Skip to content
This repository
  • 13 commits
  • 26 files changed
  • 1 comment
  • 5 contributors

Showing 26 changed files with 102 additions and 27 deletions. Show diff stats Hide diff stats

  1. 1  .gitignore
  2. 2  actionmailer/Rakefile
  3. 2  actionmailer/lib/action_mailer/version.rb
  4. 4  actionpack/CHANGELOG
  5. 2  actionpack/Rakefile
  6. 3  actionpack/lib/action_controller/response.rb
  7. 2  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
  8. 2  actionpack/lib/action_pack/version.rb
  9. 10  actionpack/test/controller/content_type_test.rb
  10. 7  actionpack/test/controller/html-scanner/sanitizer_test.rb
  11. 2  activerecord/Rakefile
  12. 2  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
  13. 2  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
  14. 1  activerecord/lib/active_record/validations.rb
  15. 2  activerecord/lib/active_record/version.rb
  16. 17  activerecord/test/cases/base_test.rb
  17. 2  activeresource/Rakefile
  18. 2  activeresource/lib/active_resource/version.rb
  19. 2  activesupport/lib/active_support/core_ext/string/output_safety.rb
  20. 10  activesupport/lib/active_support/ordered_hash.rb
  21. 2  activesupport/lib/active_support/version.rb
  22. 7  activesupport/test/core_ext/string_ext_test.rb
  23. 26  activesupport/test/ordered_hash_test.rb
  24. 10  railties/Rakefile
  25. 2  railties/lib/rails/version.rb
  26. 5  railties/lib/tasks/documentation.rake
1  .gitignore
... ...
@@ -1,4 +1,3 @@
1  
-*.gem
2 1
 pkg
3 2
 .bundle
4 3
 debug.log
2  actionmailer/Rakefile
@@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s|
54 54
   s.rubyforge_project = "actionmailer"
55 55
   s.homepage = "http://www.rubyonrails.org"
56 56
 
57  
-  s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
  57
+  s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
58 58
 
59 59
   s.requirements << 'none'
60 60
   s.require_path = 'lib'
2  actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
4  actionpack/CHANGELOG
@@ -1935,7 +1935,7 @@ superclass' view_paths.  [Rick Olson]
1935 1935
 
1936 1936
 * Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
1937 1937
 
1938  
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
  1938
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
1939 1939
 
1940 1940
 * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
1941 1941
 
@@ -2532,7 +2532,7 @@ superclass' view_paths.  [Rick Olson]
2532 2532
 
2533 2533
 * Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
2534 2534
 
2535  
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
  2535
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
2536 2536
 
2537 2537
 * Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
2538 2538
 
2  actionpack/Rakefile
@@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s|
78 78
 
79 79
   s.requirements << 'none'
80 80
 
81  
-  s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
  81
+  s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
82 82
   s.add_dependency('rack', '~> 1.1.0')
83 83
 
84 84
   s.require_path = 'lib'
3  actionpack/lib/action_controller/response.rb
@@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
64 64
     # the character set information will also be included in the content type
65 65
     # information.
66 66
     def content_type=(mime_type)
67  
-      self.headers["Content-Type"] =
  67
+      new_content_type =
68 68
         if mime_type =~ /charset/ || (c = charset).nil?
69 69
           mime_type.to_s
70 70
         else
71 71
           "#{mime_type}; charset=#{c}"
72 72
         end
  73
+      self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
73 74
     end
74 75
 
75 76
     # Returns the response's content MIME type, or nil if content type has been set.
2  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -162,7 +162,7 @@ def parse(parent, line, pos, content, strict=true)
162 162
           end
163 163
           
164 164
           closing = ( scanner.scan(/\//) ? :close : nil )
165  
-          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
  165
+          return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
166 166
           name.downcase!
167 167
   
168 168
           unless closing
2  actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
10  actionpack/test/controller/content_type_test.rb
@@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
46 46
       format.rss  { render :text   => "hello world!", :content_type => Mime::XML }
47 47
     end
48 48
   end
  49
+  
  50
+  def render_content_type_from_user_input
  51
+    response.content_type= params[:hello]
  52
+    render :text=>"hello"
  53
+  end
49 54
 
50 55
   def rescue_action(e) raise end
51 56
 end
@@ -129,6 +134,11 @@ def test_change_for_rxml
129 134
     assert_equal Mime::HTML, @response.content_type
130 135
     assert_equal "utf-8", @response.charset
131 136
   end
  137
+  
  138
+  def test_user_supplied_value
  139
+    get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
  140
+    assert_equal "hello/world%0D%0AAttack: true", @response.content_type
  141
+  end
132 142
 end
133 143
 
