Carlos Antonio da Silva
b4e9577f9b
Merge pull request #12462 from jjb/improve_ar_exception_message_formatting
...
Improve formatting of ActiveRecord migration exception messages
2013-12-03 12:10:18 -08:00
Carlos Antonio da Silva
9329f28c6d
Merge pull request #13149 from laurocaetano/fix_offset_last
...
Fix offset with last.
2013-12-03 12:07:38 -08:00
Rafael Mendonça França
da633f81eb
Remove the escaping skip
...
We are generating safe strings in the paragraph, so we can escape the
tags
2013-12-03 17:26:49 -02:00
Lauro Caetano
2a517e7291
Fix offset with last.
...
Closes #7441
2013-12-03 17:09:58 -02:00
Aaron Patterson
dba82120fe
Merge branch 'master-sec'
...
* master-sec:
Deep Munge the parameters for GET and POST
Stop using i18n's built in HTML error handling.
Ensure simple_format escapes its html attributes
Escape the unit value provided to number_to_currency
Only use valid mime type symbols as cache keys
2013-12-03 11:01:56 -08:00
John Joseph Bachir
f606153755
ActiveRecord migration exception message formatting
2013-12-03 12:23:43 -05:00
Yves Senn
be5527b8e8
connection.type_to_sql
returns a String
for unmapped types.
...
Closes #13146 .
This fixes an error when using:
```
change_colum :table, :column, :bigint, array: true
```
2013-12-03 17:54:25 +01:00
Carlos Antonio da Silva
7c20a8b558
Changelog improvements [ci skip]
2013-12-03 14:38:12 -02:00
Carlos Antonio da Silva
c55200cbcb
Merge pull request #9685 from dimko/patch-2
...
Added Date#all_week/month/quarter/year for generating date ranges
2013-12-03 08:35:27 -08:00
Dimko
18546d4e35
Added Date#all_week/month/quarter/year for generating date ranges
2013-12-03 20:32:20 +04:00
Carlos Antonio da Silva
1441961f16
Merge pull request #12822 from cbartlett/master
...
Add support for localized date references
2013-12-03 08:23:57 -08:00
Carlos Antonio da Silva
05a685eeb7
Merge pull request #13145 from acapilleri/fix_email_example
...
fix email regex example code [ci skip]
2013-12-03 07:47:25 -08:00
Angelo capilleri
f590cdb656
fix email regex example code [ci skip]
...
different from the regex in EmailValidator
2013-12-03 16:44:39 +01:00
Colin Bartlett
029f24ede9
Add support for localized date references
...
Ruby's Date class automatically gives us #yesterday, #today,
and #tomorrow. And ActiveSupport has a handy Time.zone.today
for getting a localized version. But there was no localized
version of #yesterday or #tomorrow. Until now.
2013-12-03 10:37:01 -05:00
Colin Bartlett
59cb9e31fd
Use travel_to convention in existing test
2013-12-03 10:37:01 -05:00
Rafael Mendonça França
a04b5ee416
Merge pull request #13143 from joker1007/fix_active_record_callbacks_document_bug
...
Fix ActiveRecord::Callbacks sample code [ci skip]
2013-12-03 06:53:12 -08:00
joker1007
edd93a53fe
Fix ActiveRecord::Callbacks sample code [ci skip]
...
Callback caller class uses `after_initialize`,
but Callback callee defines `after_find`.
Current sample code causes following error.
NoMethodError: undefined method `after_initialize' for #<EncryptionWrapper:0x007fe4931fa5c0>
2013-12-03 23:27:23 +09:00
Carlos Antonio da Silva
5f1e394165
Fix bad usage of #select with hash
2013-12-03 10:45:40 -02:00
Carlos Antonio da Silva
f654c996dc
Merge pull request #11643 from vipulnsward/query_cache_clear
...
Fix QueryCache to work with nested blocks
2013-12-03 04:33:52 -08:00
Vipul A M
1ed81e85ca
Currently, we clear query_cache in cache block finish, even if we may already have cache true.
...
This commit takes into account the last cache_enabled value, before clearing query_cache.
2013-12-03 17:48:14 +05:30
Yves Senn
b6f189e2f0
Merge pull request #13022 from pwnall/fixture_context
...
Introduce a context for rendering fixtures ERB.
2013-12-03 00:11:24 -08:00
Victor Costan
ddf27acbc2
Introduce a context for rendering fixtures ERB.
...
Fixture files are passed through an ERB renderer before being read as
YAML. The rendering is currently done in the context of the main object,
so method definitons leak into other fixtures, and there is no clean
place to define fixture helpers.
After this commit, the ERB renderer will use a new subclass of
ActiveRecord::FixtureSet.context_class each time a fixture is rendered.
2013-12-03 02:52:26 -05:00
Guillermo Iguaran
abc1e5831c
Convert Mime::NullType in a singleton
2013-12-03 02:41:26 -05:00
Guillermo Iguaran
66b1c2d3b5
Cleanups in comment about conditional
2013-12-03 02:34:57 -05:00
Guillermo Iguaran
9ed3aab692
Merge branch 'format_localized_template' of https://github.com/acapilleri/rails
...
Conflicts:
actionpack/CHANGELOG.md
2013-12-03 02:34:11 -05:00
Angelo capilleri
43962d6ec5
Fix header Content-Type: #<Mime::NullType:...> in localized template
...
