Fix OrderedHash merging with block given.

Remove deprecation warning for ActiveRecord::Errors#generate_message. This is the same API that ActiveModel ended up using and that won't be changing.

+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.

This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.

name and requirement. Better, just activate the spec for the
dependency (1.8 only)

Removed buggy GemDependency#requirement override. Overrides should NEVER change the semantics of the parent (returning nil if default).

Patch for issue 6440 - Session Reset undefined method `destroy' for {}:Hash 

Dynamic find_or_create_by_x_and_y always creates new records in Rails 2.3.11 

Fixing dynamic finders on associations to properly send arguments to the find_by_* method. Closes issue #330.

Commit fdfc8e3b introduced a bugfix to prevent additional values passed
to a dynamic find_or_create_by_x methods from confusing the finder.
This patch also broke the essential behavior of this method on an
association by incorrectly sending arguments to the find_by_x methods.
The finder method would always see its inputs as a single array of
values instead of individual arguments, almost guaranteeing that the
finder call would be incorrect, and that we'd always create a new
record instead.

This patch adds a splat operator to the parameter array we send along to
the dynamic finder so that it receives its inputs correctly, and
includes an additional test to ensure that repeated calls to
find_or_create_by_x only creates one new record.

- it was broken after
[commit](https://github.com/rails/rails/commit/e0eb8e9c65ededce64169948d4dd51b0079cdd10)
- there's also
[issue](https://rails.lighthouseapp.com/projects/8994/tickets/6634-railsrack-inconsistency-about-expires_afterexpires-cookie-option)

- also: maybe it worth making Rack understand :expire_after as we
duplicate same logic in [cookie_store](https://github.com/gmarik/rails/blob/v2.3.11/actionpack/lib/action_controller/session/cookie_store.rb#L114)
Signed-off-by: NJosé Valim <jose.valim@gmail.com>

Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>

Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets.  To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header:

 X-CSRF-Token: ...

This fixes CVE-2011-0447

Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors.

This fixes CVE-2011-0446

Signed-off-by: NJeremy Kemper <jeremy@bitsweat.net>

This reverts commit 8378a44f.

This reverts commit b5cf2b4b.

This reverts commit a0c761dc.

this can provide a significant performance boost during testing, by
preventing the GC from running too frequently.

this prevents test state from accumulating, resulting in leaked
objects and slow tests due to overactive GC.

Signed-off-by: NXavier Noria <fxn@hashref.com>

This reverts commit 08d94d3f.

Revert "In nested_attributes when association is not loaded and association record is saved then in memory record attributes should be saved"

This reverts commit 12bbc34a.

It caused errors when combined with attr_accessible, piggy back attributes fetched by :select, etc.  Leaving it in 3.0, but removing from 2.3