- 12 8月, 2016 6 次提交
-
-
由 Jon Moss 提交于
[ci skip] Add documentation to Parameter Encoding
-
由 Aaron Patterson 提交于
Fix unsafe query generation risk. Redo of CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 CVE-2016-6317
-
由 Sean Griffin 提交于
Creating a new Topic class instead of class_eval for the existing one
-
由 Sean Griffin 提交于
Fix warning: ambiguous first argument
-
由 Ryuta Kamizono 提交于
-
由 Andrew Carpenter 提交于
Many helpers mark content as HTML-safe without escaping double quotes -- including `sanitize`. Regardless of whether or not the attribute values are HTML-escaped, we want to be sure they don't include double quotes, as that can cause XSS issues. For example: `content_tag(:div, "foo", title: sanitize('" onmouseover="alert(1);//'))` CVE-2016-6316
-
- 11 8月, 2016 11 次提交
-
-
由 Yasuo Honda 提交于
since it affects another test `ReflectionTest#test_read_attribute_names` Address #26099
-
由 Alex Kitchens 提交于
-
由 Kasper Timm Hansen 提交于
add missing require rake
-
由 yuuji.yaginuma 提交于
In ff8035df, require rake is deferred. Therefore, it is necessary to require rake even `Engine::CommandsTasks.
-
由 Kasper Timm Hansen 提交于
Fix actionview test failure
-
由 Ryuta Kamizono 提交于
Caused by #26092.
-
由 Guillermo Iguaran 提交于
Minor doc fix related to ActiveModel::SecurePassword [ci skip]
-
由 Xavier Noria 提交于
Thinking .. relative to files is not natural, we are used to think "parent of a directory", and we have __dir__ nowadays.
-
由 Aditya Kapoor 提交于
-
由 Vipul A M 提交于
Add documentation for `http_cache_forever`. [ci skip]
-
由 Aaron Patterson 提交于
Allow specifying encoding of parameters by action
-
- 10 8月, 2016 7 次提交
-
-
由 Santosh Wadghule 提交于
-
由 Yves Senn 提交于
Fix a NoMethodError schema_statements.rb
-
由 Andrew White 提交于
In c546a2b0 parameter handling in AC test cases was changed to round tripping through encoders/decoders so that they matched reality and in 0adb8f8f the old methods were removed but the `html_format?` method was overlooked.
-
由 Genadi Samokovarov 提交于
If you call `remove_index` with wrong options, say a type, like I did, you get: ``` == 20160810072541 RemoveUniqueIndexOnGoals: migrating ========================= -- remove_index(:goal, {:coulmn=>:kid_id, :unique=>true}) rails aborted! StandardError: An error has occurred, this and all later migrations canceled: undefined method `ArgumentError' for #<ActiveRecord::ConnectionAdapters::PostgreSQLAdapter:0x007fb7dec91b28> ``` What happened is that I mistyped column (coulmn) and got a `NoMethodError`, because of a missing comma during the raise. This made Ruby think we're calling the method `ArgumentError`.
-
由 Kerri Miller 提交于
At GitHub we need to handle parameter encodings that are not UTF-8. This patch allows us to specify encodings per parameter per action.
-
由 Xavier Noria 提交于
Fix broken alignments caused by auto-correct commit 411ccbda
-
由 Ryuta Kamizono 提交于
Hash syntax auto-correcting breaks alignments. 411ccbda
-
- 09 8月, 2016 6 次提交
-
-
由 Vipul A M 提交于
Document know limitation about using `references` in conjunction with custom select clauses [ci skip]
-
由 Vipul A M 提交于
Document know limitation about using `references` in conjunction with eager loading causing it to ignore custom select clauses. [ci skip] Fixes #24314
-
由 Vipul A M 提交于
Add link to 'Pry' in debugging guide [ci skip]
-
由 Jon Moss 提交于
update list of rescue_responses default [ci skip]
-
由 yuuji.yaginuma 提交于
Follow up to fe859a54
-
由 Xavier Noria 提交于
-
- 08 8月, 2016 10 次提交
-
-
由 Yves Senn 提交于
Use `FETCH FIRST` for Oracle12 and test `ROWNUM <=` for Oracle 11g or older version to test sql limit behavior
-
由 Yasuo Honda 提交于
also test `ROWNUM <=` for Oracle 11g or older version of Oracle and Oracle visitor Oracle 12c database and Arel Oracle12 visitor supports better top N query.
-
由 Xavier Noria 提交于
This code has too much duplication and the rationale for the concatenation may not be obvious to the reader. You define the ones at class-level, explain why does the code concatenates there, and then the convenience ones at instance-level just delegate.
-
由 Yves Senn 提交于
Fix `thread_mattr_accessor` share variable superclass with subclass
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
A few have been left for aesthetic reasons, but have made a pass and removed most of them. Note that if the method `foo` returns an array, `foo << 1` is a regular push, nothing to do with assignments, so no self required.
-
由 Xavier Noria 提交于
Some case expressions remain, need to think about those ones.
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
-