| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
|
|
|
|
|
|
|
| |
the ERB scaffold generator.
We are trying to teach the data attributes as best practices and
`:confirm` will be deprecated in 4.0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
option"
Revert "Deprecate `:disable_with` in favor of `'data-disable-with'` option for `button_to` and `submit_tag` helpers."
This reverts commit fc092a9cba5fceec38358072e50e09250cf58840.
This reverts commit e9051e20aeb2c666db06b6217954737665878db7.
This reverts commit d47d6e7eda3aa3e6aa28d0c17ac6801234bb97d1.
This reverts commit 21141e777bdce8534e3755c8de7268324b3d8714.
|
|
|
|
| |
[ci skip]
|
|\
| |
| | |
Update documentation for Rails::Application#env_config
|
| | |
|
| |
| |
| |
| | |
Updated scaffold_controller generator docs #7146
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
instead of update_column"
This reverts commit 9fa06c3d9811113259cb6e00a3a8454b3974add7.
This reverts commit 17a64de4980683da3ca3c185205013a29a8cf88d.
This reverts commit def9c85ffbdcf63e6c412b6bd4abafaa32ccdb5c, reversing
changes made to 6b7d26cf3c061907aedc44f7f36776c9b36950fd.
Reason: This was supposed to be released with 3.2.7 before the
suggestion to use update_column. Since it was not release now is not
good to suggest to use another method because it will confusing the
people.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update `test_help` to config properly turn natural language option.
Last versions of Turn don't monkey patch MiniTest to setup
the natural language option. Here is an [example](https://github.com/TwP/turn/blob/master/try/test_autorun_minitest.rb#L3).
This patches the following behaviour:
$ rake test:units
`<top (required)>': undefined method `use_natural_language_case_names='
for MiniTest::Unit:Class (NoMethodError)
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 3-2-rel:
updating release date
bumping to 3.2.7
updating the changelog
* Do not convert digest auth strings to symbols. CVE-2012-3424
updating the version
updating changelogs
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Fix: 'rake rails:templates:copy' doesn't work
Conflicts:
railties/test/application/rake_test.rb
|
|
|
|
| |
(closes #6672)
|
|\
| |
| | |
Fix issue 6673
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
if we are passing -T which is skip_test_unit
See issue #6673 for more details.
I saw that we are not creating dummy app even if
we do skip_test_unit.
Fixes #6673
|
|/ |
|
|
|
|
|
|
|
|
|
| |
dangerous especially with Rack::Cache), it should only be loaded when the flash method is called"
This reverts commits e3069c64b2c5ddc7a5789b55b8efd4902d9e9729 and 2b2983d76fd11efc219273036a612f47cfaa5bfa.
Reason: This add a non-backward compatible change in the way that flash
works now (swept in every request).
|
|
|
|
|
|
|
|
|
|
|
|
| |
This deprecation applies to:
`button_to`
`button_tag`
`image_submit_tag`
`link_to`
`submit_tag`
As :confirm is an UI specific option is better to use the data attributes,
teaching users about unobtrusive JavaScript and how Rails works with it.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| | |
* 3-2-rel:
bumping to 3.2.4
adding security notifications to CHANGELOGs
updating changelogs
Merge pull request #6558 from parndt/fix_regression
|
| | |
|
| | |
|
|\|
| |
| |
| |
| |
| |
| | |
* 3-2-stable-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
bumping to 3.2.4.rc1
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
'therubyracer'.
Dependency.rb expects the symbol to be named :platforms as opposed to platform. RubyMine's inspections indicate that the symbol should be named :platforms.
Updating tests.
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
railites_order method, introduced in 40b19e0, had a bug that was causing
loading application instance twice in initializers if railties_order
already included application instance. So for example
railties_order = [Foo::Engine, :main_app, Bar::Engine]
would result in such railties array:
[MyApp::Application, Foo::Engine, MyAppApplication, Bar::Engine]
In order to fix it, we need to check for existence of application in
both railties_order and railties arrays.
|
|
|
|
|
|
|
| |
Using require in development mode will prevent required files from
reloading, even if they're changed. In order to keep namespaced
application_controller reloadable, we need to use require_dependency
instead of require.
|
|
|
|
|
|
|
|
|
| |
Add more info on how to write a good commit messages along with
example showing nicely formatted commit message.
Rails git history does not look too well when you try to figure out why
particular changes were introduced. We can do much better than that and
it's never too late to start.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In development mode, dependencies are loaded dynamically at runtime,
using `const_missing`. Because of that, when one of the constants is
already loaded and `const_missing` is not triggered, user can end up
with unexpected results.
Given such file in an Engine:
```ruby
module Blog
class PostsController < ApplicationController
end
end
```
If you load it first, before loading any application files, it will
correctly load `Blog::ApplicationController`, because second line will
hit `const_missing`. However if you load `ApplicationController` first,
the constant will be loaded already, `const_missing` hook will not be
fired and in result `PostsController` will inherit from
`ApplicationController` instead of `Blog::ApplicationController`.
Since it can't be fixed in `AS::Dependencies`, the easiest fix is to
just explicitly load application controller.
closes #6413
|
|
|
| |
If one wants to use use SASS for application.css.sass the comment block indentation is invalid.
|
| |
|
|
|
|
| |
Signed-off-by: José Valim <jose.valim@gmail.com>
|
| |
|
|
|
|
| |
Closes #6286.
|
|
|
|
| |
closes #4894
|
|
|
|
|
|
| |
Conflicts:
railties/guides/source/caching_with_rails.textile
|