提交 · 5cfe8330dc3bf2ef110cefed0c56f394dc699407 · 张重言 / rails

11 2月, 2013 1 次提交
- T
  
  fix serialization vulnerability · 5cfe8330
  由 Tobias Kraze 提交于 2月 08, 2013
  
  5cfe8330
10 2月, 2013 1 次提交
- A
  
  fixing attr_protected CVE-2013-0276 · 9a48f4cf
  由 Aaron Patterson 提交于 2月 09, 2013
  
  9a48f4cf
06 2月, 2013 2 次提交

X
Merge pull request #9194 from kwstannard/2-3-stable · 2e4aa39e
由 Xavier Noria 提交于 2月 06, 2013
```
Docs: Fixed bad exists? documentation.
```
2e4aa39e

Docs: Fixed bad exists? documentation. · d61f83dd

由 Kelly Stannard 提交于 2月 05, 2013

Base#exists? does not actually take options like finder methods. Trying
to use what the documentation suggests will return a PG error because it
will look for a column named 'conditions'.

I changed the documentation to reflect how the exists? method actually
works.

d61f83dd

02 2月, 2013 2 次提交
- R
  Fix the tests related with single quotes being escaped · c774a463
  由 Rafael Mendonça França 提交于 2月 02, 2013
```
Closes #9144
Fixes #9145
```
  c774a463
- M
  use the decimal HTML escape code for single quotes instead of the hex one so... · 88331c57
  由 Morgan Currie 提交于 2月 01, 2013
```
use the decimal HTML escape code for single quotes instead of the hex one so webkit-based browsers properly translate the code in form fields
```
  88331c57
29 1月, 2013 4 次提交
- C
  Merge pull request #9099 from pietro/2-3-gemspec-bump · d868a80e
  由 Carlos Antonio da Silva 提交于 1月 28, 2013
```
Bump version on 2.3 gemspecs too.
```
  d868a80e
- P
  
  Bump version on gemspecs too. · 40fdc157
  由 Pietro Monteiro 提交于 1月 28, 2013
  
  40fdc157
- A
  
  bumping version · 11695524
  由 Aaron Patterson 提交于 1月 28, 2013
  
  11695524
- M
  Add an OkJson backend and remove the YAML backend · bd6dee9b
  由 Michael Koziarski 提交于 1月 24, 2013
```
Fixes CVE-2013-0333.  The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
```
  bd6dee9b
25 1月, 2013 5 次提交

A

removing [nil] from the params · ac945152
由 Aaron Patterson 提交于 1月 24, 2013

ac945152
A

backporting deep_munge · 61eed87c
由 Aaron Patterson 提交于 1月 24, 2013

61eed87c

Squashed commit of the following: · d549df71

由 Aaron Patterson 提交于 8月 08, 2012

commit 9ef905f1
Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
Date:   Tue Aug 7 22:38:40 2012 -0300

    Fix tests about single quote escaping

commit 780a7187
Author: Santiago Pastorino <santiago@wyeworks.com>
Date:   Tue Jul 31 22:25:54 2012 -0300

    html_escape should escape single quotes

    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215

    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb

d549df71

S
Do not mark strip_tags result as html_safe · cf48c9c7
由 Santiago Pastorino 提交于 8月 08, 2012
```
Thanks to Marek Labos & Nethemba
```
cf48c9c7
A

fixing load error messages · 3dc0cd37
由 Aaron Patterson 提交于 1月 24, 2013

3dc0cd37

23 1月, 2013 2 次提交
- S
  Merge pull request #9030 from johndouthat/2-3-stable · 3b75781d
  由 Steve Klabnik 提交于 1月 22, 2013
```
Add .gemspec files to 2-3-stable to help Bundler
```
  3b75781d
- J
  
  Add gemspecs for bundler · 06b33a8c
  由 John F. Douthat 提交于 1月 21, 2013
  
  06b33a8c
21 1月, 2013 1 次提交
- E
  
  Fix for CVE-2013-0155 · 7763f39a
  由 Ernie Miller 提交于 1月 08, 2013
  
  7763f39a
18 1月, 2013 1 次提交

Revert "bump up rack version to the one that includes the Hash DoS fix" · 28cfd79e

由 Jeremy Kemper 提交于 1月 17, 2013

Rack 1.1.3 also changes the Set-Cookie header to expects a
newline-delimited string instead of an Array, which breaks Rails 2.3's
expectations in a variety of ways.

