提交 · ac9451523130c5561e2598c828ab407fc1137668 · 张重言 / rails

25 1月, 2013 5 次提交

A

removing [nil] from the params · ac945152
由 Aaron Patterson 提交于 1月 24, 2013

ac945152
A

backporting deep_munge · 61eed87c
由 Aaron Patterson 提交于 1月 24, 2013

61eed87c

Squashed commit of the following: · d549df71

由 Aaron Patterson 提交于 8月 08, 2012

commit 9ef905f1
Author: Rafael Mendonça França <rafaelmfranca@gmail.com>
Date:   Tue Aug 7 22:38:40 2012 -0300

    Fix tests about single quote escaping

commit 780a7187
Author: Santiago Pastorino <santiago@wyeworks.com>
Date:   Tue Jul 31 22:25:54 2012 -0300

    html_escape should escape single quotes

    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
    Closes #7215

    Conflicts:
    	actionpack/test/controller/new_base/render_template_test.rb
    	actionpack/test/template/asset_tag_helper_test.rb
    	actionpack/test/template/erb_util_test.rb
    	actionpack/test/template/javascript_helper_test.rb
    	actionpack/test/template/template_test.rb
    	activesupport/lib/active_support/core_ext/string/output_safety.rb
    	activesupport/test/core_ext/string_ext_test.rb
    	railties/test/application/assets_test.rb

d549df71

S
Do not mark strip_tags result as html_safe · cf48c9c7
由 Santiago Pastorino 提交于 8月 08, 2012
```
Thanks to Marek Labos & Nethemba
```
cf48c9c7
A

fixing load error messages · 3dc0cd37
由 Aaron Patterson 提交于 1月 24, 2013

3dc0cd37

23 1月, 2013 2 次提交
- S
  Merge pull request #9030 from johndouthat/2-3-stable · 3b75781d
  由 Steve Klabnik 提交于 1月 22, 2013
```
Add .gemspec files to 2-3-stable to help Bundler
```
  3b75781d
- J
  
  Add gemspecs for bundler · 06b33a8c
  由 John F. Douthat 提交于 1月 21, 2013
  
  06b33a8c
21 1月, 2013 1 次提交
- E
  
  Fix for CVE-2013-0155 · 7763f39a
  由 Ernie Miller 提交于 1月 08, 2013
  
  7763f39a
18 1月, 2013 1 次提交

Revert "bump up rack version to the one that includes the Hash DoS fix" · 28cfd79e

由 Jeremy Kemper 提交于 1月 17, 2013

Rack 1.1.3 also changes the Set-Cookie header to expects a
newline-delimited string instead of an Array, which breaks Rails 2.3's
expectations in a variety of ways.

This reverts commit 27a508c9.

Conflicts:
	actionpack/Rakefile

28cfd79e

09 1月, 2013 2 次提交
- A
  
  bumping to 2.3.15 :cry::gun: · 709af052
  由 Aaron Patterson 提交于 1月 07, 2013
  
  709af052
- J
  
  CVE-2013-0156: Safe XML params parsing. Doesn't allow symbols or yaml. · 70adb961
  由 Jeremy Kemper 提交于 1月 05, 2013
  
  70adb961
03 1月, 2013 2 次提交
- A
  Merge pull request #6722 from adgear/2-3-stable · 5b8db450
  由 Aaron Patterson 提交于 1月 02, 2013
```
Backported rails 2.3 fix for CVE-2012-2695
```
  5b8db450
- M
  
  Merge remote-tracking branch 'rails/2-3-stable' into 2-3-stable · 9baab1f3
  由 Mina Naguib 提交于 1月 02, 2013
  
  9baab1f3
24 12月, 2012 1 次提交
- A
  
  CVE-2012-5664 options hashes should only be extracted if there are extra parameters · 9de9b359
  由 Aaron Patterson 提交于 12月 23, 2012
  
  9de9b359
14 6月, 2012 1 次提交
- J
  
  Fix SQL injection via nested hashes in conditions · 62f81f4d
  由 Justin Collins 提交于 6月 01, 2012
  
  62f81f4d
29 3月, 2012 2 次提交
- X
  Merge pull request #5653 from eee-c/patch-1 · e8c05974
  由 Xavier Noria 提交于 3月 29, 2012
```
Doc fixes in 2.3: validates_length_of
```
  e8c05974
- C
  
  Better minimum validates_length_of examples (adapted from master). · 2229a7e8
  由 Chris Strom 提交于 3月 29, 2012
  
