github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
24,493 Commits 34 Branches 105 Tags
3-1-github
Commit Graph

24493 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aman Gupta
a03ab928c0 bump mail 2014-03-20 19:01:55 -07:00
Aman Gupta
cb105585af newer thor 2014-03-20 18:59:37 -07:00
Aman Gupta
50febe331d more builder 2014-03-20 18:57:50 -07:00
Aman Gupta
cf254c1fda newer builder 2014-03-20 18:54:42 -07:00
Aman Gupta
d7f3535548 newer sprockets 2014-03-20 18:46:43 -07:00
Aman Gupta
d9cef4719c bump gem dependencies 2012-10-03 17:07:59 -07:00
Pratik Naik
2d6d8a72a3 Ensure association preloading properly merges default scope and association conditions 2012-08-28 12:50:06 -07:00
Xavier Noria
e6e9e565da CHANGELOGs are now per branch 
Check 810a50d for the rationale.
 2012-08-28 21:46:04 +02:00
Jon Leighton
e08268ba5a Increase benchmark time to 20 seconds. 
I think that 5 seconds was a bit low for our purposes.

Also enable it to be configured via env vars.

We also need to scale the number of records up/down depending on how
long we're running the benchmark for.

Conflicts:
	activerecord/examples/performance.rb
 2012-08-17 15:20:26 +01:00
Jon Leighton
20d6f70926 Use benchmark/ips to measure AR performance 
This means we can more easily compare numbers, and we don't have to
specify a single N for all reports, which previously meant that some
tests were running many more/fewer iterations than necessary.

Conflicts:
	Gemfile
	activerecord/examples/performance.rb
 2012-08-17 11:57:21 +01:00
Rafael Mendonça França
4f12e3a3a5 Remove warning when using html_escape with Ruby 1.9. 
Closes #7323
 2012-08-15 19:06:14 -03:00
Carlos Antonio da Silva
8181b7230b Add html_escape note to CHANGELOG 
This was added to all other branches, but 3-1 missed the entry.

3-0-stable: 954e262636
3-2-stable: ae2383d90a
master: 5c07be5f7fb7e6417c09751c7fb9bb98a63d9917
 2012-08-15 12:53:05 -03:00
Santiago Pastorino
38bf9cf368 Bump to 3.1.8 2012-08-09 16:22:39 -03:00
Santiago Pastorino
e8d78e7836 Add CHANGELOG entries 2012-08-09 16:20:17 -03:00
Santiago Pastorino
63e67ea1a6 Do not mark strip_tags result as html_safe 
Thanks to Marek Labos & Nethemba

CVE-2012-3465
 2012-08-09 15:58:33 -03:00
Santiago Pastorino
b6a0a1166f escape select_tag :prompt values 
CVE-2012-3463
 2012-08-09 15:49:08 -03:00
Santiago Pastorino
d0c9759d3a html_escape should escape single quotes 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
 2012-08-06 21:39:35 -03:00
Aaron Patterson
d314a48a40 bumping to 3.1.7 2012-07-26 14:58:51 -07:00
Aaron Patterson
6cf68d797d updating rails release date 2012-07-26 14:55:18 -07:00
Aaron Patterson
140a70a72b updating changelog with CVE 2012-07-26 13:32:08 -07:00
Aaron Patterson
eb69ad2155 * Do not convert digest auth strings to symbols. CVE-2012-3424 2012-07-26 13:31:12 -07:00
Aaron Patterson
a4b8a7e8ca updating changelog 2012-07-23 14:32:54 -07:00
Aaron Patterson
28e744d682 adding a test for #6459 2012-06-14 10:55:30 -07:00
Xavier Noria
666a48a303 removes item in the Active Record CHANGELOG 
That change to update_attribute was considered
to be too subtle and was reverted in 30ea923
just before Rails 3 shipped. Later we introduced
update_column (Rails 3.1).
 2012-06-14 11:47:27 +02:00
Aaron Patterson
63dce16202 updating changelogs 2012-06-12 14:03:38 -07:00
Aaron Patterson
4e7d571918 bumping version numbers 2012-06-11 15:48:26 -07:00
Aaron Patterson
bee42f3a0a updating changelogs with security fixes 2012-06-11 15:48:04 -07:00
Aaron Patterson
75d039f1d4 adding version number to changelogs 2012-06-11 15:46:26 -07:00
Aaron Patterson
64e30e8b34 Merge branch '3-1-stable-sec' into 3-1-stable-rel 
* 3-1-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
 2012-06-11 15:42:40 -07:00
Rafael Mendonça França
3e2c00a1dc Mysql and Mysql2 adapters accepts only two arguments in the tables 
method.

