_inverse_of_add_target bumping version to 3.2.15.rc1 Fix STI scopes using benolee's suggestion. Fixes #11939
| * bumping to rc3Aaron Patterson2013-10-111-1/+1
| |
| * bumping to rc2Aaron Patterson2013-10-041-1/+1
| |
| * bumping version to 3.2.15.rc1Aaron Patterson2013-10-031-2/+2
| |
* | Remove the use of String#% when formatting durations in log messagesMichael Koziarski2013-09-301-0/+4
|/ | | | | This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.
* Merge pull request #12196 from h-lame/fix-activesupport-cache-filestore-cleanupRafael Mendonça França2013-09-121-1/+2
| | | | | | | Fix FileStore#cleanup to no longer rely on missing each_key method Conflicts: activesupport/CHANGELOG.md activesupport/test/caching_test.rb
* Fix 1.8.7 incompatible respond_to_missingEugene Kalenkovich2013-08-181-2/+8
|
* Merge branch '3-2-14' into 3-2-stableRafael Mendonça França2013-07-221-1/+1
|\
| * Preparing for 3.2.14 releaseRafael Mendonça França2013-07-221-1/+1
| |
| * Preparing for 3.2.14.rc2 releaseRafael Mendonça França2013-07-161-1/+1
| |
| * Preparing for 3.2.14.rc1 releaseRafael Mendonça França2013-07-121-2/+2
| |
* | Add respond_to_missing? for TaggedLogging which is needed if another log ↵Wolfram Arnold2013-07-171-0/+4
|/ | | | | | abstracter wraps a TaggedLogging instance. It's also best practice when overriding method_missing.
* Add missing require so that DateTime has the right superclassAndrew White2013-07-101-0/+1
| | | | | | | | | | If the DateTime core extensions were loaded before the Date core extensions then you would get a superclass mismatch as DateTime hasn't been defined yet so it gets set to Object by the acts_like core extension. Fixes #11206 (cherry picked from commit 78f7d5b652000dbb1a11d34fe370c3fa82de840c)
* Return local time for backwards compatibilityAndrew White2013-07-091-1/+1
|
* Retain offset and fraction when using Time.at_with_coercionAndrew White2013-07-091-3/+8
| | | | | | | | | | | | | | | | The standard Ruby behavior for Time.at is to return the same type of time when passing an instance of Time as a single argument. Since the an ActiveSupport::TimeWithZone instance may be a different timezone than the system timezone and DateTime just understands offsets the best we can do is to return an instance of Time with the correct offset. It also maintains the correct fractional second value as well. Fixes #11350. Backports: 484253515c0e05760541dc48946361185c9e6904 1b3873730b96035a238dbff7627bd5942e6dc4e7
* Remove warning of assigned but unused variableRafael Mendonça França2013-07-061-1/+1
|
* Incorrectly providing program name the same as log message even when block ↵Carson Reinke2013-07-011-1/+8
| | | | is not provided.
* Backport rails/rails-perftest#2 to fix rake test:benchmarkYves Senn2013-06-274-4/+4
|
* Override Time.at to work with Time-like valuesAndrew White2013-06-081-0/+12
| | | | | | | Time.at allows passing a single Time argument which is then converted to an integer. The conversion code since 1.9.3r429 explicitly checks for an instance of Time so we need to override it to allow DateTime and ActiveSupport::TimeWithZone values.
* Revert "Remove unicode character encoding from ActiveSupport::JSON.encode"Rafael Mendonça França2013-05-081-1/+7
| | | | | | | | | | | | This reverts commit 815a9431ab61376a7e8e1bdff21f87bc557992f8. Conflicts: activesupport/test/json/encoding_test.rb Reason: This was causing a regression where the resulting string is always returning UTF-8. Also it changes the behavior of this method on a stable release. Fixes #9498.
* Merge branch '3-2-13' into 3-2-stableAaron Patterson2013-03-182-1/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 3-2-13: bumping to 3.2.13 fix protocol checking in sanitization [CVE-2013-1857] JDOM XXE Protection [CVE-2013-1856] fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855] stop calling to_sym when building arel nodes [CVE-2013-1854] Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets bumping to rc2 Revert "Merge pull request #8209 from senny/backport_8176" Freeze columns only once per Result Preparing for 3.2.13.rc1 release Update CHANGELOGs for 3.2.13 release. Conflicts: actionmailer/CHANGELOG.md actionpack/CHANGELOG.md activemodel/CHANGELOG.md activeresource/CHANGELOG.md activesupport/CHANGELOG.md railties/CHANGELOG.md
| * bumping to 3.2.13Aaron Patterson2013-03-181-1/+1
| |
| * JDOM XXE Protection [CVE-2013-1856]Ben Murphy2013-03-151-0/+6
| | | | | | | | | | Conflicts: activesupport/test/xml_mini/jdom_engine_test.rb
| * bumping to rc2Aaron Patterson2013-03-061-1/+1
| |
| * Preparing for 3.2.13.rc1 releaseSteve Klabnik2013-02-271-2/+2
| |
* | Fix `ActiveSupport::TimeZone.parse` when time is a local DST jumpAndrew White2013-03-131-6/+16
|/ | | | | | | | | | | | | The previous implementation `ActiveSupport::TimeZone.parse` used `Time.parse` which applies the system time DST rules to the parsed time. Instead we now use `Time.utc` and manually apply the offset. Backport tests from: 005d910624bbfa724b638426a000c8074d4201a2 c89b6c4cdce7ee55ed3665c099d914222fe0344a 03becb13099c439f6aea5058546bc8b0b19b8db8 Fixes #9678.
* Update RUBY_VERSION check for performance testing to handle 2.0.0mikeycgto2013-02-241-1/+1
|
* added marshal_load and marshal_dump for ProxyTestResult. Behavior of ↵SHIBATA Hiroshi2013-02-241-2/+10
| | | | method_missing with Marshal.dump and Marshal.load is changing in ruby 2.0.0 later.
* search private and protected methods for convert_keyAaron Patterson2013-02-243-4/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 21:02:31 +0000