- 26 1月, 2016 2 次提交
-
-
由 Aaron Patterson 提交于
-
由 Aaron Patterson 提交于
-
- 23 1月, 2016 5 次提交
-
-
由 Aaron Patterson 提交于
Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
-
由 Aaron Patterson 提交于
CVE-2016-0752
-
由 Andrew White 提交于
When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
-
由 Aaron Patterson 提交于
Unknown mime types should not be cached globally. This global cache leads to a memory leak and a denial of service vulnerability. CVE-2016-0751
-
由 Aaron Patterson 提交于
this will avoid timing attacks against applications that use basic auth. CVE-2015-7576
-
- 19 12月, 2015 9 次提交
-
-
由 eileencodes 提交于
-
由 Rafael França 提交于
wrapping i18n missing keys made optional
-
由 Sameer Rahmani 提交于
`I18n.translate` helper will wrap the missing translation keys in a <span> tag only if `debug_missing_translation` configuration has a truthy value. Default value is `true`. For example in `application.rb`: # in order to turn off missing key wrapping config.action_view.debug_missing_translation = false
-
由 eileencodes 提交于
🎉 🍻 -
由 Rafael Mendonça França 提交于
-
由 Kasper Timm Hansen 提交于
Fix `receive` spelling
-
由 Matthew Draper 提交于
Handle specified schemas when removing a Postgres index
-
由 Ryo Hashimoto 提交于
-
由 Rafael França 提交于
[ActionCable] Test invalid action on channel
-
- 18 12月, 2015 24 次提交
-
-
由 Kasper Timm Hansen 提交于
Found `recieve` next to the correctly spelled method name, fixed it. Also we prefer a one space padding within hashes, add that.
-
由 Akshay Vishnoi 提交于
-
由 Rafael França 提交于
[ActionCable] test perform action with default action
-
由 eileencodes 提交于
This test needs to have a require for the Listen gem or else it returns an error when run by itself or with a certain order in the Active Support tests. We use `silence_warnings` because Listen has some warnings about private methods. It's already silenced when it's required in Active Support EventedFileUpdateChecker. ``` 1) Error: EventedFileUpdateCheckerTest#test_should_not_execute_the_block_if_no_paths_are_given: NameError: uninitialized constant EventedFileUpdateCheckerTest::Listen test/evented_file_update_checker_test.rb:21:in `teardown' ```
-
由 eileencodes 提交于
The test was was in here twice so we were seeing this error: ``` activesupport/test/caching_test.rb:658: warning: method redefined; discarding old test_local_cache_of_read_nil activesupport/test/caching_test.rb:634: warning: previous definition of test_local_cache_of_read_nil was here ```
-
由 Rafael Mendonça França 提交于
-
由 Akshay Vishnoi 提交于
-
由 Rafael França 提交于
Fix "instance variable not initialized" in tests
-
由 Rafael França 提交于
Prevent ActionController::Parameters in url_for
-
由 Rafael França 提交于
add line break between method of generated channel js
-
由 Rafael França 提交于
[ActionCable] Test available actions on Channel
-
由 Rafael Mendonça França 提交于
Our logic is complex now and we don't need to check the version to asset the behavior so I'm removing the checking here.
-
由 Akshay Vishnoi 提交于
-
由 Rafael Mendonça França 提交于
Allow normal version updates within a release series
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
Still more to do. Please assist!
-
由 David Heinemeier Hansson 提交于
-
由 David Heinemeier Hansson 提交于
-
由 Kasper Timm Hansen 提交于
We went back to `Thread.current[]` in 33e11e59.
-
由 Kasper Timm Hansen 提交于
[ci skip] Fix grammar
-
由 David Heinemeier Hansson 提交于
-