| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Generated engines should call `protect_from_forgery`. If this method
isn't called, then the Engine could be susceptible to XSS attacks.
Thanks @tomekr for reporting this to us!
Conflicts:
railties/lib/rails/generators/rails/plugin/templates/app/controllers/%namespaced_name%/application_controller.rb.tt
railties/test/generators/plugin_generator_test.rb
|
| |
|
| |
|
|
|
|
|
| |
Instead show a error message asking users to add the gem to their
Gemfile if test-unit could not be loaded.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Comply with current umask when generating new app
Conflicts:
railties/lib/rails/generators/rails/app/app_generator.rb
|
|
|
|
|
|
| |
Conflicts:
railties/guides/rails_guides.rb
railties/lib/rails/tasks/documentation.rake
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Minitest expects the first argument in `ARGV` to be the path to a test file.
Because `rails benchmarker` and `rails profiler` define an on-the-fly test-case,
using the first `ARGV` to pass the code to execute this results in:
```
/Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:167:in `block in non_options': file not found: 1000.times{"a string"} (ArgumentError)
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:146:in `map!'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:146:in `non_options'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:207:in `non_options'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:52:in `process_args'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/minitest/unit.rb:891:in `_run'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/minitest/unit.rb:884:in `run'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:21:in `run'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:326:in `block (2 levels) in autorun'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:27:in `run_once'
from /Users/senny/.rbenv/versions/1.9.3-p374/lib/ruby/1.9.1/test/unit.rb:325:in `block in autorun'
```
clearing ARGV after defining the test-case solves this issue.
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
backport runner fixes to 3-2-stable
Conflicts:
railties/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| | |
Add a runner hook to Rails::Application and Rails::Engine that requires
ActiveRecord::Base to avoid circular constant loading when using observers.
This commit backports cc7dd66, c0ba0f0 and 8d01c61.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes Scaffold generator with --assets=false
Conflicts:
railties/CHANGELOG.md
Conflicts:
railties/CHANGELOG.md
railties/lib/rails/generators/rails/scaffold/scaffold_generator.rb
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Moral of the story: One must be careful about lazily initializing
instance variables when subclassing.
I would like to draw your attention to https://github.com/rails/rails/issues/4652 where
the reader will see that there appears to be some kind of initialization issue
in rails.
The source of this issue is that:
1) Engine#env_config contains "@env_config ||= ..."
2) Application#env_config contains "@env_config ||= ..."
3) Threads are in the picture
4) Thread A calls Application#env_config, which super's to Engine#env_config
5) After Engine#env_config returns but before Application#env_config sets @env_config again, Thread B begins running
6) Thread B calls Application#env_config
7) Thread B finds @env_config to contain a value (the one set by Engine#env_config) and returns it
8) Thread B blows up because key set by Application#env_config are there.
9) People report bugs with puma, thin, rainbows, webrick, etc
10) Evan becomes tired of seeing these bugs
11) Evan pours himself a stiff drink, puts on Top Gear(tm), and begins debugging
12) Evan finds the source of the bug
13) Evan authors a PR
14) RIGHT NOW.
The bug is fixed by simply using a different ivar name in the methods.
Alternately, Engine#env_config could just return a new Hash each time, not memoizing into @env_config.
I bid you adieu.
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-sec:
bumping version
remove ruby-prof
Fix issue with attr_protected where malformed input could circumvent protection
fixing call to columns hash. run the damn tests when you backport!
Bump rack dependency to 1.4.5
Merge pull request #9224 from dylanahsmith/bigdecimal-takes-string
Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric
Conflicts:
Gemfile
activerecord/CHANGELOG.md
|
| | | |
|
|\| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
|
| | | |
|
| | |
| | |
| | |
| | | |
[ci skip]
|
|\| |
| | |
| | |
| | | |
Latest released tag was not fully merged into the stable branch (missed version bumping)
|
| | | |
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
railties/CHANGELOG.md
railties/lib/rails/generators/test_unit/model/model_generator.rb
railties/lib/rails/generators/test_unit/model/templates/fixtures.yml
railties/test/generators/model_generator_test.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you generate a full engine, this will include rake tasks from
your gem under the `app` namespace. For example if you have a dependency
on `rspec-rails` in your engine's `gemspec`. You will get the task `app:spec`
Closes #8229
Conflicts:
railties/CHANGELOG.md
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `plugin new` generator always adds the dummy app rake tasks,
when a dummy app was created.
Closes #8224
Conflicts:
railties/CHANGELOG.md
|
|/
|
|
|
|
|
| |
Plugin generator crashes when using the --dummy-path option
Code was assuming the application name in `config/application.rb`
was module Dummy.
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 53778ec2d716f860646fd43957fd53c8db4da2fe.
Closes #8146
|
| |
|
| |
|