Browse files

fix changelog conflict

  • Loading branch information...
2 parents 72483c0 + ea03b08 commit 6a975d6ca28216cfa015374c802279349e9253ca @technoweenie technoweenie committed May 31, 2008
View
2 actionmailer/CHANGELOG
@@ -1,4 +1,4 @@
-*2.1.0 RC1 (May 11th, 2008)*
+*2.1.0 (May 31st, 2008)*
* Fixed that a return-path header would be ignored #7572 [joost]
View
2 actionmailer/Rakefile
@@ -55,7 +55,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.0.991' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.1.0' + PKG_BUILD)
s.has_rdoc = true
s.requirements << 'none'
View
4 actionmailer/lib/action_mailer/version.rb
@@ -1,8 +1,8 @@
module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
4 actionpack/CHANGELOG
@@ -1,6 +1,6 @@
-* InstanceTag#default_time_from_options overflows to DateTime [Geoff Buesing]
+*2.1.0 (May 31st, 2008)*
-*2.1.0 RC1 (May 11th, 2008)*
+* InstanceTag#default_time_from_options overflows to DateTime [Geoff Buesing]
* Fixed that forgery protection can be used without session tracking (Peter Jones) [#139]
View
2 actionpack/Rakefile
@@ -76,7 +76,7 @@ spec = Gem::Specification.new do |s|
s.has_rdoc = true
s.requirements << 'none'
- s.add_dependency('activesupport', '= 2.0.991' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.1.0' + PKG_BUILD)
s.require_path = 'lib'
s.autorequire = 'action_controller'
View
4 actionpack/lib/action_pack/version.rb
@@ -1,8 +1,8 @@
module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
69 actionpack/lib/action_view/compiled_templates.rb
@@ -1,69 +0,0 @@
-module ActionView
-
- # CompiledTemplates modules hold methods that have been compiled.
- # Templates are compiled into these methods so that they do not need to be
- # read and parsed for each request.
- #
- # Each template may be compiled into one or more methods. Each method accepts a given
- # set of parameters which is used to implement local assigns passing.
- #
- # To use a compiled template module, create a new instance and include it into the class
- # in which you want the template to be rendered.
- class CompiledTemplates < Module
- attr_reader :method_names
-
- def initialize
- @method_names = Hash.new do |hash, key|
- hash[key] = "__compiled_method_#{(hash.length + 1)}"
- end
- @mtimes = {}
- end
-
- # Return the full key for the given identifier and argument names
- def full_key(identifier, arg_names)
- [identifier, arg_names]
- end
-
- # Return the selector for this method or nil if it has not been compiled
- def selector(identifier, arg_names)
- key = full_key(identifier, arg_names)
- method_names.key?(key) ? method_names[key] : nil
- end
- alias :compiled? :selector
-
- # Return the time at which the method for the given identifier and argument names was compiled.
- def mtime(identifier, arg_names)
- @mtimes[full_key(identifier, arg_names)]
- end
-
- # Compile the provided source code for the given argument names and with the given initial line number.
- # The identifier should be unique to this source.
- #
- # The file_name, if provided will appear in backtraces. If not provided, the file_name defaults
- # to the identifier.
- #
- # This method will return the selector for the compiled version of this method.
- def compile_source(identifier, arg_names, source, initial_line_number = 0, file_name = nil)
- file_name ||= identifier
- name = method_names[full_key(identifier, arg_names)]
- arg_desc = arg_names.empty? ? '' : "(#{arg_names * ', '})"
- fake_file_name = "#{file_name}#{arg_desc}" # Include the arguments for this version (for now)
-
- method_def = wrap_source(name, arg_names, source)
-
- begin
- module_eval(method_def, fake_file_name, initial_line_number)
- @mtimes[full_key(identifier, arg_names)] = Time.now
- rescue Exception => e # errors from compiled source
- e.blame_file! identifier
- raise
- end
- name
- end
-
- # Wrap the provided source in a def ... end block.