Fix build http://travis-ci.org/#!/rails/rails/builds/1594492
 2012-06-11 18:09:09 -03:00
kennyj
8e6ed58e43 Change the string to use in test case. 
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
	activerecord/test/cases/adapters/mysql2/schema_test.rb
 2012-06-11 11:27:54 -07:00
kennyj
023eaf8ab9 Fix GH #3163. Should quote database on mysql/mysql2. 
Conflicts:

	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb

Conflicts:

	activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
	activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
 2012-06-11 11:27:45 -07:00
Aaron Patterson
f4174ad429 Array parameters should not contain nil values. 2012-06-10 22:47:42 -05:00
Ernie Miller
8355abf153 Additional fix for CVE-2012-2661 
While the patched PredicateBuilder in 3.1.5 prevents a user
from specifying a table name using the `table.column` format,
it doesn't protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
 2012-06-08 17:26:52 -05:00
Aaron Patterson
a1a71ab855 Merge branch '3-1-rel' into 3-1-stable 
* 3-1-rel:
  bumping to 3.1.5
  updating the CHANGELOG
  bumping to 3.1.5.rc1
 2012-05-31 11:26:57 -07:00
Aaron Patterson
aa6e56b86f Merge branch '3-1-stable-sec' into 3-1-stable 
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
 2012-05-31 11:26:07 -07:00
Aaron Patterson
aa18c0cac0 bumping to 3.1.5 2012-05-31 10:42:35 -07:00
Aaron Patterson
a7ed19814b updating the CHANGELOG 2012-05-31 10:41:47 -07:00
Aaron Patterson
a9c1898b3e Merge branch '3-1-stable-sec' into 3-1-rel 
* 3-1-stable-sec:
  Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
  predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
 2012-05-31 10:29:46 -07:00
Aaron Patterson
5b83bbfab7 Strip [nil] from parameters hash. 
Thanks to Ben Murphy for reporting this!

CVE-2012-2660
 2012-05-30 15:13:55 -07:00
Aaron Patterson
b71d4ab9d7 predicate builder should not recurse for determining where columns. 
Thanks to Ben Murphy for reporting this

CVE-2012-2661
 2012-05-30 15:05:19 -07:00
Rafael Mendonça França
2f428152fa Merge pull request #6532 from freerange/3-1-stable-minitest-passthrough-exceptions 
Exceptions like Interrupt should not be rescued in tests.
 2012-05-29 04:03:18 -07:00
James Mead
4cd32854f6 Exceptions like Interrupt should not be rescued in tests. 
This is a back-port of rails/rails#6525. See the commit notes there for
details.
 2012-05-29 11:26:45 +01:00
Aaron Patterson
bd8ee8c912 bumping to 3.1.5.rc1 2012-05-28 11:54:56 -07:00
Rafael Mendonça França
a74b6a023b Merge pull request #3237 from sakuro/data-url-scheme 
Support data: url scheme
 2012-05-13 19:15:00 -03:00
Santiago Pastorino
e7f8f5f9bd Merge pull request #6300 from guilleiguaran/upgrade-sprockets-3-1-stable 
Upgrade sprockets to 2.0.4
 2012-05-13 09:35:23 -07:00
Guillermo Iguaran
03e2895834 Upgrade sprockets to 2.0.4 2012-05-13 03:08:37 -05:00
Santiago Pastorino
d2ae95583f Merge pull request #6263 from arunagw/3-1-stable 
3 1 stable
 2012-05-11 08:10:46 -07:00
Arun Agrawal
200d3daa30 Ruby-Prof works with 1.9.3. Let's run. 2012-05-11 17:55:52 +05:30
Piotr Sarnacki
7b7bf33c05 Merge pull request #6261 from carlosantoniodasilva/fix-build-3-1 
Fix build 3-1-stable
 2012-05-10 17:16:09 -07:00