Aaron Patterson
5f94b93279
Properly escape glob characters.
2011-08-16 15:28:27 -07:00
Aaron Patterson
bfc432574d
properly escape html to avoid invalid utf8 causing XSS attacks
2011-08-16 15:24:58 -07:00
Aaron Patterson
586a944ddd
Tags with invalid names should also be stripped in order to prevent
...
XSS attacks. Thanks Sascha Depold for the report.
2011-08-16 15:24:48 -07:00
Aaron Patterson
8a39f411dc
prevent sql injection attacks by escaping quotes in column names
2011-08-16 15:24:42 -07:00
Aaron Patterson
b0555bb88b
adding security email address
2011-08-16 11:30:02 -07:00
Xavier Noria
98fac9902b
Merge branch 'master' of github.com:rails/rails
2011-08-16 11:19:20 -07:00
Jon Leighton
8e23615245
Use lazy load hooks to set parameter wrapping configuration. This means that it doesn't force Action Controller / Active Record to load, but it doesn't fail if they have already loaded. Thanks @josevalim for the hint.
2011-08-16 19:14:20 +01:00
Xavier Noria
0245792c83
Merge branch 'master' of github.com:lifo/docrails
2011-08-16 11:06:40 -07:00
Xavier Noria
d0d25a9317
prefer ends_with? over slicing
2011-08-16 10:49:20 -07:00
Xavier Noria
53a13083ec
AS guide: document in Module#delegate that the method must be public in the target
2011-08-16 10:36:22 -07:00
Jeff Dutil
c5f97b5063
Fix formatting of active_record_validations_callbacks.textile so guide will render properly at http://edgeguides.rubyonrails.org/active_record_validations_callbacks.html#displaying-validation-errors-in-the-view
2011-08-16 13:12:07 -04:00
Jon Leighton
5902391567
Fix assets tests in railties
2011-08-16 16:41:01 +01:00
Jon Leighton
4dd985ae95
Don't reference ActiveRecord::Base in initializers/wrap_parameters.rb. Use config.active_record instead. This yields about a 20% decrease in startup time because it means that the connection is not created immediately on startup. Of course, this is only useful if you are not going to immediately use the database after startup.
2011-08-16 16:40:38 +01:00
Jon Leighton
0d5a6f68df
In 1efd88283ef68d912df215125951a87526768a51, ConnectionAdapters was put under eager_autoload. Due to the requires in that file, this caused ConnectionSpecification to be loaded, which references ActiveRecord::Base, which means the database connection is established. We do not want to connect to the database when Active Record is loaded, only when ActiveRecord::Base is first referenced by the user.
2011-08-16 16:40:16 +01:00
Santiago Pastorino
c6e57467a6
Revert "Merge pull request #2543 from htanata/unused_require_in_ar_test"
...
This reverts commit 87152f2604e73b218df90befda576f0acfed0bbf, reversing
changes made to 0d3615f04c79f6e90d8ab33fdfc920b8faac9cb8.
2011-08-16 09:24:49 -03:00
Santiago Pastorino
87152f2604
Merge pull request #2543 from htanata/unused_require_in_ar_test
...
Remove unused require in activerecord/test/cases/attribute_methods_test.rb
2011-08-16 05:22:27 -07:00
Vijay Dev
bd4800d614
document Array#append and Array#prepend methods in AS guide
2011-08-16 14:57:36 +05:30
Hendy Tanata
21e2eeacff
Remove unused require.
2011-08-16 12:40:57 +08:00
Jon Leighton
0d3615f04c
Fix tzinfo require (it broke test_raises_when_an_invalid_timezone_is_defined_in_the_config in railties)
2011-08-16 02:42:30 +01:00
Jon Leighton
f76842f57e
Fix wrap_parameters initializer template
2011-08-16 02:28:13 +01:00
Jon Leighton
bfb9e61a9f
Be more lazy about creating time zone objects. Decreases startup time by about 10%. ( #734 )
2011-08-16 01:33:34 +01:00
Jon Leighton
6c5f67cac1
Don't refer to ActionController::Base in the wrap_parameters initializer - use config object instead. Cuts about 15% off the load time. ( #734 )
2011-08-16 00:59:59 +01:00
Sebastian Martinez
308595739c
Document Hash#extract!.
