Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
  • 13 commits
  • 26 files changed
  • 1 commit comment
  • 5 contributors
Showing with 102 additions and 27 deletions.
  1. +0 −1  .gitignore
  2. +1 −1  actionmailer/Rakefile
  3. +1 −1  actionmailer/lib/action_mailer/version.rb
  4. +2 −2 actionpack/CHANGELOG
  5. +1 −1  actionpack/Rakefile
  6. +2 −1  actionpack/lib/action_controller/response.rb
  7. +1 −1  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
  8. +1 −1  actionpack/lib/action_pack/version.rb
  9. +10 −0 actionpack/test/controller/content_type_test.rb
  10. +7 −0 actionpack/test/controller/html-scanner/sanitizer_test.rb
  11. +1 −1  activerecord/Rakefile
  12. +1 −1  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
  13. +1 −1  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
  14. +0 −1  activerecord/lib/active_record/validations.rb
  15. +1 −1  activerecord/lib/active_record/version.rb
  16. +17 −0 activerecord/test/cases/base_test.rb
  17. +1 −1  activeresource/Rakefile
  18. +1 −1  activeresource/lib/active_resource/version.rb
  19. +1 −1  activesupport/lib/active_support/core_ext/string/output_safety.rb
  20. +7 −3 activesupport/lib/active_support/ordered_hash.rb
  21. +1 −1  activesupport/lib/active_support/version.rb
  22. +7 −0 activesupport/test/core_ext/string_ext_test.rb
  23. +26 −0 activesupport/test/ordered_hash_test.rb
  24. +5 −5 railties/Rakefile
  25. +1 −1  railties/lib/rails/version.rb
  26. +5 −0 railties/lib/tasks/documentation.rake
View
1  .gitignore
@@ -1,4 +1,3 @@
-*.gem
pkg
.bundle
debug.log
View
2  actionmailer/Rakefile
@@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
s.requirements << 'none'
s.require_path = 'lib'
View
2  actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
4 actionpack/CHANGELOG
@@ -1935,7 +1935,7 @@ superclass' view_paths. [Rick Olson]
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
@@ -2532,7 +2532,7 @@ superclass' view_paths. [Rick Olson]
* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
View
2  actionpack/Rakefile
@@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s|
s.requirements << 'none'
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.add_dependency('rack', '~> 1.1.0')
s.require_path = 'lib'
View
3  actionpack/lib/action_controller/response.rb
@@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
# the character set information will also be included in the content type
# information.
def content_type=(mime_type)
- self.headers["Content-Type"] =
+ new_content_type =
if mime_type =~ /charset/ || (c = charset).nil?
mime_type.to_s
else
"#{mime_type}; charset=#{c}"
end
+ self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
end
# Returns the response's content MIME type, or nil if content type has been set.
View
2  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -162,7 +162,7 @@ def parse(parent, line, pos, content, strict=true)
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
name.downcase!
unless closing
View
2  actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
10 actionpack/test/controller/content_type_test.rb
@@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
format.rss { render :text => "hello world!", :content_type => Mime::XML }
end
end
+
+ def render_content_type_from_user_input
+ response.content_type= params[:hello]
+ render :text=>"hello"
+ end
def rescue_action(e) raise end
end
@@ -129,6 +134,11 @@ def test_change_for_rxml
assert_equal Mime::HTML, @response.content_type
assert_equal "utf-8", @response.charset
end
+
+ def test_user_supplied_value
+ get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
+ assert_equal "hello/world%0D%0AAttack: true", @response.content_type
+ end
end
class AcceptBasedContentTypeTest < ActionController::TestCase
View
7 actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -5,6 +5,13 @@ def setup
@sanitizer = nil # used by assert_sanitizer
end
+ def test_strip_tags_with_quote
+ sanitizer = HTML::FullSanitizer.new
+ string = '<" <img src="trollface.gif" onload="alert(1)"> hi'
+
+ assert_equal ' hi', sanitizer.sanitize(string)
+ end
+
def test_strip_tags
sanitizer = HTML::FullSanitizer.new
assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))
View
2  activerecord/Rakefile
@@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
View
2  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
@@ -238,7 +238,7 @@ def quote(value, column = nil)
end
def quote_column_name(name) #:nodoc:
- @quoted_column_names[name] ||= "`#{name}`"
+ @quoted_column_names[name] ||= "`#{name.to_s.gsub('`', '``')}`"
end
def quote_table_name(name) #:nodoc:
View
2  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
@@ -162,7 +162,7 @@ def quote_string(s) #:nodoc:
end
def quote_column_name(name) #:nodoc:
- %Q("#{name}")
+ %Q("#{name.to_s.gsub('"', '""')}")
end
View
1  activerecord/lib/active_record/validations.rb
