mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
43,174 Commits 61 Branches 565 Tags 420 MiB
Commit Graph

430 Commits

Author SHA1 Message Date
Rafael Mendonça França d5c4b82b64 Preparing for 4.1.15 release 2016-03-07 19:34:57 -03:00
Rafael Mendonça França 06d2bfd42a Preparing for 4.1.15.rc1 release 2016-03-01 15:41:59 -03:00
Arthur Neves 03c9957dfe Fix version on changelog 
cc @rafaelfranca
[skip ci]
 2016-02-29 15:16:26 -05:00
Rafael Mendonça França c0166075df Merge branch '4-1-14' into 4-1-stable 2016-02-29 16:57:17 -03:00
Rafael Mendonça França 4cffd33a96 Preparing for 4.1.14.2 release 2016-02-29 16:01:59 -03:00
Jon Moss 983d9e0bda Fix ActionView tests 
Reverts some of the changes from #23242.
 2016-02-29 15:59:48 -03:00
Jon Moss 7647138ecb Add outside_app_allowed arg to find_templates 
A backport of #23247 to 4-1-stable.
 2016-02-29 15:59:44 -03:00
Aaron Patterson 5ed694e0ce Merge pull request #23242 from maclover7/fix-error-sec 
Fix undefined error for `ActionController::Parameters`
 2016-02-29 15:58:21 -03:00
Arthur Neves fcf0f42494 Don't allow render(params) on views. 
If `render(params)` is called in a view it should be protected the same
 way it is in the controllers. We should raise an error if thats happens.

Fix CVE-2016-2098.
 2016-02-29 15:57:53 -03:00
Aaron Patterson 8a1d3ea617 Change render "foo" to render a template and not a file. 
Previously, calling `render "foo/bar"` in a controller action is
equivalent to `render file: "foo/bar"`. This has been changed to
mean `render template: "foo/bar"` instead. If you need to render a
file, please change your code to use the explicit form
(`render file: "foo/bar"`) instead.

Test that we are not allowing you to grab a file with an absolute path
outside of your application directory. This is dangerous because it
could be used to retrieve files from the server like `/etc/passwd`.

Fix CVE-2016-2097.
 2016-02-29 15:57:47 -03:00
Jon Moss 00545f3221 Fix ActionView tests 
Reverts some of the changes from #23242.
 2016-01-28 21:25:27 -05:00
Jon Moss fb7b36e655 Add outside_app_allowed arg to find_templates 
A backport of #23247 to 4-1-stable.
 2016-01-28 21:25:01 -05:00
Godfrey Chan f5f7eccc4f Revert "Revert "Merge pull request #16888 from jejacks0n/render_template"" 
This reverts commit 585e75696b.

Conflicts:
	actionview/CHANGELOG.md
	guides/source/4_2_release_notes.md
 2016-01-28 14:12:50 -05:00
Rafael França 98a01c6f01 Merge pull request #23288 from bdewater/sprockets3-sha2-alt 
Fix img alt attribute generation when using Sprockets >= 3.0
 2016-01-27 14:18:32 -05:00
Aaron Patterson 56034c1538 Merge pull request #23242 from maclover7/fix-error-sec 
Fix undefined error for `ActionController::Parameters`
 2016-01-26 17:25:26 -08:00
Aaron Patterson 7921ff8c21 Merge branch '4-1-sec' into 4-1-stable 
* 4-1-sec:
  bumping version
  Remove unnecessary caching
  Eliminate instance level writers for class accessors
  allow :file to be outside rails root, but anything else must be inside the rails view directory
  Don't short-circuit reject_if proc
  stop caching mime types globally
  use secure string comparisons for basic auth username / password
 2016-01-25 11:24:03 -08:00
Aaron Patterson 31ab3aa0e8 bumping version 2016-01-25 10:26:09 -08:00
Aaron Patterson be543e8e18 allow :file to be outside rails root, but anything else must be inside the rails view directory 
Conflicts:
	actionpack/test/controller/render_test.rb
	actionview/lib/action_view/template/resolver.rb

CVE-2016-0752
 2016-01-22 15:02:03 -08:00
Rafael Mendonça França 689df94716 Merge branch '4-1-14' into 4-1-stable 2015-11-17 17:02:34 -02:00
Rafael Mendonça França e694ac5fbc Preparing for 4.1.14 release 2015-11-12 15:17:28 -02:00
Christoph 4696e0d439 Fix week_field returning invalid value 
According to the W3 spec[1] the value should use a 1-based index
and not a 0-based index for the week number.

