github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-13 16:47:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,305 Commits 34 Branches 105 Tags
github33
Commit Graph

10305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aman Gupta
55d463eeea merge routing_tricks plugin for subdomain routing 2013-03-05 17:21:59 -08:00
Aman Gupta
5f847d2fa7 fix default to_a deprecation warnings 
lib/active_record/associations/association_proxy.rb:215: warning: default `to_a' will be obsolete
 2013-03-01 18:03:08 -08:00
Aman Gupta
e4652359c3 fix regression on ruby 1.8 /cc github/rails#4 2013-03-01 17:45:22 -08:00
Aman Gupta
a03cb40ce5 Merge pull request #4 from github/association-fix 
Ruby 2.0 compat
 2013-03-01 17:06:55 -08:00
Aman Gupta
9ab900156d fix for ruby 2.0 
this was manifesting as:

  NoMethodError: undefined method `insert_record' for #<Array:0x007fb0ca5fa7f8>
      gems/activerecord-2.3.14.github17/lib/active_record/associations/association_proxy.rb:149:in `send'

see http://tenderlovemaking.com/2012/09/07/protected-methods-and-ruby-2-0.html
 2013-03-01 17:02:58 -08:00
Aman Gupta
c6bbe648e8 whitespace 2013-03-01 17:02:10 -08:00
Aaron Patterson
dc6f44fae6 just use return value of load_target 2013-03-01 17:02:10 -08:00
Aaron Patterson
76e373c559 just call methods on return value of load_target 2013-03-01 17:02:06 -08:00
Aaron Patterson
1d8013e2ce @loaded is defined in initialize, so we should not need this 
Conflicts:
	activerecord/lib/active_record/associations/association_proxy.rb
 2013-03-01 17:01:29 -08:00
sblackstone
cb312a2e76 Association Proxy should not undefine the default respond_to_missing 
Conflicts:
	activerecord/lib/active_record/associations/association_proxy.rb
 2013-02-28 18:56:30 -08:00
Aman Gupta
e7be98f40c Revert "fix multiple queries when chaining named scopes" 
This reverts commit d43ecd5b32.
 2013-02-28 18:50:26 -08:00
Aman Gupta
d8f1980343 remove tmail 2013-02-28 18:49:27 -08:00
Aman Gupta
76d83c0d5c use OutputBuffer#safe_append= for <%== to avoid extra string allocations 2013-02-26 01:07:29 -08:00
Aman Gupta
7335865bd9 avoid method call 2013-02-26 01:06:36 -08:00
Aman Gupta
e43316238d flush whitespace before statements to preserve line numbers 2013-02-25 22:13:11 -08:00
Aman Gupta
c3c6f25ec7 Merge pull request #3 from github/no-escape_once 
XSS escaping
 2013-02-24 21:47:24 -08:00
Aman Gupta
331461a65e optimize generated erb to reduce method calls 
before:

        ');@output_buffer.append= ( content_icon row[:content] );@output_buffer.safe_concat('
');@output_buffer.safe_concat('        ');@output_buffer.append= ( spinner_img );@output_buffer.safe_concat('
');@output_buffer.safe_concat('      </td>
      <td class="content">
        ');@output_buffer.append= ( content_link row[:content] );@output_buffer.safe_concat('
');@output_buffer.safe_concat('      </td>
      <td class="message">
');

after:

        ';@output_buffer.append=( content_icon row[:content] );@output_buffer.safe_append='
        ';@output_buffer.append=( spinner_img );@output_buffer.safe_append='
      </td>
      <td class="content">
        ';@output_buffer.append=( content_link row[:content] );@output_buffer.safe_append='
      </td>
      <td class="message">
';
 2013-02-22 02:56:17 -08:00
Aman Gupta
fd05501b4d ActionView::OutputBuffer and Erubis handler from rails 3.2 2013-02-21 06:03:01 -08:00
Aman Gupta
0fa76e01de ActiveSupport::SafeBuffer from upstream rails 3.2 2013-02-21 04:54:58 -08:00
Aman Gupta
1c215bab58 integrate monkey-patches from rails_xss/action_view 2013-02-21 03:20:01 -08:00
Aman Gupta
c7238a0746 faster html escaping code from rails master 2013-02-21 02:44:37 -08:00
Aman Gupta
71123b2913 fix boot on 1.9.3-p385 
rails-2.3.14.github14/lib/initializer.rb:906:in `replace': can't modify frozen String (RuntimeError)
  from gems/rails-2.3.14.github14/lib/initializer.rb:906:in `set_root_path!'
  from gems/rails-2.3.14.github14/lib/initializer.rb:860:in `initialize'
  from gems/rails-2.3.14.github14/lib/initializer.rb:110:in `new'
  from gems/rails-2.3.14.github14/lib/initializer.rb:110:in `run'
  from github/config/environment.rb:22:in `<top (required)>'
 2013-02-20 02:45:37 -08:00
Xavier Noria
2eede7e5ac s/escape_once/html_escape/, since html safety is the contract that now says whether something has to be escaped 
Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_view/helpers/form_tag_helper.rb
	actionpack/lib/action_view/helpers/url_helper.rb
	actionpack/test/template/url_helper_test.rb
 2013-02-16 20:44:20 -08:00
Xavier Noria
507b8182cf url_for no longer escapes HTML, the :escape option is also gone 
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.