- def wrap_source(name, arg_names, source)
- "def #{name}(#{arg_names * ', '})\n#{source}\nend"
- end
- end
-end
View
192 actionpack/test/template/compiled_templates_test.rb
@@ -1,192 +0,0 @@
-require 'abstract_unit'
-require 'action_view/helpers/date_helper'
-require 'action_view/compiled_templates'
-
-class CompiledTemplateTests < Test::Unit::TestCase
- def setup
- @ct = ActionView::CompiledTemplates.new
- @v = Class.new
- @v.send :include, @ct
- @a = './test_compile_template_a.rhtml'
- @b = './test_compile_template_b.rhtml'
- @s = './test_compile_template_link.rhtml'
- end
- def teardown
- [@a, @b, @s].each do |f|
- FileUtils.rm(f) if File.exist?(f) || File.symlink?(f)
- end
- end
- attr_reader :ct, :v
-
- def test_name_allocation
- hi_world = ct.method_names['hi world']
- hi_sexy = ct.method_names['hi sexy']
- wish_upon_a_star = ct.method_names['I love seeing decent error messages']
-
- assert_equal hi_world, ct.method_names['hi world']
- assert_equal hi_sexy, ct.method_names['hi sexy']
- assert_equal wish_upon_a_star, ct.method_names['I love seeing decent error messages']
- assert_equal 3, [hi_world, hi_sexy, wish_upon_a_star].uniq.length
- end
-
- def test_wrap_source
- assert_equal(
- "def aliased_assignment(value)\nself.value = value\nend",
- @ct.wrap_source(:aliased_assignment, [:value], 'self.value = value')
- )
-
- assert_equal(
- "def simple()\nnil\nend",
- @ct.wrap_source(:simple, [], 'nil')
- )
- end
-
- def test_compile_source_single_method
- selector = ct.compile_source('doubling method', [:a], 'a + a')
- assert_equal 2, @v.new.send(selector, 1)
- assert_equal 4, @v.new.send(selector, 2)
- assert_equal -4, @v.new.send(selector, -2)
- assert_equal 0, @v.new.send(selector, 0)
- selector
- end
-
- def test_compile_source_two_method
- sel1 = test_compile_source_single_method # compile the method in the other test
- sel2 = ct.compile_source('doubling method', [:a, :b], 'a + b + a + b')
- assert_not_equal sel1, sel2
-
- assert_equal 2, @v.new.send(sel1, 1)
- assert_equal 4, @v.new.send(sel1, 2)
-
- assert_equal 6, @v.new.send(sel2, 1, 2)
- assert_equal 32, @v.new.send(sel2, 15, 1)
- end
-
- def test_mtime
- t1 = Time.now
-
- test_compile_source_single_method
- mtime = ct.mtime('doubling method', [:a])
-
- assert mtime < Time.now
- assert mtime > t1
- end
-
- uses_mocha 'test_compile_time' do
-
- def test_compile_time
- t = Time.now
-
- File.open(@a, "w"){|f| f.puts @a}
- File.open(@b, "w"){|f| f.puts @b}
- # windows doesn't support symlinks (even under cygwin)
- windows = (RUBY_PLATFORM =~ /win32/)
- `ln -s #{@a} #{@s}` unless windows
-
- v = ActionView::Base.new
- v.base_path = '.'
- v.cache_template_loading = false
-
- ta = ActionView::Template.new(v, @a, false, {})
- tb = ActionView::Template.new(v, @b, false, {})
- ts = ActionView::Template.new(v, @s, false, {})
-
- @handler_class = ActionView::Template.handler_class_for_extension(:rhtml)
- @handler = @handler_class.new(v)
-
- # All templates were created at t+1
- File::Stat.any_instance.expects(:mtime).times(windows ? 2 : 3).returns(t + 1.second)
-
- # private methods template_changed_since? and compile_template?