134 144
 class AcceptBasedContentTypeTest < ActionController::TestCase
7  actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -5,6 +5,13 @@ def setup
5 5
     @sanitizer = nil # used by assert_sanitizer
6 6
   end
7 7
 
  8
+  def test_strip_tags_with_quote
  9
+    sanitizer = HTML::FullSanitizer.new
  10
+    string    = '<" <img src="trollface.gif" onload="alert(1)"> hi'
  11
+
  12
+    assert_equal ' hi', sanitizer.sanitize(string)
  13
+  end
  14
+
8 15
   def test_strip_tags
9 16
     sanitizer = HTML::FullSanitizer.new
10 17
     assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))
2  activerecord/Rakefile
@@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
192 192
     s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
193 193
   end
194 194
 
195  
-  s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
  195
+  s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
196 196
 
197 197
   s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
198 198
   s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
2  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
@@ -238,7 +238,7 @@ def quote(value, column = nil)
238 238
       end
239 239
 
240 240
       def quote_column_name(name) #:nodoc:
241  
-        @quoted_column_names[name] ||= "`#{name}`"
  241
+        @quoted_column_names[name] ||= "`#{name.to_s.gsub('`', '``')}`"
242 242
       end
243 243
 
244 244
       def quote_table_name(name) #:nodoc:
2  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
@@ -162,7 +162,7 @@ def quote_string(s) #:nodoc:
162 162
       end
163 163
 
164 164
       def quote_column_name(name) #:nodoc:
165  
-        %Q("#{name}")
  165
+        %Q("#{name.to_s.gsub('"', '""')}")
166 166
       end
167 167
 
168 168
 
1  activerecord/lib/active_record/validations.rb
@@ -333,7 +333,6 @@ def to_xml(options={})
333 333
     end
334 334
 
335 335
     def generate_message(attribute, message = :invalid, options = {})
336  
-      ActiveSupport::Deprecation.warn("ActiveRecord::Errors#generate_message has been deprecated. Please use ActiveRecord::Error.new().to_s.")
337 336
       Error.new(@base, attribute, message, options).to_s
338 337
     end
339 338
   end
2  activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
17  activerecord/test/cases/base_test.rb
@@ -79,6 +79,23 @@ class TopicWithProtectedContentAndAccessibleAuthorName < ActiveRecord::Base
79 79
 class BasicsTest < ActiveRecord::TestCase
80 80
   fixtures :topics, :companies, :developers, :projects, :computers, :accounts, :minimalistics, 'warehouse-things', :authors, :categorizations, :categories, :posts
81 81
 
  82
+  def test_column_names_are_escaped
  83
+    conn      = ActiveRecord::Base.connection
  84
+    classname = conn.class.name[/[^:]*$/]
  85
+    badchar   = {
  86
+      'SQLite3Adapter'    => '"',
  87
+      'MysqlAdapter'      => '`',
  88
+      'Mysql2Adapter'     => '`',
  89
+      'PostgreSQLAdapter' => '"',
  90
+      'OracleAdapter'     => '"',
  91
+    }.fetch(classname) {
  92
+      raise "need a bad char for #{classname}"
  93
+    }
  94
+
  95
+    quoted = conn.quote_column_name "foo#{badchar}bar"
  96
+    assert_equal("#{badchar}foo#{badchar * 2}bar#{badchar}", quoted)
  97
+  end
  98
+
82 99
   def test_table_exists
83 100
     assert !NonExistentTable.table_exists?
84 101
     assert Topic.table_exists?
2  activeresource/Rakefile
@@ -66,7 +66,7 @@ spec = Gem::Specification.new do |s|
66 66
     s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
67 67
   end
68 68
   
69  
-  s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
  69
+  s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
70 70
 
71 71
   s.require_path = 'lib'
72 72
 
2  activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
2  activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -19,7 +19,7 @@ def html_escape(s)
19 19
       if s.html_safe?
20 20
         s
21 21
       else
22  
-        s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
  22
+        s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;").html_safe
23 23
       end
24 24
     end
25 25
 
10  activesupport/lib/active_support/ordered_hash.rb
@@ -130,14 +130,18 @@ def shift
130 130
       end
131 131
 
132 132
       def merge!(other_hash)
133  
-        other_hash.each {|k,v| self[k] = v }
  133
+        if block_given?
  134
+          other_hash.each { |k, v| self[k] = key?(k) ? yield(k, self[k], v) : v }
  135
+        else
  136
+          other_hash.each { |k, v| self[k] = v }
  137
+        end
134 138
         self
135 139
       end
136 140
 
137 141
       alias_method :update, :merge!
138 142
 
139  
-      def merge(other_hash)
140  
-        dup.merge!(other_hash)
  143
+      def merge(other_hash, &block)
  144
+        dup.merge!(other_hash, &block)
141 145
       end
142 146
 
