Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch '3-2-sec' into 3-2-secmerge

* 3-2-sec:
  CVE-2012-5664 options hashes should only be extracted if there are extra parameters
  updating changelog
  updating the changelogs
  updating the changelog for the CVE
  Add release date of Rails 3.2.9 to documentation

Conflicts:
	actionmailer/CHANGELOG.md
	actionpack/CHANGELOG.md
	activemodel/CHANGELOG.md
	activerecord/CHANGELOG.md
	activeresource/CHANGELOG.md
	activesupport/CHANGELOG.md
	railties/CHANGELOG.md
  • Loading branch information...
commit 2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69 2 parents 885f59f + 325669f
@tenderlove tenderlove authored
View
6 actionmailer/CHANGELOG.md
@@ -1,4 +1,8 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
+
+## Rails 3.2.10 ##
+
+## Rails 3.2.9 (Nov 12, 2012) ##
* The return value from mailer methods is no longer relevant. This fixes a bug,
which was introduced with 3.2.9.
View
4 actionpack/CHANGELOG.md
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
* Clear url helper methods when routes are reloaded by removing the methods
explicitly rather than just clearing the module because it didn't work
@@ -72,6 +72,8 @@
*Daniel Fox, Grant Hutchins & Trace Wax*
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Clear url helpers when reloading routes.
View
3  activemodel/CHANGELOG.md
@@ -1,7 +1,8 @@
-## Rails 3.2.10 (unreleased) ##
+## Rails 3.2.11 (unreleased) ##
* Specify type of singular association during serialization *Steve Klabnik*
+## Rails 3.2.10 ##
## Rails 3.2.9 (Nov 12, 2012) ##
View
9 activerecord/CHANGELOG.md
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased)
+## Rails 3.2.11 (unreleased)
* Serialized attributes can be serialized in integer columns.
Fix #8575.
@@ -180,6 +180,13 @@
*Alexis Bernard*
+## Rails 3.2.10 ##
+
+* CVE-2012-5664 options hashes should only be extracted if there are extra
+ parameters
+
+## Rails 3.2.9 (Nov 12, 2012) ##
+
* Fix issue with collection associations calling first(n)/last(n) and attempting
to set the inverse association when `:inverse_of` was used. Fixes #8087.
View
7 activerecord/lib/active_record/dynamic_matchers.rb
@@ -40,7 +40,12 @@ def self.#{method_id}(*args) # def self.scope
METHOD
send(method_id, *arguments)
elsif match.finder?
- options = arguments.extract_options!
+ options = if arguments.length > attribute_names.size
+ arguments.extract_options!
+ else
+ {}
+ end
+
relation = options.any? ? scoped(options) : scoped
relation.send :find_by_attributes, match, attribute_names, *arguments, &block
elsif match.instantiator?
View
12 activerecord/test/cases/finder_test.rb
@@ -15,6 +15,18 @@
class FinderTest < ActiveRecord::TestCase
fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations
+ def test_find_by_id_with_hash
+ assert_raises(ActiveRecord::StatementInvalid) do
+ Post.find_by_id(:limit => 1)
+ end
+ end
+
+ def test_find_by_title_and_id_with_hash
+ assert_raises(ActiveRecord::StatementInvalid) do
+ Post.find_by_title_and_id('foo', :limit => 1)
+ end
+ end
+
def test_find
assert_equal(topics(:first).title, Topic.find(1).title)
end
View
4 activeresource/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.11 ##
+
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* No changes.
View
4 activesupport/CHANGELOG.md
@@ -1,4 +1,4 @@
-## Rails 3.2.10 (unreleased)
+## Rails 3.2.11 (unreleased)
* Remove surrogate unicode character encoding from ActiveSupport::JSON.encode
The encoding scheme was broken for unicode characters outside the basic
@@ -19,6 +19,8 @@
*Daniele Sluijters*
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Add logger.push_tags and .pop_tags to complement logger.tagged:
View
4 railties/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.11 ##
+
+## Rails 3.2.10 ##
+
## Rails 3.2.9 (Nov 12, 2012) ##
* Engines with a dummy app include the rake tasks of dependencies in the app namespace. [Backport: #8262]
Please sign in to comment.
Something went wrong with that request. Please try again.