The standard Ruby behavior for Time.at is to return the same type of
time when passing an instance of Time as a single argument. Since the
an ActiveSupport::TimeWithZone instance may be a different timezone than
the system timezone and DateTime just understands offsets the best we
can do is to return an instance of Time with the correct offset.
It also maintains the correct fractional second value as well.
Fixes#11350.
Backports:
484253515c0e05760541dc48946361185c9e6904
1b3873730b96035a238dbff7627bd5942e6dc4e7
Time.at allows passing a single Time argument which is then converted
to an integer. The conversion code since 1.9.3r429 explicitly checks
for an instance of Time so we need to override it to allow DateTime
and ActiveSupport::TimeWithZone values.
This reverts commit 815a9431ab.
Conflicts:
activesupport/test/json/encoding_test.rb
Reason: This was causing a regression where the resulting string is always
returning UTF-8. Also it changes the behavior of this method on a stable release.
Fixes#9498.
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
The previous implementation `ActiveSupport::TimeZone.parse` used `Time.parse`
which applies the system time DST rules to the parsed time. Instead we now
use `Time.utc` and manually apply the offset.
Backport tests from:
005d910624bbfa724b638426a000c8074d4201a2
c89b6c4cdce7ee55ed3665c099d914222fe0344a
03becb13099c439f6aea5058546bc8b0b19b8db8
Fixes#9678.
For some reason, redirecting cache's logger to '/dev/null' resulting in
a test failures and LoadError. I think it's because of Thread issue.
Instead of trying to make every logger threadsafe for Rails 3.2, I think
it's better to just don't set the logger for now.
(Note: resetting the logger back to original value in the teardown block
didn't fix the problem.)
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
(cherry picked from commit e2e513621d732abb8efff9120bd9a444836720d6)
(cherry picked from commit dcdde7da481e11660634278a8004175a1ce20f39)
Backport of #6183, original issue was #6179
Conflicts:
activesupport/lib/active_support/core_ext/time/calculations.rb
activesupport/test/core_ext/time_ext_test
Signed-off-by: Andrew White <andyw@pixeltrix.co.uk>
The encoding scheme (e.g. ☠ -> "\u2620") was broken for characters
not in the Basic Multilingual Plane. It is possible to escape them
for json using the weird encoding scheme of a twelve-character
sequence representing the UTF-16 surrogate pair (e.g. '𠜎' ->
"\u270e\u263a") but this wasn't properly handled in the escaping code.
Since raw UTF-8 is allowed in json, it was decided to simply pass
through the raw bytes rather than attempt to escape them.
Backport of 9ace3a8820
Conflicts:
activesupport/CHANGELOG.md
activesupport/lib/active_support/json/encoding.rb
activesupport/test/json/encoding_test.rb
Ruby 1.8 does not support this format in Time, so the format will only
be added to the available date formats on Ruby 1.9. Changelog entry was
changed to explain that as well.
Setting options in a custom `#as_json` method had side effects.
Modifications of the `options` hash leaked outside and influenced
the conversion of other objects contained in the hash.
Conflicts:
activesupport/CHANGELOG.md
* 3-2-stable-security:
Ensure [] respects the status of the buffer.
delete vulnerable AS::SafeBuffer#[]
use AS::SafeBuffer#clone_empty for flushing the output_buffer
add AS::SafeBuffer#clone_empty
fix output safety issue with select options
