| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Time.at allows passing a single Time argument which is then converted
to an integer. The conversion code since 1.9.3r429 explicitly checks
for an instance of Time so we need to override it to allow DateTime
and ActiveSupport::TimeWithZone values.
|
|
|
|
| |
The default enconding changed on Ruby 2.0
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 815a9431ab61376a7e8e1bdff21f87bc557992f8.
Conflicts:
activesupport/test/json/encoding_test.rb
Reason: This was causing a regression where the resulting string is always
returning UTF-8. Also it changes the behavior of this method on a stable release.
Fixes #9498.
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
|
| |
| |
| |
| |
| | |
Conflicts:
activesupport/test/xml_mini/jdom_engine_test.rb
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
The previous implementation `ActiveSupport::TimeZone.parse` used `Time.parse`
which applies the system time DST rules to the parsed time. Instead we now
use `Time.utc` and manually apply the offset.
Backport tests from:
005d910624bbfa724b638426a000c8074d4201a2
c89b6c4cdce7ee55ed3665c099d914222fe0344a
03becb13099c439f6aea5058546bc8b0b19b8db8
Fixes #9678.
|
|
|
|
|
|
|
|
|
|
| |
For some reason, redirecting cache's logger to '/dev/null' resulting in
a test failures and LoadError. I think it's because of Thread issue.
Instead of trying to make every logger threadsafe for Rails 3.2, I think
it's better to just don't set the logger for now.
(Note: resetting the logger back to original value in the teardown block
didn't fix the problem.)
|
|
|
|
| |
No sense over-testing this MRI-specific behavior. See ruby/ruby@8d6add973ebcb3b4c1efbfaf07786550a3e219af
|
| |
|
|
|
|
| |
Closes #8587
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
(cherry picked from commit e2e513621d732abb8efff9120bd9a444836720d6)
(cherry picked from commit dcdde7da481e11660634278a8004175a1ce20f39)
Backport of #6183, original issue was #6179
Conflicts:
activesupport/lib/active_support/core_ext/time/calculations.rb
activesupport/test/core_ext/time_ext_test
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The encoding scheme (e.g. ☠ -> "\u2620") was broken for characters
not in the Basic Multilingual Plane. It is possible to escape them
for json using the weird encoding scheme of a twelve-character
sequence representing the UTF-16 surrogate pair (e.g. '𠜎' ->
"\u270e\u263a") but this wasn't properly handled in the escaping code.
Since raw UTF-8 is allowed in json, it was decided to simply pass
through the raw bytes rather than attempt to escape them.
Backport of https://github.com/zbskii/rails/commit/9ace3a8820a5270f9b3f37b593f8bbea3e940f73
Conflicts:
activesupport/CHANGELOG.md
activesupport/lib/active_support/json/encoding.rb
activesupport/test/json/encoding_test.rb
|
| |
| |
| |
| |
| |
| | |
Ruby 1.8 does not support this format in Time, so the format will only
be added to the available date formats on Ruby 1.9. Changelog entry was
changed to explain that as well.
|
| |
| |
| |
| |
| |
| | |
Increase numeric-timestamp precision to nanoseconds
Conflicts:
activesupport/lib/active_support/core_ext/time/conversions.rb
|
| | |
|
| |
| |
| |
| | |
Introduced in 3e53fe6.
|
|/
|
|
|
|
|
|
|
|
| |
Setting options in a custom `#as_json` method had side effects.
Modifications of the `options` hash leaked outside and influenced
the conversion of other objects contained in the hash.
Conflicts:
activesupport/CHANGELOG.md
|
|
|
|
|
|
|
|
|
| |
Avoid memory leak from unflushed logs on other threads leaving tags behind.
Conflicts:
activesupport/CHANGELOG.md
activesupport/lib/active_support/tagged_logging.rb
activesupport/test/tagged_logging_test.rb
|
|
|
|
| |
format strings.
|
|
|
|
|
| |
Check 0180e090ab6cbe66f7b521a0c03e278a0463accd for more reasoning about
that.
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
| |
This reverts commit bcfa013399fd2c5b5d25c38912cba3560de1cc57.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Conflicts:
activesupport/lib/active_support/json/encoding.rb
activesupport/test/json/encoding_test.rb
|
|
|
|
|
| |
This is a back-port of rails/rails#6525. See the commit notes there for
details.
|
| |
|
|
|
|
|
|
| |
Conflicts:
activesupport/test/core_ext/duplicable_test.rb
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
* 3-2-stable-security:
Ensure [] respects the status of the buffer.
delete vulnerable AS::SafeBuffer#[]
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
|
| | |
|
| | |
|
| | |
|
|/ |
|
|
|
| |
Same as 91a9b2441783de118a2f9ec11b0aa3ae80133d91
|
| |
|
| |
|
|
|
|
|
|
| |
This reverts commit abe915f23777efe10f17d611bf5718ca855a0704.
This broke all existing keys and it's wrong anyway. The array is just there as a convenience option for building the string. It's intentional that [ "stuff"] and "stuff" generates the same key.
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
|
|
| |
Conflicts:
activesupport/test/callbacks_test.rb
|
| |
|
|
|
|
| |
activesupport tests.
|
|
|
|
| |
ActiveSupport::TaggedLogging::ERROR
|
|
|
|
| |
extend and define ::Base64 if needed
|