AtHeartEngineer/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-11 07:38:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,327 Commits 34 Branches 105 Tags
github37
Commit Graph

10327 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Charlie Somerville
3d72818356 Merge pull request #43 from github/i18n-0.6.9 
i18n 0.4.1
github37 		2014-01-20 18:05:20 -08:00
Charlie Somerville
221477dc21 fix this bit 2014-01-21 12:51:40 +11:00
Charlie Somerville
975155c110 use i18n 0.6.9 as a gem 2014-01-21 12:33:39 +11:00
Charlie Somerville
2931987892 delete vendored i18n-0.4.1 2014-01-21 12:25:44 +11:00
Charlie Somerville
e3290b98dd Merge pull request #42 from github/dont-test-on-1.9 
Don't run tests on 1.9.3
 2014-01-20 17:25:13 -08:00
Charlie Somerville
20088080a5 Don't run tests on 1.9.3 2014-01-21 12:23:05 +11:00
Dirkjan Bussink
24e348489d github36 2014-01-17 18:10:31 +01:00
Dirkjan Bussink
ba4f4f8a01 Treat mysql in the name as a mysql driver 2014-01-17 18:05:20 +01:00
Aman Gupta
ccf254b6cb build using 2.1 first 2014-01-15 01:10:18 -08:00
Mislav Marohnić
3766b1b377 github35 github35 2014-01-13 13:58:57 -08:00
Mislav Marohnić
d3f87776a3 Merge pull request #41 from github/disable-generated-id 
Disable auto-generated form field IDs by passing nil for "id" attribute
 2014-01-13 13:57:38 -08:00
Mislav Marohnić
18c7c1f753 Disable auto-generated form field IDs by passing nil for "id" attribute 
Previously it was not possible to opt out of auto-generated ID values
for various form fields.
 2014-01-13 13:22:06 -08:00
Aman Gupta
f63b0340ff github34 github34 2014-01-08 21:04:30 -08:00
Aman Gupta
7224ee1419 Merge pull request #37 from github/erb-freeze 
Freeze ERB string literals
 2014-01-08 20:33:01 -08:00
Aman Gupta
0c52ae6df3 Merge pull request #39 from github/write-fragment-fix 
Fix fragment caching in mixed encoding scenario
 2014-01-08 20:32:40 -08:00
Aman Gupta
f8b7cd2df7 Merge pull request #40 from github/ruby-2.1 
Ruby 2.1
 2014-01-08 20:32:12 -08:00
Aman Gupta
c73ba86136 use new 2.1 api 2014-01-08 18:03:55 -08:00
Aman Gupta
98fa5dd465 build on ruby 2.1 2014-01-08 17:46:13 -08:00
Mislav Marohnić
fa41bedf6b Don't rely on default encoding always being ASCII-8BIT 2014-01-08 17:41:17 -08:00
Aman Gupta
0a8282c557 freeze literals 2014-01-08 17:28:31 -08:00
Mislav Marohnić
d4a4facfcc Add test for extracting the cache fragment with mixed encodings 2014-01-08 17:12:18 -08:00
Aman Gupta
dd4146854a Fix fragment caching in mixed encodings scenario 
To reduce ambiguity between char- and byte-based operations, explicitly
do byte operations when extracting the fragment that needs to be cached.
 2014-01-08 16:35:55 -08:00
Charlie Somerville
cedf026a14 bump version to github33 github33 2013-12-30 15:45:48 +11:00
Charlie Somerville
7ac3b0fa4f Merge pull request #34 from github/remove-cgi 
Remove CGI support
 2013-12-29 19:56:48 -08:00
Charlie Somerville
31cd7ea26d remove this NCGI stuff 2013-12-30 14:29:27 +11:00
Charlie Somerville
df387ab385 remove FastCGI crap 2013-12-30 14:28:24 +11:00
Charlie Somerville
0118959601 remove the webrick server 2013-12-30 14:26:08 +11:00
Charlie Somerville
83448c7de5 remove dispatch.rb and gateway.cgi 2013-12-30 14:23:00 +11:00
Charlie Somerville
8f99d00868 require properly 2013-12-30 14:23:00 +11:00
Charlie Somerville
987b61bd1d kill QueryExtension, it's more dead junk 2013-12-30 14:15:55 +11:00
Charlie Somerville
f05e54a9f3 remove stdinput monkey patch 2013-12-30 14:15:51 +11:00
Charlie Somerville
b9918117bb delete ActionController::CGIHandler and CgiRequest 2013-12-30 14:11:07 +11:00
Charlie Somerville
42f85d118d don't autoload CGIHandler and CgiRequest 2013-12-30 14:10:28 +11:00
Charlie Somerville
acb182d094 @output is never used anywhere, kill it 2013-12-30 14:09:20 +11:00
Charlie Somerville
6e0fcb788d remove CGI from the dispatcher 2013-12-30 14:09:00 +11:00
Charlie Somerville
fed4fafa8a Merge pull request #33 from github/dont-reload-middleware-stack-every-request 
Don't reload middleware stack every request
 2013-12-29 19:07:59 -08:00
Charlie Somerville
f699184047 test that we never call build_middleware_stack after initialization 2013-12-30 13:59:18 +11:00
Charlie Somerville
55d6a9f2df don't reload the middleware stack every request in development 2013-12-30 13:53:48 +11:00
Ted Nyman
e5bebc01a8 Merge pull request #32 from github/bump-to-github32 
Bump to 2.3.14.github32
 2013-12-03 14:53:14 -08:00
Ted Nyman
a019f07a39 Bump to 2.3.14.github32 2013-12-03 14:50:02 -08:00
Ted Nyman
d13866d75d Merge pull request #30 from github/CVE-2013-6417 
CVE-2013-6417
 2013-12-03 14:46:53 -08:00
Nathan Witmer
dfa2f469a4 Merge pull request #31 from github/currency-security-fix 
CVE-2013-6415: Escape the unit value provided to number_to_currency
 2013-12-03 14:41:51 -08:00
Nathan Witmer
bf0d43bb77 Only escape value if present 2013-12-03 14:47:38 -07:00
Nathan Witmer
72cebbcb59 Escape the unit value provided to number_to_currency 
Fixes CVE-2013-6415.

Previously the values were trusted blindly allowing for potential XSS attacks.

This is different from the original upstream patch for 3.x in that return values
from other number helper methods are not marked as html_safe, so the html
escaping always applies. This requires applications to explicitly set .html_safe
on unit strings and number separators when calling number_to_currency.
 2013-12-03 14:32:26 -07:00
Ted Nyman
379dd9071c Documentation for #deep_munge 2013-12-03 13:24:11 -08:00
Ted Nyman
a743f17dbd #deep_munge for CVE-2013-6417 2013-12-03 13:23:02 -08:00
Charlie Somerville
25b896611d Merge pull request #29 from github/tzinfo-json 
Load timezone data from one big marshalled file
 2013-12-03 00:38:50 -08:00
Charlie Somerville
b988837359 load definitions from a marshalled file 2013-12-03 19:32:36 +11:00
Charlie Somerville
890aff3b9d use vendored tzinfo 2013-12-03 18:10:11 +11:00
Charlie Somerville
c0124ba8f3 bump RAILS_VERSION github31 2013-12-02 20:43:27 +11:00