As of Ruby 2.6, ::Time supports rich timezone objects and expects them
to follow a similar API to tzinfo. Mostly we already do this with
ActiveSupport::TimeZone, delegating to the underlying tzinfo object,
except we were missing the API to display the timezone's name.
Calling strftime with "%Z" will try the following on the timezone:
* zone.abbr(time)
* zone.strftime("%Z", time)
* zone.name
Because we only implemented name, a ::Time created with an
ActiveSupport::TimeZone would "abbreviate" awkwardly to the full tz
identifier (like "12:34:00 America/Vancouver" instead of "12:34:00
PDT"). This commit implements abbr to make these Times format the same
way as TimeWithZone.
Co-authored-by: Jason Kim <jasonkim@github.com>
This is getting the same treatment as `base64`, `mutex_m`, etc.
In Ruby 3.4 it will start to warn: d7e558e3c4
Remoce require from two files that don't seem to need it
And stop exposing the capybara server port to all interfaces.
We were using this just to make sure the selenium container can access
the capybara server but it can with the default bridge network.
[CVE-2024-32464]
Instances of ActionText::Attachable::ContentAttachment included
within a rich_text_area tag could potentially contain unsanitized
HTML. This could lead to a potential cross site scripting issue
within the Trix editor.
This change enforces existing sanitization routines on
ActionText::Attachable::ContentAttachment attachments.
[CVE-2024-28103]
The application configurable Permissions-Policy is only
served on responses with an HTML related Content-Type.
This change allows all Content-Types to serve the
configured Permissions-Policy as there are many non-HTML
Content-Types that would benefit from this header.
(examples include image/svg+xml and application/xml)
Executes the first routes reload in middleware, or when the route set
url_helpers is called. Previously, this was executed unconditionally on
boot, which can slow down boot time unnecessarily for larger apps with
lots of routes.
Main points:
* Applies our documentation guidelines (names of files, punctuation in comments, etc.)
* AnimalsRecord was introduced before the primary abstract class. Before this
point, stuff related to the primary database is explained first, and then you
go for the extra database. This is the natural order, I think. I reordered
for consistency.
* PrimaryApplicationRecord was missing connects_to.
* Fixes parent class for the example related to PrimaryApplicationRecord.
The documentation wasn't making it clear that a `NullTransaction`
is returned when no transaction is active.
While we're not going to document `NullTransaction` itself, we can
more explictly explain that `current_transaction` always returns an
object that responds to the `ActiveRecord::Transaction` interface.