github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-15 01:28:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,234 Commits 34 Branches 105 Tags
github26
Commit Graph

10234 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aman Gupta
71123b2913 fix boot on 1.9.3-p385 
rails-2.3.14.github14/lib/initializer.rb:906:in `replace': can't modify frozen String (RuntimeError)
  from gems/rails-2.3.14.github14/lib/initializer.rb:906:in `set_root_path!'
  from gems/rails-2.3.14.github14/lib/initializer.rb:860:in `initialize'
  from gems/rails-2.3.14.github14/lib/initializer.rb:110:in `new'
  from gems/rails-2.3.14.github14/lib/initializer.rb:110:in `run'
  from github/config/environment.rb:22:in `<top (required)>'
 2013-02-20 02:45:37 -08:00
Xavier Noria
2eede7e5ac s/escape_once/html_escape/, since html safety is the contract that now says whether something has to be escaped 
Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_view/helpers/form_tag_helper.rb
	actionpack/lib/action_view/helpers/url_helper.rb
	actionpack/test/template/url_helper_test.rb
 2013-02-16 20:44:20 -08:00
Xavier Noria
507b8182cf url_for no longer escapes HTML, the :escape option is also gone 
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.

Backported to 2.3. Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_view/helpers/url_helper.rb
	actionpack/test/template/url_helper_test.rb
 2013-02-16 20:32:13 -08:00
rizwanreza
3df96518be Allow content_tag options to take an array [#1741 state:resolved] [rizwanreza, Nick Quaranto] 
Example:
  content_tag('p', "limelight", :class => ["song", "play"])
  # => <p class="song play">limelight</p>

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2013-02-16 20:22:41 -08:00
Aman Gupta
84420c7f12 short-circuit String#blank? when string is empty 2013-02-16 17:06:30 -08:00
Aman Gupta
c57e85fd13 Revert "ignore "invalid byte sequence in UTF-8" from String#=~" 
This reverts commit 18e9b2ffc9.
 2013-02-16 17:05:59 -08:00
Corey Donohoe
2eca011798 Merge pull request #2 from github/cve-2013-0277 
apply patch for cve-2013-0277
 2013-02-11 10:51:52 -08:00
Corey Donohoe
f6cf01337f apply patch for cve-2013-0277 2013-02-11 10:47:45 -08:00
Corey Donohoe
0ad86343c6 Merge pull request #1 from github/cve-2013-0333 
Backport Patches for CVE-2013-0333
 2013-01-28 16:33:32 -08:00
Corey Donohoe
42524c2bf1 backport patches for CVE-2013-0333 
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
 2013-01-28 13:23:53 -08:00
rick
46f1ddbff9 backport dynamic finder fix (CVE-2012-5664) 2013-01-02 15:02:25 -07:00
Aman Gupta
b18f5c9af1 bump mocha dependency 2012-12-08 20:35:13 -08:00
Aman Gupta
18e9b2ffc9 ignore "invalid byte sequence in UTF-8" from String#=~ 2012-11-15 04:33:45 -08:00
Aman Gupta
9ec3637bc5 backport String#encoding_aware? and String#blank? encoding fixes from rails3 2012-11-13 20:50:29 -08:00
Aman Gupta
ba9248e6e3 Remove call to Kernel#gem 2012-11-09 14:47:38 -08:00
Joshua Peek
a27559cddf Skip primary key check for HABTM inserts 2012-09-05 21:43:48 -05:00
Aman Gupta
e786726603 fix encoding errors inside ActiveSupport::BufferedLogger 
http://developer.uservoice.com/blog/2012/03/04/how-to-upgrade-a-rails-2-3-app-to-ruby-1-9-3/
 2012-08-17 18:14:52 -07:00
Aman Gupta
a1d2a22047 fix TZInfo on ruby 1.9 
http://developer.uservoice.com/blog/2012/03/04/how-to-upgrade-a-rails-2-3-app-to-ruby-1-9-3/
 2012-08-16 11:52:43 -07:00
Aman Gupta
d43ecd5b32 fix multiple queries when chaining named scopes 
https://rails.lighthouseapp.com/projects/8994/tickets/5410-multiple-database-queries-when-chaining-named-scopes-with-rails-238-and-ruby-192
 2012-08-15 17:35:23 -07:00
Aman Gupta
61359bf6ad Use String#encode to do transliteration on ruby 1.9 2012-08-15 11:30:20 -07:00
Aman Gupta
a2beda1177 force binary strings when logging sql statements 2012-08-14 12:52:51 -07:00
Aman Gupta
52c895d565 handle load errors on 1.9 
https://github.com/rails/rails/pull/3745
http://groups.google.com/group/rubyonrails-core/browse_thread/thread/81be70a119260e59?pli=1
 2012-08-14 12:52:31 -07:00
Aman Gupta
74f90612ec avoid iconv require warning on 1.9 2012-08-14 12:52:01 -07:00
Justin Collins
a6eb61b7e4 Fix SQL injection via nested hashes in conditions 2.3.14.github2 2012-06-12 23:14:10 -07:00
Ryan Tomayko
fe11782158 Merge remote-tracking branch 'github/rack-1.x' into 2-3-github 2.3.14.github 2011-11-17 12:57:09 -08:00
Ryan Tomayko
899e99a025 pin to rack ~> 1.1 instead of ~> 1.1.0 
Some pretty gnarly bugs and security issues are present in the
latest rack 1.1.x release. There are 1.2.x and 1.3.x releases that
correct these.