2011-08-15 20:20:28 -03:00
Jacob Mattingley
583d7c15c3
Fixed mistakes in layouts/rendering guide about yield
...
yield(:unspecified_block) actually returns true even if :unspecified_block never
exists. This means you can't use the form yield(:unspecified_block) or yield.
2011-08-15 16:00:53 -07:00
JESii
f7626ea38e
Updates to Asset Pipeline Guide
...
Grammar/syntax/style changes:
1. Changed all 'we' to 'you'
2. Corrected typos
3. Make consistent styline (e.g., dashes & double-dash usage)
4. Change use of future tense (will...) to present tense (easier to read).
2011-08-15 15:17:13 -07:00
Jon Leighton
03a045b306
Bump arel dependency
2011-08-15 23:10:16 +01:00
Jon Leighton
c3dcb795f1
Use new SelectManager#source method
2011-08-15 23:10:16 +01:00
Jon Leighton
cc206a3507
Use new SelectManager#projections= method
2011-08-15 23:10:16 +01:00
Jon Leighton
12aaad0848
use update.key instead of update.ast.key. make better use of select manager.
2011-08-15 23:10:16 +01:00
Jon Leighton
8778c82e32
Use a SelectCore rather than a full SelectManager
2011-08-15 23:10:15 +01:00
Jon Leighton
fe0ec85541
Refactor building the update manager
2011-08-15 23:10:15 +01:00
Jon Leighton
43b99f290a
Support for multi-table updates with limits, offsets and orders
2011-08-15 23:10:15 +01:00
Jon Leighton
128d006242
Support updates with joins. Fixes #522 .
2011-08-15 23:10:15 +01:00
David Heinemeier Hansson
9482554f31
Added Array#prepend as an alias for Array#unshift and Array#append as an alias for Array#<< [DHH]
2011-08-15 16:56:33 -05:00
Jon Leighton
bb4e790dff
Merge pull request #2539 from arunagw/delegate_expl
...
Delegate expl
2011-08-15 13:32:52 -07:00
Arun Agrawal
83eec4ca4c
Requiring delegate.
2011-08-16 01:36:21 +05:30
Jon Leighton
b2469283a7
Removing unnecessary require, solve 'circular require considered harmful' warning.
2011-08-16 01:32:52 +05:30
Santiago Pastorino
fd29b4e47f
Fix typo
2011-08-15 15:35:47 -03:00
Santiago Pastorino
4ca605b71b
rake assets:precompile executes in production environment as default if RAILS_ENV was not provided
2011-08-15 15:31:47 -03:00
Santiago Pastorino
b01cc2241c
Merge pull request #2536 from arunagw/unused_var
...
Unused variable removed.
2011-08-15 10:55:52 -07:00
Jon Leighton
ebb2e9423f
Update travis config on @joshk's instructions
2011-08-15 17:23:15 +01:00
Arun Agrawal
45ccd64866
Unused variable removed.
2011-08-15 21:49:12 +05:30
Vijay Dev
c0c5d5fd2e
assets guide - add info about require_directory, minor rephrasings
2011-08-15 21:46:21 +05:30
Jon Leighton
c80876f778
Document Object#public_send
2011-08-15 16:26:37 +01:00
Jon Leighton
2e2f3f5a46
Add a test for delegating a method ending in '=' as this is a special case.
2011-08-15 16:07:49 +01:00
Vijay Dev
b8363f84da
minor changes in app templates guide
2011-08-15 20:36:32 +05:30
Jon Leighton
57423d815b
Ensure empty has_many :through association preloaded via joins is marked as loaded. Fixes #2054 .
2011-08-15 16:01:01 +01:00
Jon Leighton
4c743d9fce
Merge pull request #2534 from arunagw/public_send_require
...
Need to include public_send
2011-08-15 06:46:59 -07:00
Arun Agrawal
10b99f2826
Need to include public_send
2011-08-15 19:13:25 +05:30
Jon Leighton
27da0c5480
Split up the definitions in Module#delegate depending on :allow_nil, and don't use exceptions for flow control in the :allow_nil => true case.
2011-08-15 13:56:04 +01:00