Backported to 2.3. Conflicts:
	actionpack/CHANGELOG
	actionpack/lib/action_view/helpers/url_helper.rb
	actionpack/test/template/url_helper_test.rb
 2013-02-16 20:32:13 -08:00
rizwanreza
3df96518be Allow content_tag options to take an array [#1741 state:resolved] [rizwanreza, Nick Quaranto] 
Example:
  content_tag('p', "limelight", :class => ["song", "play"])
  # => <p class="song play">limelight</p>

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
 2013-02-16 20:22:41 -08:00
Aman Gupta
84420c7f12 short-circuit String#blank? when string is empty 2013-02-16 17:06:30 -08:00
Aman Gupta
c57e85fd13 Revert "ignore "invalid byte sequence in UTF-8" from String#=~" 
This reverts commit 18e9b2ffc9.
 2013-02-16 17:05:59 -08:00
Corey Donohoe
2eca011798 Merge pull request #2 from github/cve-2013-0277 
apply patch for cve-2013-0277
 2013-02-11 10:51:52 -08:00
Corey Donohoe
f6cf01337f apply patch for cve-2013-0277 2013-02-11 10:47:45 -08:00
Corey Donohoe
0ad86343c6 Merge pull request #1 from github/cve-2013-0333 
Backport Patches for CVE-2013-0333
 2013-01-28 16:33:32 -08:00
Corey Donohoe
42524c2bf1 backport patches for CVE-2013-0333 
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
 2013-01-28 13:23:53 -08:00
rick
46f1ddbff9 backport dynamic finder fix (CVE-2012-5664) 2013-01-02 15:02:25 -07:00
Aman Gupta
b18f5c9af1 bump mocha dependency 2012-12-08 20:35:13 -08:00
Aman Gupta
18e9b2ffc9 ignore "invalid byte sequence in UTF-8" from String#=~ 2012-11-15 04:33:45 -08:00
Aman Gupta
9ec3637bc5 backport String#encoding_aware? and String#blank? encoding fixes from rails3 2012-11-13 20:50:29 -08:00
Aman Gupta
ba9248e6e3 Remove call to Kernel#gem 2012-11-09 14:47:38 -08:00
Joshua Peek
a27559cddf Skip primary key check for HABTM inserts 2012-09-05 21:43:48 -05:00
Aman Gupta
e786726603 fix encoding errors inside ActiveSupport::BufferedLogger 
http://developer.uservoice.com/blog/2012/03/04/how-to-upgrade-a-rails-2-3-app-to-ruby-1-9-3/
 2012-08-17 18:14:52 -07:00
Aman Gupta
a1d2a22047 fix TZInfo on ruby 1.9 
http://developer.uservoice.com/blog/2012/03/04/how-to-upgrade-a-rails-2-3-app-to-ruby-1-9-3/
 2012-08-16 11:52:43 -07:00
Aman Gupta
d43ecd5b32 fix multiple queries when chaining named scopes 
https://rails.lighthouseapp.com/projects/8994/tickets/5410-multiple-database-queries-when-chaining-named-scopes-with-rails-238-and-ruby-192
 2012-08-15 17:35:23 -07:00
Aman Gupta
61359bf6ad Use String#encode to do transliteration on ruby 1.9 2012-08-15 11:30:20 -07:00
Aman Gupta
a2beda1177 force binary strings when logging sql statements 2012-08-14 12:52:51 -07:00
Aman Gupta
52c895d565 handle load errors on 1.9 
https://github.com/rails/rails/pull/3745
http://groups.google.com/group/rubyonrails-core/browse_thread/thread/81be70a119260e59?pli=1
 2012-08-14 12:52:31 -07:00
Aman Gupta
74f90612ec avoid iconv require warning on 1.9 2012-08-14 12:52:01 -07:00
Justin Collins
a6eb61b7e4 Fix SQL injection via nested hashes in conditions 2.3.14.github2 2012-06-12 23:14:10 -07:00
Ryan Tomayko
fe11782158 Merge remote-tracking branch 'github/rack-1.x' into 2-3-github 2.3.14.github 2011-11-17 12:57:09 -08:00
Ryan Tomayko
899e99a025 pin to rack ~> 1.1 instead of ~> 1.1.0 
Some pretty gnarly bugs and security issues are present in the
latest rack 1.1.x release. There are 1.2.x and 1.3.x releases that
correct these.

This changes the gem dependencies to allow for rack versions > 1.1.
At GitHub we're on 1.2.4 (latest 1.2.x release at present) and
should have some results from real world testing soon.
 2011-11-17 12:51:32 -08:00
Aaron Patterson
e0774e4730 fixing utf8 escape vulerability 2011-08-16 14:58:39 -07:00
Aaron Patterson
60f783d9ce fixing strip tags vulnerability 2011-08-16 14:58:13 -07:00
Aaron Patterson
6b46d65597 fixing sql injection problem 2011-08-16 14:57:48 -07:00