This PR fixes #13064 regression bug introduced by the #8085
Now in _process_format when the format is a Mime::NullType nothing is written in self.content_type.
In this way the method Response#assign_default_content_type_and_charset can
write the the default mime_type.
2013-12-03 07:46:39 +01:00
Carlos Antonio da Silva
c48a0cac62
Tidy up previous commit, fix message assertion and improve tests
2013-12-03 00:15:34 -02:00
Nerian
2ebf47aea2
Modify the Hash#assert_valid_keys error message so that it shows the valid keys. Also, show the wrong value as it was entered.
...
{ :failore => "stuff", :funny => "business" }.assert_valid_keys([ :failure, :funny ])
=> ArgumentError: Unknown key: failore
{ 'failore' => "stuff", :funny => "business" }.assert_valid_keys([ :failure, :funny ])
=> ArgumentError: Unknown key: failore
{ 'failore' => "stuff", :funny => "business" }.assert_valid_keys([ :failure, :funny ])
=> ArgumentError: Unknown key: "failore". Valid keys are: :failure, :funny
{ :failore => "stuff", :funny => "business" }.assert_valid_keys([ :failure, :funny ])
=> ArgumentError: Unknown key: :failore. Valid keys are: :failure, :funny
Conflicts:
activerecord/CHANGELOG.md
Closes #11624 .
2013-12-03 00:12:04 -02:00
Carlos Antonio da Silva
6e905e21b1
Merge pull request #13060 from chancancode/change_log_for_json_refactor
...
CHANGELOG for JSON refactor + added back the `encode_big_decimal_as_string` option with warning
2013-12-02 17:47:29 -08:00
Godfrey Chan
fadc02b732
Added back the encode_big_decimal_as_string
option with warning
...
Also added the missing CHANGELOG entry for #12183 @ 80e7552073 and
4d02296cfb.
2013-12-02 17:22:57 -08:00
Carlos Antonio da Silva
735abe93a5
Avoid generating more strings while iterating to create methods
...
Use the already existing strings instead of creating a new one each time
just to test if it responds to the methods.
2013-12-02 22:59:40 -02:00
Michael Koziarski
4e9dd5378b
Deep Munge the parameters for GET and POST
...
The previous implementation of this functionality could be accidentally
subverted by instantiating a raw Rack::Request before the first Rails::Request
was constructed.
Fixes CVE-2013-6417
2013-12-02 16:44:27 -08:00
Michael Koziarski
0c7ac34aed
Stop using i18n's built in HTML error handling.
...
i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans. Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.
Fixes: CVE-2013-4491
2013-12-02 16:42:16 -08:00
Michael Koziarski
bea9c9b4c0
Ensure simple_format escapes its html attributes
...
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
2013-12-02 16:42:07 -08:00
Michael Koziarski
b31a7a6f1e
Escape the unit value provided to number_to_currency
...
Previously the unit values were trusted leading to potential XSS vulnerabilities.
Fixes: CVE-2013-6415
2013-12-02 16:41:14 -08:00
Aaron Patterson
2e3c3a87d8
Only use valid mime type symbols as cache keys
...
CVE-2013-6414
2013-12-02 16:41:09 -08:00
Rafael Mendonça França
46923cabe1
Merge remote-tracking branch 'origin/master'
2013-12-02 22:36:21 -02:00
Rafael Mendonça França
d7d11f0dab
:sicssors:
2013-12-02 22:32:22 -02:00
Rafael Mendonça França
d752ae16ab
Options are not optional
2013-12-02 22:32:21 -02:00
Rafael Mendonça França
5c04ca87d8
Make execute priave API
2013-12-02 22:32:21 -02:00
Carlos Antonio da Silva
45f70dca7b
Merge pull request #12123 from aredondo/master
...
Add regression test for IpSpoofAttackError issue
Closes #10780
2013-12-02 16:23:45 -08:00
Rafael Mendonça França
d3b93e403b
Make load of NumberHelper thread safe
2013-12-02 22:12:36 -02:00
Carlos Antonio da Silva
b42d4c407d
Remove note about removed local_constant_names method from guides [ci skip]
2013-12-02 21:42:48 -02:00
Carlos Antonio da Silva
5fdb594f7b
Remove dead comment from AS extensions guide [ci skip]
2013-12-02 21:36:09 -02:00
Carlos Antonio da Silva
f3c2c73336
Fix note about class attribute accessors deprecated file [ci skip]
2013-12-02 21:33:31 -02:00
Rafael Mendonça França
fc73ebf332
Merge pull request #10996 from mattdbridges/number-helper-refactor
...
Refactor and clean up number helpers
Conflicts:
activesupport/lib/active_support/number_helper.rb
2013-12-02 20:50:03 -02:00
Guillermo Iguaran
b40faf423c
Merge pull request #13138 from gsamokovarov/remove-cattr-requires
...
Remove deprecated cattr_* requires
2013-12-02 14:30:39 -08:00
Juanito Fatas
b0a3d113a3
Add number and range field to form helpers article
...
Also wrap surrounding text to 80 chars.
[ci skip] Closes #13132
2013-12-02 20:29:32 -02:00
Genadi Samokovarov
6329d9fa8b
Remove deprecated cattr_* requires
2013-12-03 00:28:15 +02:00
Rafael Mendonça França
83e4f33ea1
Make ActionView::Tags loading tread safe
2013-12-02 20:27:50 -02:00