This reverts commit 27a508c9.

Conflicts:
	actionpack/Rakefile

28cfd79e

09 1月, 2013 2 次提交
- A
  
  bumping to 2.3.15 :cry::gun: · 709af052
  由 Aaron Patterson 提交于 1月 07, 2013
  
  709af052
- J
  
  CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. · 70adb961
  由 Jeremy Kemper 提交于 1月 05, 2013
  
  70adb961
03 1月, 2013 2 次提交
- A
  Merge pull request #6722 from adgear/2-3-stable · 5b8db450
  由 Aaron Patterson 提交于 1月 02, 2013
```
Backported rails 2.3 fix for CVE-2012-2695
```
  5b8db450
- M
  
  Merge remote-tracking branch 'rails/2-3-stable' into 2-3-stable · 9baab1f3
  由 Mina Naguib 提交于 1月 02, 2013
  
  9baab1f3
24 12月, 2012 1 次提交
- A
  
  CVE-2012-5664 options hashes should only be extracted if there are extra parameters · 9de9b359
  由 Aaron Patterson 提交于 12月 23, 2012
  
  9de9b359
14 6月, 2012 1 次提交
- J
  
  Fix SQL injection via nested hashes in conditions · 62f81f4d
  由 Justin Collins 提交于 6月 01, 2012
  
  62f81f4d
29 3月, 2012 2 次提交
- X
  Merge pull request #5653 from eee-c/patch-1 · e8c05974
  由 Xavier Noria 提交于 3月 29, 2012
```
Doc fixes in 2.3: validates_length_of
```
  e8c05974
- C
  
  Better minimum validates_length_of examples (adapted from master). · 2229a7e8
  由 Chris Strom 提交于 3月 29, 2012
  
  2229a7e8
31 12月, 2011 2 次提交
- J
  Merge pull request #4247 from amatsuda/hashdos_23 · 8fff8f04
  由 José Valim 提交于 12月 31, 2011
```
bump up rack version to the one that includes the Hash DoS fix
```
  8fff8f04
- A
  
  bump up rack version to the one that includes the Hash DoS fix · 27a508c9
  由 Akira Matsuda 提交于 12月 31, 2011
  
  27a508c9
30 12月, 2011 1 次提交
- A
  Merge pull request #4202 from dasch/request-remote-ip · 2eb197e7
  由 Aaron Patterson 提交于 12月 29, 2011
```
Fix bug in `ActionController::Request#remote_ip`
```
  2eb197e7
27 12月, 2011 1 次提交
- D
  Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty · cd2136ae
  由 Daniel Schierbeck 提交于 12月 27, 2011
```
If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
```
  cd2136ae
17 8月, 2011 7 次提交
- A
  
  fixing utf8 escape vulerability · e0774e47
  由 Aaron Patterson 提交于 8月 16, 2011
  
  e0774e47
- A
  
  fixing strip tags vulnerability · 60f783d9
  由 Aaron Patterson 提交于 8月 16, 2011
  
  60f783d9
- A
  
  fixing sql injection problem · 6b46d655
  由 Aaron Patterson 提交于 8月 16, 2011
  
  6b46d655
- A
  
  2.3.14. yay. :'( · fb1588c5
  由 Aaron Patterson 提交于 8月 16, 2011
  
  fb1588c5
- A
  
  bumping to 2.3.13 · dea5a10f
  由 Aaron Patterson 提交于 8月 16, 2011
  
  dea5a10f
- A
  
  fixing response splitting problem · 11dafeaa
  由 Aaron Patterson 提交于 8月 16, 2011
  
  11dafeaa
- A
  
  adding notification for rdoc · bb99aa11
  由 Aaron Patterson 提交于 8月 16, 2011
  
  bb99aa11
05 8月, 2011 1 次提交
- A
  
  we should not ignore all gems in here · b1329929
  由 Aaron Patterson 提交于 8月 04, 2011
  
  b1329929
28 7月, 2011 1 次提交
- X
  
  contrib app minor tweak · 78a1fda7
  由 Xavier Noria 提交于 7月 27, 2011
  
  78a1fda7