@@ -333,7 +333,6 @@ def to_xml(options={})
end
def generate_message(attribute, message = :invalid, options = {})
- ActiveSupport::Deprecation.warn("ActiveRecord::Errors#generate_message has been deprecated. Please use ActiveRecord::Error.new().to_s.")
Error.new(@base, attribute, message, options).to_s
end
end
View
2  activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
17 activerecord/test/cases/base_test.rb
@@ -79,6 +79,23 @@ class TopicWithProtectedContentAndAccessibleAuthorName < ActiveRecord::Base
class BasicsTest < ActiveRecord::TestCase
fixtures :topics, :companies, :developers, :projects, :computers, :accounts, :minimalistics, 'warehouse-things', :authors, :categorizations, :categories, :posts
+ def test_column_names_are_escaped
+ conn = ActiveRecord::Base.connection
+ classname = conn.class.name[/[^:]*$/]
+ badchar = {
+ 'SQLite3Adapter' => '"',
+ 'MysqlAdapter' => '`',
+ 'Mysql2Adapter' => '`',
+ 'PostgreSQLAdapter' => '"',
+ 'OracleAdapter' => '"',
+ }.fetch(classname) {
+ raise "need a bad char for #{classname}"
+ }
+
+ quoted = conn.quote_column_name "foo#{badchar}bar"
+ assert_equal("#{badchar}foo#{badchar * 2}bar#{badchar}", quoted)
+ end
+
def test_table_exists
assert !NonExistentTable.table_exists?
assert Topic.table_exists?
View
2  activeresource/Rakefile
@@ -66,7 +66,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.require_path = 'lib'
View
2  activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
2  activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -19,7 +19,7 @@ def html_escape(s)
if s.html_safe?
s
else
- s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
+ s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;").html_safe
end
end
View
10 activesupport/lib/active_support/ordered_hash.rb
@@ -130,14 +130,18 @@ def shift
end
def merge!(other_hash)
- other_hash.each {|k,v| self[k] = v }
+ if block_given?
+ other_hash.each { |k, v| self[k] = key?(k) ? yield(k, self[k], v) : v }
+ else
+ other_hash.each { |k, v| self[k] = v }
+ end
self
end
alias_method :update, :merge!
- def merge(other_hash)
- dup.merge!(other_hash)
+ def merge(other_hash, &block)
+ dup.merge!(other_hash, &block)
end
# When replacing with another hash, the initial order of our keys must come from the other hash -ordered or not.
View
2  activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
7 activesupport/test/core_ext/string_ext_test.rb
@@ -2,10 +2,17 @@
require 'date'
require 'abstract_unit'
require 'inflector_test_cases'
+require 'active_support/core_ext/string/output_safety'
class StringInflectionsTest < Test::Unit::TestCase
include InflectorTestCases
+ def test_erb_escape
+ string = [192, 60].pack('CC')
+ expected = 192.chr + "&lt;"
+ assert_equal expected, ERB::Util.html_escape(string)
+ end
+
def test_pluralize
SingularToPlural.each do |singular, plural|
assert_equal(plural, singular.pluralize)
View
26 activesupport/test/ordered_hash_test.rb
@@ -147,6 +147,32 @@ def test_merge
assert_equal @ordered_hash.keys, merged.keys
end
+ def test_merge_with_block
+ hash = ActiveSupport::OrderedHash.new
+ hash[:a] = 0
+ hash[:b] = 0
+ merged = hash.merge(:b => 2, :c => 7) do |key, old_value, new_value|
+ new_value + 1
+ end
+
+ assert_equal 0, merged[:a]
+ assert_equal 3, merged[:b]
+ assert_equal 7, merged[:c]
+ end
+
+ def test_merge_bang_with_block
+ hash = ActiveSupport::OrderedHash.new
+ hash[:a] = 0
+ hash[:b] = 0
+ hash.merge!(:a => 1, :c => 7) do |key, old_value, new_value|
+ new_value + 3
+ end
+
+ assert_equal 4, hash[:a]
+ assert_equal 0, hash[:b]
+ assert_equal 7, hash[:c]
+ end
+
def test_shift
pair = @ordered_hash.shift
assert_equal [@keys.first, @values.first], pair
View
10 railties/Rakefile
@@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s|
EOF
s.add_dependency('rake', '>= 0.8.3')
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activerecord', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionmailer', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activeresource', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activerecord', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionmailer', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activeresource', '= 2.3.14' + PKG_BUILD)
s.rdoc_options << '--exclude' << '.'
View
2  railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
5 railties/lib/tasks/documentation.rake
@@ -1,3 +1,5 @@
+begin
+ require 'rdoc/task'
namespace :doc do
desc "Generate documentation for the application. Set custom template with TEMPLATE=/path/to/rdoc/template.rb or title with TITLE=\"Custom Title\""
RDoc::Task.new("app") { |rdoc|
@@ -86,3 +88,6 @@ namespace :doc do
end
end
end
+rescue LoadError
+ $stderr.puts 'Please install RDoc 2.4.2+ to generate documentation.'
+end

Showing you all comments on commits in this comparison.

@ippa

cool

Something went wrong with that request. Please try again.