27f72cbd7a
*Rails 3.0.11 (unreleased)*
* Fix XSS security vulnerability in the `translate` helper method. When using
interpolation in combination with HTML-safe translations, the interpolated
input would not get HTML escaped. *GH 3664*
Before:
translate('foo_html', :something => '<script>') # => "...<script>..."
After:
translate('foo_html', :something => '<script>') # => "...<script>..."
*Sergey Nartimov*
* Implement a workaround for a bug in ruby-1.9.3p0 where an error would be
raised while attempting to convert a template from one encoding to another.
Please see http://redmine.ruby-lang.org/issues/5564 for details of the bug.
The workaround is to load all conversions into memory ahead of time, and will
only happen if the ruby version is exactly 1.9.3p0. The hope is obviously
that the underlying problem will be resolved in the next patchlevel release
of 1.9.3.
* Fix assert_select_email to work on multipart and non-multipart emails as the
method stopped working correctly in Rails 3.x due to changes in the new mail
gem.
* Fix url_for when passed a hash to prevent additional options (eg. :host,
:protocol) from being added to the hash after calling it.
|
||
|---|---|---|
| .. | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||