Charlie Somerville
f05e54a9f3
remove stdinput monkey patch
2013-12-30 14:15:51 +11:00
Charlie Somerville
b9918117bb
delete ActionController::CGIHandler and CgiRequest
2013-12-30 14:11:07 +11:00
Charlie Somerville
42f85d118d
don't autoload CGIHandler and CgiRequest
2013-12-30 14:10:28 +11:00
Charlie Somerville
acb182d094
@output is never used anywhere, kill it
2013-12-30 14:09:20 +11:00
Charlie Somerville
6e0fcb788d
remove CGI from the dispatcher
2013-12-30 14:09:00 +11:00
Charlie Somerville
fed4fafa8a
Merge pull request #33 from github/dont-reload-middleware-stack-every-request
...
Don't reload middleware stack every request
2013-12-29 19:07:59 -08:00
Charlie Somerville
f699184047
test that we never call build_middleware_stack after initialization
2013-12-30 13:59:18 +11:00
Charlie Somerville
55d6a9f2df
don't reload the middleware stack every request in development
2013-12-30 13:53:48 +11:00
Ted Nyman
e5bebc01a8
Merge pull request #32 from github/bump-to-github32
...
Bump to 2.3.14.github32
2013-12-03 14:53:14 -08:00
Ted Nyman
a019f07a39
Bump to 2.3.14.github32
2013-12-03 14:50:02 -08:00
Ted Nyman
d13866d75d
Merge pull request #30 from github/CVE-2013-6417
...
CVE-2013-6417
2013-12-03 14:46:53 -08:00
Nathan Witmer
dfa2f469a4
Merge pull request #31 from github/currency-security-fix
...
CVE-2013-6415: Escape the unit value provided to number_to_currency
2013-12-03 14:41:51 -08:00
Nathan Witmer
bf0d43bb77
Only escape value if present
2013-12-03 14:47:38 -07:00
Nathan Witmer
72cebbcb59
Escape the unit value provided to number_to_currency
...
Fixes CVE-2013-6415.
Previously the values were trusted blindly allowing for potential XSS attacks.
This is different from the original upstream patch for 3.x in that return values
from other number helper methods are not marked as html_safe, so the html
escaping always applies. This requires applications to explicitly set .html_safe
on unit strings and number separators when calling number_to_currency.
2013-12-03 14:32:26 -07:00
Ted Nyman
379dd9071c
Documentation for #deep_munge
2013-12-03 13:24:11 -08:00
Ted Nyman
a743f17dbd
#deep_munge for CVE-2013-6417
2013-12-03 13:23:02 -08:00
Charlie Somerville
25b896611d
Merge pull request #29 from github/tzinfo-json
...
Load timezone data from one big marshalled file
2013-12-03 00:38:50 -08:00
Charlie Somerville
b988837359
load definitions from a marshalled file
2013-12-03 19:32:36 +11:00
Charlie Somerville
890aff3b9d
use vendored tzinfo
2013-12-03 18:10:11 +11:00
Charlie Somerville
c0124ba8f3
bump RAILS_VERSION
2013-12-02 20:43:27 +11:00
Charlie Somerville
455cd8c060
Merge pull request #28 from github/dont-turn-constant-names-into-strings
...
Don't turn constant names into strings prematurely
2013-12-02 01:27:18 -08:00
Charlie Somerville
5d322ad957
delete Module#local_constant_names
2013-12-02 20:09:05 +11:00
Charlie Somerville
3b6b4578c4
don't return anything interesting from require or load_with_new_constant_marking
2013-12-02 19:51:45 +11:00
Charlie Somerville
981016be60
call local_constants instead of local_constant_names
2013-12-02 19:40:28 +11:00
Aman Gupta
3c1e01068b
faster String#blank? regex
2013-11-21 13:53:47 -08:00
Charlie Somerville
e42c679e43
Merge pull request #27 from github/remove-activeresource
...
Remove ActiveResource
2013-11-12 14:17:01 -08:00
Charlie Somerville
5c4dfa63f7
remove references to active_resource
2013-11-11 19:21:01 -08:00
Charlie Somerville
c394fd82fa
delete references to activeresource
2013-11-11 19:17:45 -08:00
Charlie Somerville
49933594c1
delete activeresource/
2013-11-11 19:17:20 -08:00
Charlie Somerville
94fae25703
forgot railties
2013-11-10 15:22:21 -05:00
Charlie Somerville
05cb9e6854
depend on the right versions
2013-11-10 15:20:15 -05:00
Charlie Somerville
1a5734e0b5
use RAILS_VERSION file
2013-11-10 11:43:01 -05:00
Charlie Somerville
24e5712294
Merge pull request #26 from github/kill-whiny-nils
...
Kill whiny nils
2013-10-29 20:32:13 -07:00
Charlie Somerville
8f6bafc333
💀 whiny nils
2013-10-29 20:25:48 -07:00
Charlie Somerville
c717a84b5d
Merge pull request #24 from github/avoid-extension-when-instantiating-extended-association
...
Avoid extension when instantiating extended association
2013-10-29 20:23:28 -07:00
Charlie Somerville
d537304b20
replace :: with _ to avoid wrong constant name exceptions
2013-10-29 20:16:52 -07:00
Charlie Somerville
ca90ecf2cb
use terrible hacks to make this work when rails tries to marshal
2013-10-29 20:06:11 -07:00
Charlie Somerville
4bb1d3ef20
cache a class with the extend module pre-included
2013-10-29 20:06:11 -07:00
John Barnette
3b7754c950
Merge pull request #25 from github/activesupport-concern
...
Pull in ActiveSupport::Concern
2013-10-29 12:10:45 -07:00
John Barnette
75638c576b
Pull in ActiveSupport::Concern
...
We have quite a few module dependency situations that this can help
clarify.
2013-10-29 12:03:54 -05:00
Charlie Somerville
76884dd7f7
Merge pull request #22 from github/actionview-proxy-module-method-cache-nuke
...
Don't globally invalidate the method and constant cache every view render
2013-10-25 11:43:48 -07:00
Charlie Somerville
29a72262aa
here too
2013-10-25 12:46:48 -04:00
Charlie Somerville
76c5bf4f4b
instantiate the cached helper class instead of extending AV::B
2013-10-25 12:46:48 -04:00
Charlie Somerville
416b7171b8
delete ActionView::Base#helpers because it's completely useless
2013-10-25 12:46:48 -04:00
Charlie Somerville
e82a3ba2a0
cache a class that is pre-included with the master helper module
2013-10-25 12:46:48 -04:00
Charlie Somerville
8837faac73
Merge pull request #21 from github/kill-blankslate
...
Kill blankslate
2013-10-25 09:42:01 -07:00
Charlie Somerville
20b12c3b42
call Kernel.block_given? instead of block_given? coz of BasicObject
2013-10-24 14:30:20 -04:00
Charlie Somerville
0cf06787af
use fully qualified constant access here
2013-10-24 14:30:20 -04:00
Charlie Somerville
5efad05b11
💀 in a 🔥 blankslate
2013-10-24 14:30:20 -04:00
Charlie Somerville
00521f5118
Merge pull request #23 from github/rip-out-prototype
...
Rip out prototype/scriptaculous/RJS
2013-10-24 11:29:13 -07:00