143 147
       # When replacing with another hash, the initial order of our keys must come from the other hash -ordered or not.
2  activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
7  activesupport/test/core_ext/string_ext_test.rb
@@ -2,10 +2,17 @@
2 2
 require 'date'
3 3
 require 'abstract_unit'
4 4
 require 'inflector_test_cases'
  5
+require 'active_support/core_ext/string/output_safety'
5 6
 
6 7
 class StringInflectionsTest < Test::Unit::TestCase
7 8
   include InflectorTestCases
8 9
 
  10
+  def test_erb_escape
  11
+    string = [192, 60].pack('CC')
  12
+    expected = 192.chr + "&lt;"
  13
+    assert_equal expected, ERB::Util.html_escape(string)
  14
+  end
  15
+
9 16
   def test_pluralize
10 17
     SingularToPlural.each do |singular, plural|
11 18
       assert_equal(plural, singular.pluralize)
26  activesupport/test/ordered_hash_test.rb
@@ -147,6 +147,32 @@ def test_merge
147 147
     assert_equal @ordered_hash.keys, merged.keys
148 148
   end
149 149
 
  150
+  def test_merge_with_block
  151
+    hash = ActiveSupport::OrderedHash.new
  152
+    hash[:a] = 0
  153
+    hash[:b] = 0
  154
+    merged = hash.merge(:b => 2, :c => 7) do |key, old_value, new_value|
  155
+      new_value + 1
  156
+    end
  157
+
  158
+    assert_equal 0, merged[:a]
  159
+    assert_equal 3, merged[:b]
  160
+    assert_equal 7, merged[:c]
  161
+  end
  162
+
  163
+  def test_merge_bang_with_block
  164
+    hash = ActiveSupport::OrderedHash.new
  165
+    hash[:a] = 0
  166
+    hash[:b] = 0
  167
+    hash.merge!(:a => 1, :c => 7) do |key, old_value, new_value|
  168
+      new_value + 3
  169
+    end
  170
+
  171
+    assert_equal 4, hash[:a]
  172
+    assert_equal 0, hash[:b]
  173
+    assert_equal 7, hash[:c]
  174
+  end
  175
+
150 176
   def test_shift
151 177
     pair = @ordered_hash.shift
152 178
     assert_equal [@keys.first, @values.first], pair
10  railties/Rakefile
@@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s|
313 313
   EOF
314 314
 
315 315
   s.add_dependency('rake', '>= 0.8.3')
316  
-  s.add_dependency('activesupport',    '= 2.3.12' + PKG_BUILD)
317  
-  s.add_dependency('activerecord',     '= 2.3.12' + PKG_BUILD)
318  
-  s.add_dependency('actionpack',       '= 2.3.12' + PKG_BUILD)
319  
-  s.add_dependency('actionmailer',     '= 2.3.12' + PKG_BUILD)
320  
-  s.add_dependency('activeresource',   '= 2.3.12' + PKG_BUILD)
  316
+  s.add_dependency('activesupport',    '= 2.3.14' + PKG_BUILD)
  317
+  s.add_dependency('activerecord',     '= 2.3.14' + PKG_BUILD)
  318
+  s.add_dependency('actionpack',       '= 2.3.14' + PKG_BUILD)
  319
+  s.add_dependency('actionmailer',     '= 2.3.14' + PKG_BUILD)
  320
+  s.add_dependency('activeresource',   '= 2.3.14' + PKG_BUILD)
321 321
 
322 322
   s.rdoc_options << '--exclude' << '.'
323 323
 
2  railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
2 2
   module VERSION #:nodoc:
3 3
     MAJOR = 2
4 4
     MINOR = 3
5  
-    TINY  = 12
  5
+    TINY  = 14
6 6
 
7 7
     STRING = [MAJOR, MINOR, TINY].join('.')
8 8
   end
5  railties/lib/tasks/documentation.rake
... ...
@@ -1,3 +1,5 @@
  1
+begin
  2
+  require 'rdoc/task'
1 3
 namespace :doc do
2 4
   desc "Generate documentation for the application. Set custom template with TEMPLATE=/path/to/rdoc/template.rb or title with TITLE=\"Custom Title\""
3 5
   RDoc::Task.new("app") { |rdoc|
@@ -86,3 +88,6 @@ namespace :doc do
86 88
     end
87 89
   end
88 90
 end
  91
+rescue LoadError
  92
+  $stderr.puts 'Please install RDoc 2.4.2+ to generate documentation.'
  93
+end

Showing you all comments on commits in this comparison.

ippa
ippa commented on 8d02083 June 17, 2011

cool

Something went wrong with that request. Please try again.