- 19 2月, 2014 1 次提交
-
-
由 Rafael Mendonça França 提交于
Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
-
- 01 12月, 2013 1 次提交
-
-
由 Aaron Patterson 提交于
CVE-2013-6414 Conflicts: actionpack/lib/action_view/lookup_context.rb
-
- 16 3月, 2013 3 次提交
-
-
由 Aaron Patterson 提交于
Conflicts: actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
-
由 Ben Murphy 提交于
Conflicts: activesupport/test/xml_mini/jdom_engine_test.rb
-
由 Charlie Somerville 提交于
-
- 28 2月, 2013 1 次提交
-
-
由 Steve Klabnik 提交于
This reverts commit 663c9a63, reversing changes made to 10513d2e.
-
- 12 2月, 2013 3 次提交
-
-
由 Aaron Patterson 提交于
This reverts commit 360af4eb, reversing changes made to f93d0467.
-
由 Aaron Patterson 提交于
* 3-0-sec: fix serialization vulnerability Fix issue with attr_protected where malformed input could circumvent protection
-
由 Aaron Patterson 提交于
fixed failing JSON decoding in rails 3-0-stable
-
- 11 2月, 2013 1 次提交
-
-
由 Tobias Kraze 提交于
-
- 10 2月, 2013 1 次提交
-
-
由 joernchen of Phenoelit 提交于
protection Fixes: CVE-2013-0276 Conflicts: activemodel/lib/active_model/attribute_methods.rb activerecord/test/cases/mass_assignment_security_test.rb
-
- 08 2月, 2013 4 次提交
-
-
由 Guillermo Iguaran 提交于
Fix BigDecimal Typecast on 1.8.7
-
由 robertomiranda 提交于
-
由 Guillermo Iguaran 提交于
[3.0] active_record: Quote numeric values compared to string columns.
-
由 Dylan Smith 提交于
-
- 07 2月, 2013 1 次提交
-
-
由 Dylan Smith 提交于
-
- 31 1月, 2013 2 次提交
-
-
由 Michel Barbosa 提交于
-
由 Aaron Patterson 提交于
Fix #8832 - Parse '{"person":[]}' JSON/XML as {'person' => []}.
-
- 30 1月, 2013 3 次提交
-
-
由 Carlos Antonio da Silva 提交于
Fixing encoding to UTF-8 for OkJson backend. Closes #9122.
-
由 Renato Neves 提交于
-
由 Nathan Broadbent 提交于
-
- 29 1月, 2013 2 次提交
-
-
由 Aaron Patterson 提交于
-
由 Michael Koziarski 提交于
Fixes CVE-2013-0333. The ActiveSupport::JSON::Backends::Yaml class is present but the functionality has been removed entirely.
-
- 27 1月, 2013 8 次提交
-
-
由 Carlos Antonio da Silva 提交于
Rails 3.0.x doesn't have the :prompt option in select_tag, it was introduced in c5d54be7 that is only available from 3.1.x on. The test and related fix were introduced in c9795871 for Rails 3.0.17, as a fix for a security vulnerability. The code is completely fine but the test was using the invalid :prompt option for this version, probably because it was cherry-picked from other branch which has the option.
-
由 Carlos Antonio da Silva 提交于
Requiring this now raises a RuntimeError, failing the test. It also seems that the require is unnecessary to pass the test.
-
由 Carlos Antonio da Silva 提交于
Mocha by default does not allow adding expectation to frozen objects, just applying a workaround to ensure the method is never called, making the tests pass without enabling this again in mocha.
-
由 kennyj 提交于
-
由 dmathieu 提交于
-
由 Carlos Antonio da Silva 提交于
-
由 Carlos Antonio da Silva 提交于
-
由 Carlos Antonio da Silva 提交于
-
- 16 1月, 2013 2 次提交
-
-
由 Rafael Mendonça França 提交于
Fix 3-0-stable to work with Mocha >= v0.13.0
-
由 James Mead 提交于
A) Update code in ActiveSupport which monkey-patches Test::Unit to include Mocha bug fix. A bug was fixed [1] in Mocha's integration with Test::Unit, but this monkey-patching code was copied before the fix. We need to copy the fixed version. The bug meant that an unexpected invocation against a mock within the teardown method caused a test *error* and not a test *failure*. B) Fix for Test::Unit/Mocha compatibility. Mocha is now using a single AssertionCounter which needs a reference to the testcase as opposed to the result. This change is an unfortunate consequence of the copying of a chunk of Mocha's internal code in order to monkey-patch Test::Unit. C) Avoid a Mocha deprecation warning. [1] https://github.com/freerange/mocha/commit/f1ff6475ca2871f2977ab84cabbbfe2adadbbee6#diff-5 commit 0591f6d1 1 parent 8b3109a4
-
- 12 1月, 2013 1 次提交
-
-
由 Andrew White 提交于
-
- 11 1月, 2013 2 次提交
-
-
由 Jeremy Kemper 提交于
3-0-stable: Fix JSON params parsing regression for non-object JSON content.
-
由 Dylan Smith 提交于
Backports #8855.
-
- 10 1月, 2013 3 次提交
-
-
由 Carlos Antonio da Silva 提交于
-
由 Carlos Antonio da Silva 提交于
Methods that return nil should not be considered YAML
-
由 Zach Moazeni 提交于
This is a direct port of @jaw6's pull request https://github.com/rails/rails/pull/492. His cleanly applied to Rails v3.1 and v3.2, and this cleanly applies to v3.0. With yesterday's security patches http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ there is now an issue with Rails v3.0 serving XML to any of the latest versions of ActiveResource. Without this, Rails v3.0 can serve XML to ActiveResource consumers that will see `Hash::DisallowedType: Disallowed type attribute: "yaml"`
-
- 09 1月, 2013 1 次提交
-
-
由 Carlos Antonio da Silva 提交于
Remove test for XML YAML parsing
-