This changes the gem dependencies to allow for rack versions > 1.1.
At GitHub we're on 1.2.4 (latest 1.2.x release at present) and
should have some results from real world testing soon.
 2011-11-17 12:51:32 -08:00
Aaron Patterson
e0774e4730 fixing utf8 escape vulerability 2011-08-16 14:58:39 -07:00
Aaron Patterson
60f783d9ce fixing strip tags vulnerability 2011-08-16 14:58:13 -07:00
Aaron Patterson
6b46d65597 fixing sql injection problem 2011-08-16 14:57:48 -07:00
Aaron Patterson
fb1588c5ff 2.3.14. yay. :'( 2011-08-16 14:57:05 -07:00
Aaron Patterson
dea5a10f71 bumping to 2.3.13 2011-08-16 14:34:14 -07:00
Aaron Patterson
11dafeaa75 fixing response splitting problem 2011-08-16 14:25:45 -07:00
Aaron Patterson
bb99aa1149 adding notification for rdoc 2011-08-16 14:24:44 -07:00
Aaron Patterson
b132992978 we should not ignore all gems in here 2011-08-04 16:34:20 -07:00
Xavier Noria
78a1fda7c8 contrib app minor tweak 2011-07-27 13:23:42 -07:00
José Valim
8d02083f23 Merge pull request #1740 from Antiarchitect/2-3-stable 
Fix OrderedHash merging with block given.
 2011-06-17 06:25:39 -07:00
Andrey Voronkov
b1c36b7088 Added tests for OrderedHash merging with block. 2011-06-16 23:56:39 -07:00
Andrey Voronkov
b2d4142fb7 Fix OrderedHash merging with block given. 2011-06-16 16:47:29 -07:00
Brian Cardarella
1aae5e70ef Remove deprecation warning for ActiveRecord::Errors#generate_message. This is the same API that ActiveModel ended up using and that won't be changing. 2011-06-09 14:59:33 -07:00
Aaron Patterson
a2a34133d8 find the spec from the source index, then activate it 2011-06-06 20:22:47 -07:00
Ryan Davis
79aa54d0c7 + Switched to newer rdoc and gem package tasks (and their requires). 
+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.
 2011-05-25 01:49:15 -07:00
Ryan Davis
3ad5fd1879 Removed the bulk of the deprecations by simply not calling refresh. 
This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.
 2011-05-12 16:02:41 -07:00
Ryan Davis
4c3725723f Fixed buggy gem activation. Don't pass a dependency to gem, pass the 
name and requirement. Better, just activate the spec for the
dependency (1.8 only)
 2011-05-12 16:01:56 -07:00
Ryan Davis
c20a4d18e3 Removed buggy GemDependency#requirement override. Overrides should NEVER change the semantics of the parent (returning nil if default). 2011-05-12 16:01:10 -07:00
Ryan Davis
01a9fbbcca Fix broken GemDependency#==. You should ALWAYS check the class! 2011-05-12 16:00:28 -07:00
Ryan Davis
8d4ca9edc6 Fix stupid emacsisms. Just makes things more readable. 2011-05-12 16:00:03 -07:00
José Valim
d793a56121 Merged pull request #198 from robdimarco/2-3-stable. 
Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash
 2011-04-28 00:37:53 -07:00
José Valim
f424efe97f Merged pull request #331 from daphonz/2-3-stable. 
Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11
 2011-04-28 00:20:15 -07:00
Casey Dreier
9f7ff621bd Fixing dynamic finders on associations to properly send arguments to the find_by_* method. Closes issue #330. 
Commit fdfc8e3b9 introduced a bugfix to prevent additional values passed
to a dynamic find_or_create_by_x methods from confusing the finder.
This patch also broke the essential behavior of this method on an
association by incorrectly sending arguments to the find_by_x methods.
The finder method would always see its inputs as a single array of
values instead of individual arguments, almost guaranteeing that the
finder call would be incorrect, and that we'd always create a new
record instead.

This patch adds a splat operator to the parameter array we send along to
the dynamic finder so that it receives its inputs correctly, and
includes an additional test to ensure that repeated calls to
find_or_create_by_x only creates one new record.
 2011-04-27 21:57:24 -04:00
gmarik
b0be721dd9 respect :expire_after option 
- it was broken after
[commit](e0eb8e9c65)
- there's also
[issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option)

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114)

Signed-off-by: José Valim <jose.valim@gmail.com>
 2011-04-14 13:48:35 +02:00