Charlie Somerville
cedf026a14
bump version to github33
2013-12-30 15:45:48 +11:00
Charlie Somerville
7ac3b0fa4f
Merge pull request #34 from github/remove-cgi
...
Remove CGI support
2013-12-29 19:56:48 -08:00
Charlie Somerville
31cd7ea26d
remove this NCGI stuff
2013-12-30 14:29:27 +11:00
Charlie Somerville
df387ab385
remove FastCGI crap
2013-12-30 14:28:24 +11:00
Charlie Somerville
0118959601
remove the webrick server
2013-12-30 14:26:08 +11:00
Charlie Somerville
83448c7de5
remove dispatch.rb and gateway.cgi
2013-12-30 14:23:00 +11:00
Charlie Somerville
8f99d00868
require properly
2013-12-30 14:23:00 +11:00
Charlie Somerville
987b61bd1d
kill QueryExtension, it's more dead junk
2013-12-30 14:15:55 +11:00
Charlie Somerville
f05e54a9f3
remove stdinput monkey patch
2013-12-30 14:15:51 +11:00
Charlie Somerville
b9918117bb
delete ActionController::CGIHandler and CgiRequest
2013-12-30 14:11:07 +11:00
Charlie Somerville
42f85d118d
don't autoload CGIHandler and CgiRequest
2013-12-30 14:10:28 +11:00
Charlie Somerville
acb182d094
@output is never used anywhere, kill it
2013-12-30 14:09:20 +11:00
Charlie Somerville
6e0fcb788d
remove CGI from the dispatcher
2013-12-30 14:09:00 +11:00
Charlie Somerville
fed4fafa8a
Merge pull request #33 from github/dont-reload-middleware-stack-every-request
...
Don't reload middleware stack every request
2013-12-29 19:07:59 -08:00
Charlie Somerville
f699184047
test that we never call build_middleware_stack after initialization
2013-12-30 13:59:18 +11:00
Charlie Somerville
55d6a9f2df
don't reload the middleware stack every request in development
2013-12-30 13:53:48 +11:00
Ted Nyman
e5bebc01a8
Merge pull request #32 from github/bump-to-github32
...
Bump to 2.3.14.github32
2013-12-03 14:53:14 -08:00
Ted Nyman
a019f07a39
Bump to 2.3.14.github32
2013-12-03 14:50:02 -08:00
Ted Nyman
d13866d75d
Merge pull request #30 from github/CVE-2013-6417
...
CVE-2013-6417
2013-12-03 14:46:53 -08:00
Nathan Witmer
dfa2f469a4
Merge pull request #31 from github/currency-security-fix
...
CVE-2013-6415: Escape the unit value provided to number_to_currency
2013-12-03 14:41:51 -08:00
Nathan Witmer
bf0d43bb77
Only escape value if present
2013-12-03 14:47:38 -07:00
Nathan Witmer
72cebbcb59
Escape the unit value provided to number_to_currency
...
Fixes CVE-2013-6415.
Previously the values were trusted blindly allowing for potential XSS attacks.
This is different from the original upstream patch for 3.x in that return values
from other number helper methods are not marked as html_safe, so the html
escaping always applies. This requires applications to explicitly set .html_safe
on unit strings and number separators when calling number_to_currency.
2013-12-03 14:32:26 -07:00
Ted Nyman
379dd9071c
Documentation for #deep_munge
2013-12-03 13:24:11 -08:00
Ted Nyman
a743f17dbd
#deep_munge for CVE-2013-6417
2013-12-03 13:23:02 -08:00
Charlie Somerville
25b896611d
Merge pull request #29 from github/tzinfo-json
...
Load timezone data from one big marshalled file
2013-12-03 00:38:50 -08:00
Charlie Somerville
b988837359
load definitions from a marshalled file
2013-12-03 19:32:36 +11:00
Charlie Somerville
890aff3b9d
use vendored tzinfo
2013-12-03 18:10:11 +11:00
Charlie Somerville
c0124ba8f3
bump RAILS_VERSION
2013-12-02 20:43:27 +11:00
Charlie Somerville
455cd8c060
Merge pull request #28 from github/dont-turn-constant-names-into-strings
...
Don't turn constant names into strings prematurely
2013-12-02 01:27:18 -08:00
Charlie Somerville
5d322ad957
delete Module#local_constant_names
2013-12-02 20:09:05 +11:00
Charlie Somerville
3b6b4578c4
don't return anything interesting from require or load_with_new_constant_marking
2013-12-02 19:51:45 +11:00
Charlie Somerville
981016be60
call local_constants instead of local_constant_names
2013-12-02 19:40:28 +11:00
Aman Gupta
3c1e01068b
faster String#blank? regex
2013-11-21 13:53:47 -08:00
Charlie Somerville
e42c679e43
Merge pull request #27 from github/remove-activeresource
...
Remove ActiveResource
2013-11-12 14:17:01 -08:00
Charlie Somerville
5c4dfa63f7
remove references to active_resource
2013-11-11 19:21:01 -08:00
Charlie Somerville
c394fd82fa
delete references to activeresource
2013-11-11 19:17:45 -08:00
Charlie Somerville
49933594c1
delete activeresource/
2013-11-11 19:17:20 -08:00
Charlie Somerville
94fae25703
forgot railties
2013-11-10 15:22:21 -05:00
Charlie Somerville
05cb9e6854
depend on the right versions
2013-11-10 15:20:15 -05:00
Charlie Somerville
1a5734e0b5
use RAILS_VERSION file
2013-11-10 11:43:01 -05:00
Charlie Somerville
24e5712294
Merge pull request #26 from github/kill-whiny-nils
...
Kill whiny nils
2013-10-29 20:32:13 -07:00
Charlie Somerville
8f6bafc333
💀 whiny nils
2013-10-29 20:25:48 -07:00
Charlie Somerville
c717a84b5d
Merge pull request #24 from github/avoid-extension-when-instantiating-extended-association
...
Avoid extension when instantiating extended association
2013-10-29 20:23:28 -07:00
Charlie Somerville
d537304b20
replace :: with _ to avoid wrong constant name exceptions
2013-10-29 20:16:52 -07:00
Charlie Somerville
ca90ecf2cb
use terrible hacks to make this work when rails tries to marshal
2013-10-29 20:06:11 -07:00
Charlie Somerville
4bb1d3ef20
cache a class with the extend module pre-included
2013-10-29 20:06:11 -07:00
John Barnette
3b7754c950
Merge pull request #25 from github/activesupport-concern
...
Pull in ActiveSupport::Concern
2013-10-29 12:10:45 -07:00
John Barnette
75638c576b
Pull in ActiveSupport::Concern
...
We have quite a few module dependency situations that this can help
clarify.
2013-10-29 12:03:54 -05:00
Charlie Somerville
76884dd7f7
Merge pull request #22 from github/actionview-proxy-module-method-cache-nuke
...
Don't globally invalidate the method and constant cache every view render
2013-10-25 11:43:48 -07:00
Charlie Somerville
29a72262aa
here too
2013-10-25 12:46:48 -04:00