[1]: http://www.w3.org/TR/html-markup/datatypes.html#form.data.week

(cherry picked from commit 60dabb156f)
 2015-11-10 12:43:21 +00:00
Rafael Mendonça França 96c4b1a131 Preparing for 4.1.14.rc2 release 2015-11-05 00:53:25 -02:00
Rafael Mendonça França 4986709fe0 Make sure mail_to work with nil and SafeBuffer 2015-11-03 20:01:20 -02:00
Rafael Mendonça França c8b69cde98 Make sure mail_to work with nil and SafeBuffer 2015-11-03 20:01:06 -02:00
Rafael Mendonça França 23df880908 Update the gem versions 2015-10-30 17:55:48 -02:00
Rafael Mendonça França 7ecac3e9f8 Prepare to 4.1.14.rc1 2015-10-30 17:34:57 -02:00
Rafael Mendonça França e5ba382ccb Merge pull request #21402 from k0kubun/ruby20-url-helper 
Fix mail_to to work well with Ruby 2.0
 2015-08-28 02:42:58 -03:00
Rafael Mendonça França 10ac0155b1 Preparing for 4.1.13 release 2015-08-24 14:57:52 -03:00
Rafael Mendonça França 099a9181fc Preparing for 4.1.13.rc1 release 2015-08-14 12:09:28 -03:00
Rafael Mendonça França 9ea6df05f9 Merge pull request #21007 from clayton-shopify/fix-mailto-encoding 
Encode the email address as prescribed in RFC 6068 section 2.
 2015-07-24 17:32:03 -03:00
Rafael Mendonça França adfda00f06 Preparing for 4.1.12 release 2015-06-25 18:24:01 -03:00
Rafael Mendonça França 68d3245496 Preparing for 4.1.12.rc1 release 2015-06-22 11:03:27 -03:00
Rafael Mendonça França 906311d0cd Merge branch '4-1-10-sec' into 4-1-stable 2015-06-16 17:17:50 -03:00
Rafael Mendonça França 260da06e6b Preparing for 4.1.11 release 2015-06-16 12:09:58 -03:00
Bernard Potocki 97a527eace Handle raise flag in translate when both main and default translation is missing. Fixes #19967 2015-05-21 03:40:27 +03:00
Rafael Mendonça França cddb156034 Merge pull request #19941 from javan/actionmailer-cache-noop 
Make ActionMailer #cache helper a no-op, not an exception
 2015-04-28 17:00:39 -03:00
Rafael Mendonça França 1a91917176 Merge pull request #19421 from jcoyne/translate_defaults_with_nil 
Strip nils out of default translations. Fixes #19419
 2015-03-20 18:00:51 -03:00
Rafael Mendonça França 26b6fc6bb6 Merge branch '4-1-10' into 4-1-stable 2015-03-19 13:51:48 -03:00
Rafael Mendonça França 5496ec8aac Preparing for 4.1.10 release 2015-03-19 13:48:26 -03:00
Rafael Mendonça França 410f7d29e9 Preparing for 4.1.10.rc4 release 2015-03-12 18:31:03 -03:00
Yves Senn 2ac9675e55 `number_to_percentage` and `precision: 0` work with `NAN` and `INFINITY`. 
Closes #19227.

Conflicts:
	activesupport/lib/active_support/number_helper/number_to_rounded_converter.rb
	activesupport/test/number_helper_test.rb

Conflicts:
	activesupport/CHANGELOG.md
 2015-03-06 09:10:33 +01:00
Rafael Mendonça França 5875670f3c Merge pull request #19144 from y-yagi/fix_streaming_buffer 
fix ActionView::Template::Error when using Streaming with capture.
 2015-03-04 17:25:47 -03:00
Rafael Mendonça França 77e324b59e Preparing for 4.1.10.rc3 release 2015-03-02 18:38:13 -03:00
Rafael Mendonça França d475f05fbb Merge pull request #19102 from ulissesalmeida/fix-regression-default-translation 
Fix regression when passing a value different of String.
 2015-02-27 11:54:12 -03:00
Rafael Mendonça França 93a763dee3 Merge pull request #19102 from ulissesalmeida/fix-regression-default-translation 
Fix regression when passing a value different of String.
 2015-02-27 11:53:29 -03:00
Rafael Mendonça França 08217de911 Preparing for 4.1.10.rc2 release 2015-02-25 19:20:53 -03:00
Rafael Mendonça França ac26bd1d80 Merge pull request #17069 from modosc/master 
move cache_digests rake methods into their own namespace
 2015-02-20 20:32:23 -02:00
Rafael Mendonça França a698862cbc Preparing for 4.1.10.rc1 release 2015-02-20 19:50:05 -02:00
Rafael Mendonça França a73b31a673 Merge pull request #17138 from jpcody/rename_default_form_builder 
Rename default_form_builder to avoid collision
 2015-02-20 14:25:29 -02:00
Sean Griffin d2091b2a82 Merge pull request #17771 from agis-/issue-17373 
Local vars should exist in partials for falsy `:object:` values too
 2015-02-11 14:49:54 -02:00