- # should report true for all since they have not been compiled
- assert @handler.send(:template_changed_since?, @a, t)
- assert @handler.send(:template_changed_since?, @b, t)
- assert @handler.send(:template_changed_since?, @s, t) unless windows
-
- assert @handler.send(:compile_template?, ta)
- assert @handler.send(:compile_template?, tb)
- assert @handler.send(:compile_template?, ts) unless windows
-
- # All templates are rendered at t+2
- Time.expects(:now).times(windows ? 2 : 3).returns(t + 2.seconds)
- v.send(:render_template, ta)
- v.send(:render_template, tb)
- v.send(:render_template, ts) unless windows
- a_n = v.method_names[@a]
- b_n = v.method_names[@b]
- s_n = v.method_names[@s] unless windows
- # all of the files have changed since last compile
- assert @handler.compile_time[a_n] > t
- assert @handler.compile_time[b_n] > t
- assert @handler.compile_time[s_n] > t unless windows
-
- # private methods template_changed_since? and compile_template?
- # should report false for all since none have changed since compile
- File::Stat.any_instance.expects(:mtime).times(windows ? 6 : 12).returns(t + 1.second)
- assert !@handler.send(:template_changed_since?, @a, @handler.compile_time[a_n])
- assert !@handler.send(:template_changed_since?, @b, @handler.compile_time[b_n])
- assert !@handler.send(:template_changed_since?, @s, @handler.compile_time[s_n]) unless windows
- assert !@handler.send(:compile_template?, ta)
- assert !@handler.send(:compile_template?, tb)
- assert !@handler.send(:compile_template?, ts) unless windows
- v.send(:render_template, ta)
- v.send(:render_template, tb)
- v.send(:render_template, ts) unless windows
- # none of the files have changed since last compile
- assert @handler.compile_time[a_n] < t + 3.seconds
- assert @handler.compile_time[b_n] < t + 3.seconds
- assert @handler.compile_time[s_n] < t + 3.seconds unless windows
-
- `rm #{@s}; ln -s #{@b} #{@s}` unless windows
- # private methods template_changed_since? and compile_template?
- # should report true for symlink since it has changed since compile
-
- # t + 3.seconds is for the symlink
- File::Stat.any_instance.expects(:mtime).times(windows ? 6 : 9).returns(
- *(windows ? [ t + 1.second, t + 1.second ] :
- [ t + 1.second, t + 1.second, t + 3.second ]) * 3)
- assert !@handler.send(:template_changed_since?, @a, @handler.compile_time[a_n])
- assert !@handler.send(:template_changed_since?, @b, @handler.compile_time[b_n])
- assert @handler.send(:template_changed_since?, @s, @handler.compile_time[s_n]) unless windows
- assert !@handler.send(:compile_template?, ta)
- assert !@handler.send(:compile_template?, tb)
- assert @handler.send(:compile_template?, ts) unless windows
-
- # Only the symlink template gets rendered at t+3
- Time.stubs(:now).returns(t + 3.seconds) unless windows
- v.send(:render_template, ta)
- v.send(:render_template, tb)
- v.send(:render_template, ts) unless windows
- # the symlink has changed since last compile
- assert @handler.compile_time[a_n] < t + 3.seconds
- assert @handler.compile_time[b_n] < t + 3.seconds
- assert_equal @handler.compile_time[s_n], t + 3.seconds unless windows
-
- FileUtils.touch @b
- # private methods template_changed_since? and compile_template?
