github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-04-26 03:00:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
20,746 Commits 34 Branches 105 Tags
0faa7ee2a05b261ef89fb4652eaa0cfeef86c1d5
Commit Graph

20746 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Santiago Pastorino and Emilio Tagua
0faa7ee2a0 Add missing require 2011-02-09 08:36:44 -02:00
Josh Kalderimis
3eb25fb880 fix for AS Gzip returning a UTF-8 string in Ruby 1.9 when it is actually binary [#6386 state:resolved] 
Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-02-09 10:27:01 +01:00
Aaron Patterson
5046120b97 comma limits do not make sense on oracle or pg 2011-02-08 16:54:07 -08:00
Aaron Patterson
c9182597ca reduce string append funcalls 2011-02-08 16:18:37 -08:00
Aaron Patterson
b45a90f9b0 redcloth does not install on 1.9.3 2011-02-08 16:01:36 -08:00
Aaron Patterson
1c6f4562d7 primary keys should not be cleared on cache clear, fixing oracle tests 2011-02-08 16:01:16 -08:00
Michael Koziarski
11061f410e Make rails.js include the CSRF token in the X-CSRF-Token header with every ajax request. 2011-02-08 14:57:34 -08:00
Michael Koziarski
ae19e4141f Change the CSRF whitelisting to only apply to get requests 
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447
 2011-02-08 14:57:08 -08:00
Aaron Patterson
0b58a7ff42 limit() should sanitize limit values 
This fixes CVE-2011-0448
 2011-02-08 14:21:12 -08:00
José Valim
6b1018526f Use Mime::Type references. 2011-02-08 14:14:26 -08:00
José Valim
b93c590297 Ensure render is case sensitive even on systems with case-insensitive filesystems. 
This fixes CVE-2011-0449
 2011-02-08 14:04:19 -08:00
Michael Koziarski
3ddd7f7ec9 Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. 
This fixes CVE-2011-0446
 2011-02-08 13:56:08 -08:00
Aaron Patterson
8ce57652b2 ignore max identifier length queries from pg 2011-02-08 13:38:05 -08:00
Santiago Pastorino
ee0b92ec7a fields_for with inline blocks and nested attributes already persisted does not render properly 
[#6381 state:committed]
 2011-02-08 18:04:12 -02:00
Carlos Antonio da Silva
631e23ec6c Add tests showing the LH issue #6381: fields_for with inline blocks and nested attributes already persisted 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-08 18:04:12 -02:00
Aaron Patterson
cd440236ad this test requires the job model, so we should require it 2011-02-08 11:31:46 -08:00
Aaron Patterson
51414a0893 use === so that regular expressions are not required 2011-02-08 10:48:01 -08:00
Aaron Patterson
1df3b65acc use === so that regular expressions are not required 2011-02-08 10:42:03 -08:00
Jan
9643243204 make set_table_name take effect immediately 2011-02-08 10:31:09 -08:00
Aaron Patterson
ac86923fca no more faker, rbench, or addressable 2011-02-07 19:53:22 -08:00
Aaron Patterson
ea25224046 cleaning up some warnings on 1.9.3 2011-02-07 16:44:27 -08:00
Aaron Patterson
08ef06dbf1 just return the record from insert_record, use truthiness for comparisons 2011-02-07 16:25:22 -08:00
Aaron Patterson
2b4de6621f require tag since we need it for this test 2011-02-07 16:09:33 -08:00
Jon Leighton
4f7bdc8f74 Documentation for recent refinements to association deletion 2011-02-07 23:35:05 +00:00
Jon Leighton
e62b576472 Refactor the implementations of AssociatioCollection#delete and #destroy to be more consistent with each other, and to stop passing blocks around, thus making the execution easier to follow. 2011-02-07 23:35:05 +00:00
Jon Leighton
d9870d92f7 This string should continue 2011-02-07 23:35:05 +00:00
Jon Leighton
52f09eac5b Correctly update counter caches on deletion for has_many :through [#2824 state:resolved]. Also fixed a bunch of other counter cache bugs in the process, as once I fixed this one others started appearing like nobody's business. 2011-02-07 23:35:05 +00:00
Jon Leighton
05bcb8cecc Support the :dependent option on has_many :through associations. For historical and practical reasons, :delete_all is the default deletion strategy employed by association.delete(*records), despite the fact that the default strategy is :nullify for regular has_many. Also, this only works at all if the source reflection is a belongs_to. For other situations, you should directly modify the through association. 2011-02-07 23:35:05 +00:00
Jon Leighton
d55406d2e9 Make record.association.destroy(*records) on habtm and hm:t only delete records in the join table. This is to make the destroy method more consistent across the different types of associations. For more details see the CHANGELOG entry. 2011-02-07 23:35:05 +00:00
Aaron Patterson
5f1ea2a26b we do not use this method, so delete 2011-02-07 15:28:49 -08:00
Aaron Patterson
30bba95a04 update ignored SQL for oracle 2011-02-07 15:12:21 -08:00
Aaron Patterson
1193709cd6 removing some freedom patches. use notification system to count sql queries 2011-02-07 14:35:11 -08:00
Aaron Patterson
9f773d66b5 mysql2 should log these sql statements 2011-02-07 14:35:11 -08:00
Aaron Patterson
60da34b4be notifier should be saved and re-set, not deleted 2011-02-07 14:35:11 -08:00
Santiago Pastorino
933adce8f4 Use map + flatten here 2011-02-07 19:15:06 -02:00
Aaron Patterson
0de661d6c7 the connection pool caches table_exists? calls 2011-02-07 09:26:52 -08:00
Nathaniel Bibler
285fdbae2b Fixed broken, memoized attributes method example 
[#6245 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-07 14:44:37 -02:00
Timothy N. Tsvetkov
7a77425901 Updated form rails guide for new place of authenticity_token option 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-07 10:50:58 -02:00
Akira Matsuda
65e08cfb4f do not to_s where you are testing that a string value is stored for the before_type_cast 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-07 09:52:24 -02:00
Akira Matsuda
40aefb9301 avoid nil.dup 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-07 09:51:51 -02:00
wycats
1fd9d978a7 Add initial FileWatcher implementation. The Backend is just an abstract implementation, which will be inherited by backends that do the heavy lifting. 2011-02-06 13:42:22 -08:00
Dan Pickett
3026843dc1 put authenticity_token option in parity w/ remote 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 19:04:52 -02:00
John Hawthorn
a3f5d7159d fix db:fixtures:load with FIXTURES specified [#6061 state:resolved] 
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 18:45:42 -02:00
Andre Arko
10cab35d3b Allow page_cache_directory to be set as a Pathname 
For example, page_cache_directory = Rails.root.join("public/cache")

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-06 17:55:38 -02:00
Carl Lerche
cf9324e590 Find all validators for multiple attributes 2011-02-05 20:27:02 -08:00
Carl Lerche
cd13fbd8d8 Optionally pass in the attribute being validated to an instance method validator 2011-02-05 16:44:35 -08:00
Carl Lerche
e9e9ed6b60 Be able to pass a validator method to #validates 2011-02-05 16:33:00 -08:00
Carl Lerche
ed7614aa7d Provide a way to specify alternate option keys for validates 2011-02-05 16:00:57 -08:00
Carl Lerche
7176ade35b Do not require that validation attributes be specified as symbols 2011-02-05 15:37:38 -08:00
Timothy N. Tsvetkov
b9309b47cd Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers. 
[#6228 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
 2011-02-05 18:58:32 -02:00