  2229a7e8
31 12月, 2011 2 次提交
- J
  Merge pull request #4247 from amatsuda/hashdos_23 · 8fff8f04
  由 José Valim 提交于 12月 31, 2011
```
bump up rack version to the one that includes the Hash DoS fix
```
  8fff8f04
- A
  
  bump up rack version to the one that includes the Hash DoS fix · 27a508c9
  由 Akira Matsuda 提交于 12月 31, 2011
  
  27a508c9
30 12月, 2011 1 次提交
- A
  Merge pull request #4202 from dasch/request-remote-ip · 2eb197e7
  由 Aaron Patterson 提交于 12月 29, 2011
```
Fix bug in `ActionController::Request#remote_ip`
```
  2eb197e7
27 12月, 2011 1 次提交
- D
  Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty · cd2136ae
  由 Daniel Schierbeck 提交于 12月 27, 2011
```
If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
```
  cd2136ae
17 8月, 2011 7 次提交
- A
  
  fixing utf8 escape vulerability · e0774e47
  由 Aaron Patterson 提交于 8月 16, 2011
  
  e0774e47
- A
  
  fixing strip tags vulnerability · 60f783d9
  由 Aaron Patterson 提交于 8月 16, 2011
  
  60f783d9
- A
  
  fixing sql injection problem · 6b46d655
  由 Aaron Patterson 提交于 8月 16, 2011
  
  6b46d655
- A
  
  2.3.14. yay. :'( · fb1588c5
  由 Aaron Patterson 提交于 8月 16, 2011
  
  fb1588c5
- A
  
  bumping to 2.3.13 · dea5a10f
  由 Aaron Patterson 提交于 8月 16, 2011
  
  dea5a10f
- A
  
  fixing response splitting problem · 11dafeaa
  由 Aaron Patterson 提交于 8月 16, 2011
  
  11dafeaa
- A
  
  adding notification for rdoc · bb99aa11
  由 Aaron Patterson 提交于 8月 16, 2011
  
  bb99aa11
05 8月, 2011 1 次提交
- A
  
  we should not ignore all gems in here · b1329929
  由 Aaron Patterson 提交于 8月 04, 2011
  
  b1329929
28 7月, 2011 1 次提交
- X
  
  contrib app minor tweak · 78a1fda7
  由 Xavier Noria 提交于 7月 27, 2011
  
  78a1fda7
17 6月, 2011 3 次提交
- J
  Merge pull request #1740 from Antiarchitect/2-3-stable · 8d02083f
  由 José Valim 提交于 6月 17, 2011
```
Fix OrderedHash merging with block given.
```
  8d02083f
- A
  
  Added tests for OrderedHash merging with block. · b1c36b70
  由 Andrey Voronkov 提交于 6月 16, 2011
  
  b1c36b70
- A
  
  Fix OrderedHash merging with block given. · b2d4142f
  由 Andrey Voronkov 提交于 6月 16, 2011
  
  b2d4142f
10 6月, 2011 1 次提交

Remove deprecation warning for ActiveRecord::Errors#generate_message. This is... · 1aae5e70

由 Brian Cardarella 提交于 6月 09, 2011

Remove deprecation warning for ActiveRecord::Errors#generate_message. This is the same API that ActiveModel ended up using and that won't be changing.

1aae5e70

07 6月, 2011 1 次提交
- A
  
  find the spec from the source index, then activate it · a2a34133
  由 Aaron Patterson 提交于 6月 06, 2011
  
  a2a34133
25 5月, 2011 1 次提交

+ Switched to newer rdoc and gem package tasks (and their requires). · 79aa54d0

由 Ryan Davis 提交于 5月 25, 2011

+ Fixed deprecated usage in gemspecs.

Bumped the version to 2.3.12 so I could test locally with actual
installs. If this is bad form for this project, please beat me up and
I'll split them out.

79aa54d0

13 5月, 2011 4 次提交
- R
  Removed the bulk of the deprecations by simply not calling refresh. · 3ad5fd18
  由 Ryan Davis 提交于 5月 12, 2011
```
This may cause problems. I dunno.
The real solution is to get rid of all of this mess and use gem paths properly.
```
  3ad5fd18
- R
  Fixed buggy gem activation. Don't pass a dependency to gem, pass the · 4c372572
  由 Ryan Davis 提交于 5月 12, 2011
```
name and requirement. Better, just activate the spec for the
dependency (1.8 only)
```
  4c372572
- R
  Removed buggy GemDependency#requirement override. Overrides should NEVER... · c20a4d18
  由 Ryan Davis 提交于 5月 12, 2011
```
Removed buggy GemDependency#requirement override. Overrides should NEVER change the semantics of the parent (returning nil if default).
```
  c20a4d18
- R
  
  Fix broken GemDependency#==. You should ALWAYS check the class! · 01a9fbbc
  由 Ryan Davis 提交于 5月 12, 2011
  
  01a9fbbc