- # should report true for symlink and file at end of symlink
- # since it has changed since last compile
- #
- # t+4 is for @b and also for the file that @s points to, which is @b
- File::Stat.any_instance.expects(:mtime).times(windows ? 6 : 12).returns(
- *(windows ? [ t + 1.second, t + 4.seconds ] :
- [ t + 1.second, t + 4.seconds, t + 3.second, t + 4.seconds ]) * 3)
- assert !@handler.send(:template_changed_since?, @a, @handler.compile_time[a_n])
- assert @handler.send(:template_changed_since?, @b, @handler.compile_time[b_n])
- assert @handler.send(:template_changed_since?, @s, @handler.compile_time[s_n]) unless windows
- assert !@handler.send(:compile_template?, ta)
- assert @handler.send(:compile_template?, tb)
- assert @handler.send(:compile_template?, ts) unless windows
-
- Time.expects(:now).times(windows ? 1 : 2).returns(t + 5.seconds)
- v.send(:render_template, ta)
- v.send(:render_template, tb)
- v.send(:render_template, ts) unless windows
- # the file at the end of the symlink has changed since last compile
- # both the symlink and the file at the end of it should be recompiled
- assert @handler.compile_time[a_n] < t + 5.seconds
- assert_equal @handler.compile_time[b_n], t + 5.seconds
- assert_equal @handler.compile_time[s_n], t + 5.seconds unless windows
- end
- end
-end
View
6 activerecord/CHANGELOG
@@ -1,8 +1,12 @@
+*2.1.0 (May 31st, 2008)*
+
* Add ActiveRecord::Base.sti_name that checks ActiveRecord::Base#store_full_sti_class? and returns either the full or demodulized name. [rick]
* Add first/last methods to associations/named_scope. Resolved #226. [Ryan Bates]
-*2.1.0 RC1 (May 11th, 2008)*
+* Added SQL escaping for :limit and :offset #288 [Aaron Bedra, Steven Bristol, Jonathan Wiess]
+
+* Added first/last methods to associations/named_scope. Resolved #226. [Ryan Bates]
* Ensure hm:t preloading honours reflection options. Resolves #137. [Frederick Cheung]
View
2 activerecord/Rakefile
@@ -171,7 +171,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.0.991' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.1.0' + PKG_BUILD)
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
View
9 activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
@@ -106,11 +106,16 @@ def add_limit!(sql, options)
# SELECT * FROM suppliers LIMIT 10 OFFSET 50
def add_limit_offset!(sql, options)
if limit = options[:limit]
- sql << " LIMIT #{limit}"
+ sql << " LIMIT #{sanitize_limit(limit)}"
if offset = options[:offset]
- sql << " OFFSET #{offset}"
+ sql << " OFFSET #{offset.to_i}"
end
end
+ sql
+ end
+
+ def sanitize_limit(limit)
+ limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i
end
# Appends a locking clause to an SQL statement.
View
2 activerecord/lib/active_record/validations.rb
@@ -692,7 +692,7 @@ def validates_format_of(*attr_names)
raise(ArgumentError, "A regular expression must be supplied as the :with option of the configuration hash") unless configuration[:with].is_a?(Regexp)
validates_each(attr_names, configuration) do |record, attr_name, value|
- record.errors.add(attr_name, configuration[:message]) unless value.to_s =~ configuration[:with]
+ record.errors.add(attr_name, configuration[:message] % value) unless value.to_s =~ configuration[:with]
end
end
View
4 activerecord/lib/active_record/version.rb
@@ -1,8 +1,8 @@
module ActiveRecord
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
20 activerecord/test/cases/adapter_test.rb
@@ -104,4 +104,24 @@ def test_reset_table_with_non_integer_pk
end
end
+ def test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas
+ sql_inject = "1 select * from schema"
+ assert_equal " LIMIT 1", @connection.add_limit_offset!("", :limit=>sql_inject)
+ if current_adapter?(:MysqlAdapter)
+ assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
+ else
+ assert_equal " LIMIT 1 OFFSET 7", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
+ end
+ end
+
+ def test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
+ sql_inject = "1, 7 procedure help()"
+ if current_adapter?(:MysqlAdapter)
+ assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject)
+ assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
+ else
+ assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject)
+ assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
+ end
+ end
end
View
6 activerecord/test/cases/validations_test.rb
@@ -583,6 +583,12 @@ def test_validate_format_numeric
assert_nil t.errors.on(:title)
end
+ def test_validate_format_with_formatted_message
+ Topic.validates_format_of(:title, :with => /^Valid Title$/, :message => "can't be %s")
+ t = Topic.create(:title => 'Invalid title')
+ assert_equal "can't be Invalid title", t.errors.on(:title)
+ end
+
def test_validates_inclusion_of
Topic.validates_inclusion_of( :title, :in => %w( a b c d e f g ) )
View
2 activeresource/CHANGELOG
@@ -1,4 +1,4 @@
-*2.1.0 RC1 (May 11th, 2008)*
+*2.1.0 (May 31st, 2008)*
* Fixed response logging to use length instead of the entire thing (seangeo) [#27]
View
2 activeresource/Rakefile
@@ -64,7 +64,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.0.991' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.1.0' + PKG_BUILD)
s.require_path = 'lib'
s.autorequire = 'active_resource'
View
4 activeresource/lib/active_resource/version.rb
@@ -1,8 +1,8 @@
module ActiveResource
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
4 activesupport/CHANGELOG
@@ -1,3 +1,5 @@
+*2.1.0 (May 31st, 2008)*
+
* TimeZone#to_s shows offset as GMT instead of UTC, because GMT will be more familiar to end users (see time zone selects used by Windows OS, google.com and yahoo.com.) Reverts [8370] [Geoff Buesing]
* Hash.from_xml: datetime xml types overflow to Ruby DateTime class when out of range of Time. Adding tests for utc offsets [Geoff Buesing]
@@ -6,8 +8,6 @@
* Time#to_json: don't convert to utc before encoding. References #175 [Geoff Buesing]
-*2.1.0 RC1 (May 11th, 2008)*
-
* Remove unused JSON::RESERVED_WORDS, JSON.valid_identifier? and JSON.reserved_word? methods. Resolves #164. [Cheah Chu Yeow]
* Adding Date.current, which returns Time.zone.today if config.time_zone is set; otherwise returns Date.today [Geoff Buesing]
View
4 activesupport/lib/active_support/version.rb
@@ -1,8 +1,8 @@
module ActiveSupport
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
8 railties/CHANGELOG
@@ -1,10 +1,4 @@
-*SVN*
-
-* Consolidate error messages for missing gems, and skip them when running rake gems:* tasks. [rick]
-
-* Use a system command to install gems, since GemRunner exits the ruby process. #210 [Tim Morgan]
-
-*2.1.0 RC1 (May 11th, 2008)*
+*2.1.0 (May 31st, 2008)*
* script/dbconsole fires up the command-line database client. #102 [Steve Purcell]
View
10 railties/Rakefile
@@ -304,11 +304,11 @@ spec = Gem::Specification.new do |s|
EOF
s.add_dependency('rake', '>= 0.8.1')
- s.add_dependency('activesupport', '= 2.0.991' + PKG_BUILD)
- s.add_dependency('activerecord', '= 2.0.991' + PKG_BUILD)
- s.add_dependency('actionpack', '= 2.0.991' + PKG_BUILD)
- s.add_dependency('actionmailer', '= 2.0.991' + PKG_BUILD)
- s.add_dependency('activeresource', '= 2.0.991' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.1.0' + PKG_BUILD)
+ s.add_dependency('activerecord', '= 2.1.0' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.1.0' + PKG_BUILD)
+ s.add_dependency('actionmailer', '= 2.1.0' + PKG_BUILD)
+ s.add_dependency('activeresource', '= 2.1.0' + PKG_BUILD)
s.rdoc_options << '--exclude' << '.'
s.has_rdoc = false
View
4 railties/lib/rails/version.rb
@@ -1,8 +1,8 @@
module Rails
module VERSION #:nodoc:
MAJOR = 2
- MINOR = 0
- TINY = 991
+ MINOR = 1
+ TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
7 release.rb
@@ -4,7 +4,7 @@
PACKAGES = %w(activesupport activerecord actionpack actionmailer activeresource)
# Checkout source
-`rm -rf release && svn export http://dev.rubyonrails.org/svn/rails/trunk release`
+# `rm -rf release && svn export http://dev.rubyonrails.org/svn/rails/trunk release`
# Create Rails packages
`cd release/railties && rake template=jamis package`
@@ -19,7 +19,4 @@
# Upload rails tgz/zip
`rubyforge add_release rails rails 'REL #{VERSION}' release/rails-#{VERSION}.tgz`
-`rubyforge add_release rails rails 'REL #{VERSION}' release/rails-#{VERSION}.zip`
-
-# Create SVN tag
-puts "Remember to create SVN tag"
+`rubyforge add_release rails rails 'REL #{VERSION}' release/rails-#{VERSION}.zip`

0 comments on commit 6a975d6

Please sign in to comment.