rails.git - Mirror of official rails repo with custom fixes.

	Commit message (Collapse)	Author	Age	Files	Lines
*	[skip ci] Fix typos in actionpack changelog and security guide	Anton Davydov	2015-05-07	1	-1/+1
\|
*	Merge pull request #19446 from ↵	Zachary Scott	2015-04-14	1	-4/+6
\|\ \| \| \| \| \| \| \| \|	andersonDadario/fix_security_guide_captcha_03_21_2015 Fix security guide captcha 03 21 2015 [ci skip]
\| *	[ci skip] Fix for Security Guide - Captcha Section	Anderson Dadario	2015-03-22	1	-4/+6
\| \|
* \|	Remove old and not working link. [ci skip]	Santosh Wadghule	2015-03-28	1	-1/+1
\|/
*	Merge pull request #18503 from vipulnsward/guides-in-on	Xavier Noria	2015-01-14	1	-1/+1
\|\ \| \| \| \|	Changed `IN` to `ON` in markdown renderer condition
\| *	- Changed `IN` to `ON` in markdown renderer condition	Vipul A M	2015-01-14	1	-1/+1
\| \| \| \| \| \| \| \|	- Changed `IN` to `ON` in all note sentences in guides.
* \|	Guides: Removing reference to blog that is not updated anymore [ci skip]	Andrey Nering	2015-01-13	1	-1/+0
\|/
*	Avoid displaying new lines inside note paragraphs	Robin Dupret	2015-01-03	1	-1/+8
\| \| \| \| \| \| \| \| \| \| \| \| \|	Commit 65a2977 added a `pre-wrap` style for white spaces on `.note` paragraphs. However, this is first inconsistent as other notes like warnings don't have this style applied. Furthermore, it seems to be unneeded for mobile devices. Also revert changes made in #18147 since they aren't needed anymore. Cross-refs #18138. [ci skip]
*	warn about reading guides in GitHub	Xavier Noria	2014-12-23	1	-0/+2
\| \| \| \|	References #18148.
*	Do not use line breaks on notes [ci skip]	Andrey Nering	2014-12-22	1	-6/+1
\| \| \| \|	References #18138
*	s/a unobtrusive/an unobtrusive [ci skip]	Zachary Scott	2014-12-22	1	-1/+1
\|
*	Add note about Ajax and CSRF-Token [ci skip]	Andrey Nering	2014-12-20	1	-1/+8
\|
*	Don't convert empty arrays to nils when deep munging params	Chris Sinjakli	2014-12-15	1	-4/+4
\|
*	Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip]	Javier Vidal	2014-11-22	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
*	[ci skip] re-worded section on CookieStore to make it more readable.	Tom Kadwill	2014-08-16	1	-3/+3
\|
*	Point to rubygems instead of Rails GitHub. [ci skip]	Rafael Mendonça França	2014-08-15	1	-1/+1
\| \| \| \|	The rails repository is not the official plugin anymore
*	Fixed link for in_place_editor [ci skip]	Arun Agrawal	2014-08-15	1	-1/+1
\| \| \| \|	closes #16512
*	correct markdown usage [ci skip]	Nishant Modak	2014-07-09	1	-6/+6
\|
*	remove rubyforge.org that was shut down [ci skip]	Gaurav Sharma	2014-06-06	1	-1/+1
\|
*	Replace first person point of view on guides.	Hendy Tanata	2014-05-16	1	-7/+7
\| \| \| \|	[skip ci]
*	[ci skip] Security guide clarity.	Kyle Heironimus	2014-05-01	1	-2/+2
\|
*	Remove statement assuming coffee shop/public space wifi is inherently insecure	Nick Quaranto	2014-04-19	1	-1/+1
\|
*	Include default rails protect_from_forgery with: :exception	PaulL1	2014-04-17	1	-4/+4
\| \| \| \| \| \|	Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align.
*	CSRF protection should rescue exception not extend	PaulL1	2014-04-17	1	-3/+2
\| \| \| \| \|	I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that.
*	[ci skip] Use plain underscore instead of "\_".	Juanito Fatas	2014-04-13	1	-2/+2
\|
*	W3C CSP document moved to gihub.io URL [ci skip]	Andy Callaghan	2014-04-05	1	-1/+1
\| \| \|	The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL
*	[ci skip] use secrets.secret_key_base instead of config.secret_key_base	Kuldeep Aggarwal	2014-03-01	1	-3/+10
\| \| \| \|	use secrets.yml instead of secret_token.rb
*	Add verb to sanitization note	Dave Jachimiak	2014-02-14	1	-1/+1
\|
*	Log which keys were set to nil in deep_munge	Lukasz Sarnacki	2014-01-28	1	-0/+43
\| \| \| \| \| \| \| \|	deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added.
*	clean up security guide: his => their [ci skip]	Rex Feng	2014-01-16	1	-1/+1
\|
*	[ci skip] Added alias to CSRF	Uday Kadaboina	2014-01-14	1	-2/+2
\|
*	CSRF protection from cross-origin <script> tags	Jeremy Kemper	2013-12-17	1	-3/+5
\| \| \| \|	Thanks to @homakov for sounding the alarm about JSONP-style data leaking
*	[ci skip] Removing some gender sensitive object pronouns	Tejas Dinkar	2013-12-02	1	-6/+6
\|
*	Use genderless pronouns in security guide. [ci skip]	Vipul A M	2013-12-02	1	-18/+18
\| \| \| \|	related #49ff20d9b164693ed7fee880b69cc14b141678b3
*	Update security.md	Adam	2013-11-08	1	-1/+1
\| \| \| \| \| \|	Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications"
*	incorrect url	Sergio	2013-09-16	1	-1/+1
\| \| \|	incorrect url
*	incorrect urls	Sergio	2013-09-16	1	-2/+2
\| \| \|	I've found two incorrects urls for adding ':' at the end of the url
*	surplus : in attachment_fu plugin	Sergio	2013-09-15	1	-1/+1
\| \| \|	surplus ':' character in url
*	Improves a sentence in guides/security	Hannes Fostie	2013-09-09	1	-1/+1
\| \| \| \|	Changed "... books make this wrong" to "... books get this wrong"
*	cleans the guides sources from fancy non-ASCII stuff	Xavier Noria	2013-08-23	1	-22/+22
\|
*	remove language about configuring digest method [ci skip]	Justin George	2013-07-31	1	-1/+1
\|
*	update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵	Justin George	2013-07-30	1	-1/+1
\| \| \| \|	SignedCookieStore [ci skip]
*	Remove double spaces in guides	Sunny Ripert	2013-05-28	1	-2/+2
\|
*	Simple grammar updates	Jonathan Roes	2013-05-03	1	-2/+2
\|
*	Fix typo "can exploited" with "can be exploited"	Leo Gallucci	2013-05-01	1	-1/+1
\|
*	Ruby On Rails -> Ruby on Rails [ci skip]	Xavier Noria	2013-04-16	1	-1/+1
\|
*	ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer ↵	sthollmann	2013-03-27	1	-1/+1
\| \| \| \|	available at the previous location
*	Remove mass-assignment line from guide summary	Andrew Wilcox	2013-01-25	1	-1/+0
\|
*	PUT => PATCH or PUT	Akira Matsuda	2013-01-02	1	-1/+1
\|
*	Updated security guide to reference secret_key_base instead of secret_token, ↵	Gary S. Weaver	2012-12-21	1	-3/+3
\| \| \| \|	with a little information about the change from CookieStore to EncryptedCookieStore.