Closes#9806.
As the `through_options` always contained `{:order=>nil}` the second time,
the preloader ran, the association was always reset. This patch only
adds the `:order` to the `through_options` if it is set.
* 3-2-13:
bumping to 3.2.13
fix protocol checking in sanitization [CVE-2013-1857]
JDOM XXE Protection [CVE-2013-1856]
fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
stop calling to_sym when building arel nodes [CVE-2013-1854]
Merge pull request #9616 from exviva/multiple_select_name_double_square_brackets
bumping to rc2
Revert "Merge pull request #8209 from senny/backport_8176"
Freeze columns only once per Result
Preparing for 3.2.13.rc1 release
Update CHANGELOGs for 3.2.13 release.
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
This reverts commit 7240202784, reversing
changes made to e4e2bcce75.
Conflicts:
activerecord/CHANGELOG.md
activerecord/lib/active_record/relation/calculations.rb
activerecord/test/cases/calculations_test.rb
* This has been fixed at master via `365b8b6`, but not at 3-2-stable branch.
* @stale_state should be nil when a model isn't saved. via `0f3901e`.
* set @stale_state to nil when reset the target.
The build only failed for ruby-1.8.7 and pg. The problem was that the statement:
```ruby
author = Author.includes(:comments_with_order_and_conditions, :posts).first
```
resulted in Author with ID 2 where on all other rubies / db-engines Author with ID 1
was retunred. Of course this breaks the assertions.
Backport #9252.
Conflicts:
activerecord/CHANGELOG.md
activerecord/test/cases/associations/eager_test.rb
The preloader code on 3-2-stable is not based on relations but on option hashes.
I had to modify the original patch and comparing the option hashes could be more
fuzzy than comparing the relations. All the tests passed though.
Previously, when `time_zone_aware_attributes` were enabled, after
changing a datetime or timestamp attribute and then changing it back
to the original value, `changed_attributes` still tracked the
attribute as changed. This caused `[attribute]_changed?` and
`changed?` methods to return true incorrectly.
Example:
in_time_zone 'Paris' do
order = Order.new
original_time = Time.local(2012, 10, 10)
order.shipped_at = original_time
order.save
order.changed? # => false
# changing value
order.shipped_at = Time.local(2013, 1, 1)
order.changed? # => true
# reverting to original value
order.shipped_at = original_time
order.changed? # => false, used to return true
end
(cherry picked from commit bc982cbcb34129ea2cfe8aa1f8e0b40e444e68db)
Conflicts:
activerecord/CHANGELOG.md
activerecord/lib/active_record/attribute_methods/time_zone_conversion.rb
Backport of #9073Fixes#8898
Issue #6115 has been fixed and tested with
the attribute `:null => false, :default => ""`
However `:null => false` attribute is not necessary to test this issue,
which causes many ORA-01400 errors with Oracle enhanced adapter.
This reverts commit 88a296dccc, reversing
changes made to 666a7e34f5.
Conflicts:
activerecord/CHANGELOG.md
Reason: this has been resulting in some hard to track bugs and is
introducing a possible breackage in a stable version.
This reverts commit ee43989575.
It would appear that #7661 had unintended consequences to the API. Until
we can sort those out, this should not be in 3.2.x, and wait for 4.0.0.
Some tests were raising the following error:
Could not log "sql.active_record" event. NoMethodError: undefined method
`type' for nil:NilClass`
Due to the way binds were being logged, the column info was considered
always present, but that is not true for some of the tests listed in the
issue.
Closes#8806.
Conflicts:
activerecord/lib/active_record/log_subscriber.rb
activerecord/test/cases/log_subscriber_test.rb
Conflict resolution:
- Revert ruby 1.9 style hash to support ruby 1.8
- Do not include 8f59ffce into 3-2-stable
* 3-2-sec:
bumping version
CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml.
* Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * dealing with empty hashes. Thanks Damien Mathieu
Avoid Rack security warning no secret provided
Conflicts:
actionpack/CHANGELOG.md
activerecord/CHANGELOG.md
activesupport/CHANGELOG.md
Also covers any non-castable case by returning nil, which
is in-line with the intention of the former implementation,
but covers the odd cases which respond to to_i but raise
an error when it's called, such as NaN, Infinity and -Infinity.
Fixes#8757
Backport of #8781
Conflicts:
activerecord/CHANGELOG.md
activerecord/test/cases/column_test.rb
This commit fixes a bug introduced in 96a13fc7 which breaks behaviour of
integer fields in 3.2.8.
In 3.2.8, setting the value of an integer field to a non-integer (eg.
Array, Hash, etc.) would default to 1 (true) :
# 3.2.8
p = Post.new
p.category_id = [ 1, 2 ]
p.category_id # => 1
p.category_id = { 3 => 4 }
p.category_id # => 1
In 3.2.9 and above, this will raise a NoMethodError :
# 3.2.9
p = Post.new
p.category_id = [ 1, 2 ]
NoMethodError: undefined method `to_i' for [1, 2]:Array
Whilst at first blush this appear to be sensible, it combines in bad
ways with scoping.
For example, it is common to use scopes to control access to data :
@collection = Posts.where(:category_id => [ 1, 2 ])
@new_post = @collection.new
In 3.2.8, this would work as expected, creating a new Post object
(albeit with @new_post.category_id = 1). However, in 3.2.9 this will
cause the NoMethodError to be raised as above.
It is difficult to avoid triggering this error without descoping before
calling .new, breaking any apps running on 3.2.8 that rely on this
behaviour.
This patch deviates from 3.2.8 in that it does not retain the somewhat
spurious behaviour of setting the attribute to 1. Instead, it explicitly
sets these invalid values to nil :
p = Post.new
p.category_id = [ 1, 2 ]
p.category_id # => nil
This also fixes the situation where a scope using an array will
"pollute" any newly instantiated records.
@new_post = @collection.new
@new_post.category_id # => nil
Finally, 3.2.8 exhibited a behaviour where setting an object to an
integer field caused it to be coerced to "1". This has not been
retained, as it is spurious and surprising in the same way that setting
Arrays and Heshes was :
c = Category.find(6)
p = Post.new
# 3.2.8
p.category_id = c
p.category_id # => 1
# This patch
p.category_id = c
p.category_id # => nil
This commit includes explicit test cases that expose the original issue
with calling new on a scope that uses an Array. As this is a common
situation, an explicit test case is the best way to prevent regressions
in the future.
It also updates and separates existing tests to be explicit about the
situation that is being tested (eg. AR objects vs. other objects vs.
non-integers)
* 3-2-sec:
CVE-2012-5664 options hashes should only be extracted if there are extra parameters
updating changelog
updating the changelogs
updating the changelog for the CVE
Add release date of Rails 3.2.9 to documentation
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activerecord/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
