- 10 2月, 2011 26 次提交
-
-
由 Josh Kalderimis 提交于
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned. Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
由 José Valim 提交于
Applied the wrong version. This reverts commit 98c0c5db.
-
由 Josh Kalderimis 提交于
-
由 Josh Kalderimis 提交于
Corrected the html_safe implementation for Array. Moved the html safe version of join to its own method (safe_join) as not to degrade the performance of join for unrelated html_safe use. [#6298 state:resolved]
-
由 Paul Hieromnimon 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Josh Bassett 提交于
Fixed a bug where ActiveResource::HttpMock would not replace an existing response when passing a block to the respond_to method. Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
由 Tsutomu Kuroda 提交于
attr_protected should not be called, because it nullifies the mass assignment protection that has been set by attr_accessible. Signed-off-by: NSantiago Pastorino <santiago@wyeworks.com>
-
由 Josh Kalderimis 提交于
removed some duplication from LH issue 5505 regarding AR touch and optimistic locking [#5505 state:resolved] Signed-off-by: NSantiago Pastorino and José Ignacio Costa <santiago+jose@wyeworks.com>
-
由 Franck Verrot 提交于
Signed-off-by: NSantiago Pastorino and José Ignacio Costa <santiago+jose@wyeworks.com>
-
由 Aaron Patterson 提交于
-
由 Xavier Noria 提交于
now that the API guidelines are a guide, it is enough to assert that the names of Rails components have a space, no need to say it was checked with David in the past
-
由 Aaron Patterson 提交于
-
由 Raimonds Simanovskis 提交于
previously serialized_attributes were kept as class attribute of ActiveRecord::Base - if some attribute was defined as serialized in one subclass then it was serialized in all other subclasses as well (if it had the same name)
-
由 Aaron Patterson 提交于
-
由 Piotr Sarnacki 提交于
-
由 Aaron Patterson 提交于
-
由 Ken Collins 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
- 09 2月, 2011 14 次提交
-
-
由 Piotr Sarnacki 提交于
[#6388 state:resolved]
-
由 Eric Allam 提交于
-
-
由 Josh Kalderimis 提交于
fix for AS Gzip returning a UTF-8 string in Ruby 1.9 when it is actually binary [#6386 state:resolved] Signed-off-by: NJosé Valim <jose.valim@gmail.com>
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
由 Michael Koziarski 提交于
-
由 Michael Koziarski 提交于
Unfortunately the previous method of browser detection and XHR whitelisting is unable to prevent requests issued from some Flash animations and Java applets. To ease the work required to include the CSRF token in ajax requests rails now supports providing the token in a custom http header: X-CSRF-Token: ... This fixes CVE-2011-0447
-
由 Aaron Patterson 提交于
This fixes CVE-2011-0448
-
由 José Valim 提交于
-
由 José Valim 提交于
This fixes CVE-2011-0449
-
由 Michael Koziarski 提交于
Be sure to javascript_escape the email address to prevent apostrophes inadvertently causing javascript errors. This fixes CVE-2011-0446
-