Permalink
Browse files

Merge branch '3-2-sec' into 3-2-secmerge

* 3-2-sec:
  CVE-2012-5664 options hashes should only be extracted if there are extra parameters
  updating changelog
  updating the changelogs
  updating the changelog for the CVE
  Add release date of Rails 3.2.9 to documentation

Conflicts:
	actionmailer/CHANGELOG.md
	actionpack/CHANGELOG.md
	activemodel/CHANGELOG.md
	activerecord/CHANGELOG.md
	activeresource/CHANGELOG.md
	activesupport/CHANGELOG.md
	railties/CHANGELOG.md
  • Loading branch information...
tenderlove committed Dec 23, 2012
2 parents 885f59f + 325669f commit 2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69
@@ -1,4 +1,8 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
+
+## Rails 3.2.10 ##
+
+## Rails 3.2.9 (Nov 12, 2012) ##
* The return value from mailer methods is no longer relevant. This fixes a bug,
which was introduced with 3.2.9.
View
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
* Clear url helper methods when routes are reloaded by removing the methods
explicitly rather than just clearing the module because it didn't work
@@ -72,6 +72,8 @@
*Daniel Fox, Grant Hutchins & Trace Wax*
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Clear url helpers when reloading routes.
View
@@ -1,7 +1,8 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
* Specify type of singular association during serialization *Steve Klabnik*
+## Rails 3.2.10 ##
## Rails 3.2.9 (Nov 12, 2012) ##
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased)
+## Rails 3.2.11 (unreleased)
* Serialized attributes can be serialized in integer columns.
Fix #8575.
@@ -180,6 +180,13 @@
*Alexis Bernard*
+## Rails 3.2.10 ##
+
+* CVE-2012-5664 options hashes should only be extracted if there are extra
+ parameters
+
+## Rails 3.2.9 (Nov 12, 2012) ##
+
* Fix issue with collection associations calling first(n)/last(n) and attempting
to set the inverse association when `:inverse_of` was used. Fixes #8087.
@@ -40,7 +40,12 @@ def self.#{method_id}(*args) # def self.scope
METHOD
send(method_id, *arguments)
elsif match.finder?
- options = arguments.extract_options!
+ options = if arguments.length > attribute_names.size
+ arguments.extract_options!
+ else
+ {}
+ end
+
relation = options.any? ? scoped(options) : scoped
relation.send :find_by_attributes, match, attribute_names, *arguments, &block
elsif match.instantiator?
@@ -15,6 +15,18 @@
class FinderTest < ActiveRecord::TestCase
fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations
+ def test_find_by_id_with_hash
+ assert_raises(ActiveRecord::StatementInvalid) do
+ Post.find_by_id(:limit => 1)
+ end
+ end
+
+ def test_find_by_title_and_id_with_hash
+ assert_raises(ActiveRecord::StatementInvalid) do
+ Post.find_by_title_and_id('foo', :limit => 1)
+ end
+ end
+
def test_find
assert_equal(topics(:first).title, Topic.find(1).title)
end
@@ -1,3 +1,7 @@
+## Rails 3.2.11 ##
+
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* No changes.
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased)
+## Rails 3.2.11 (unreleased)
* Remove surrogate unicode character encoding from ActiveSupport::JSON.encode
The encoding scheme was broken for unicode characters outside the basic
@@ -19,6 +19,8 @@
*Daniele Sluijters*
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Add logger.push_tags and .pop_tags to complement logger.tagged:
View
@@ -1,3 +1,7 @@
+## Rails 3.2.11 ##
+
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Engines with a dummy app include the rake tasks of dependencies in the app namespace. [Backport: #8262]

0 comments on commit 2aa70bd

Please sign in to comment.