Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: rails/rails
...
head fork: rails/rails
  • 13 commits
  • 26 files changed
  • 1 commit comment
  • 5 contributors
Showing with 102 additions and 27 deletions.
  1. +0 −1  .gitignore
  2. +1 −1  actionmailer/Rakefile
  3. +1 −1  actionmailer/lib/action_mailer/version.rb
  4. +2 −2 actionpack/CHANGELOG
  5. +1 −1  actionpack/Rakefile
  6. +2 −1  actionpack/lib/action_controller/response.rb
  7. +1 −1  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
  8. +1 −1  actionpack/lib/action_pack/version.rb
  9. +10 −0 actionpack/test/controller/content_type_test.rb
  10. +7 −0 actionpack/test/controller/html-scanner/sanitizer_test.rb
  11. +1 −1  activerecord/Rakefile
  12. +1 −1  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
  13. +1 −1  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
  14. +0 −1  activerecord/lib/active_record/validations.rb
  15. +1 −1  activerecord/lib/active_record/version.rb
  16. +17 −0 activerecord/test/cases/base_test.rb
  17. +1 −1  activeresource/Rakefile
  18. +1 −1  activeresource/lib/active_resource/version.rb
  19. +1 −1  activesupport/lib/active_support/core_ext/string/output_safety.rb
  20. +7 −3 activesupport/lib/active_support/ordered_hash.rb
  21. +1 −1  activesupport/lib/active_support/version.rb
  22. +7 −0 activesupport/test/core_ext/string_ext_test.rb
  23. +26 −0 activesupport/test/ordered_hash_test.rb
  24. +5 −5 railties/Rakefile
  25. +1 −1  railties/lib/rails/version.rb
  26. +5 −0 railties/lib/tasks/documentation.rake
1  .gitignore
View
@@ -1,4 +1,3 @@
-*.gem
pkg
.bundle
debug.log
2  actionmailer/Rakefile
View
@@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
s.requirements << 'none'
s.require_path = 'lib'
2  actionmailer/lib/action_mailer/version.rb
View
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
4 actionpack/CHANGELOG
View
@@ -1935,7 +1935,7 @@ superclass' view_paths. [Rick Olson]
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
@@ -2532,7 +2532,7 @@ superclass' view_paths. [Rick Olson]
* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
2  actionpack/Rakefile
View
@@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s|
s.requirements << 'none'
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.add_dependency('rack', '~> 1.1.0')
s.require_path = 'lib'
3  actionpack/lib/action_controller/response.rb
View
@@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
# the character set information will also be included in the content type
# information.
def content_type=(mime_type)
- self.headers["Content-Type"] =
+ new_content_type =
if mime_type =~ /charset/ || (c = charset).nil?
mime_type.to_s
else
"#{mime_type}; charset=#{c}"
end
+ self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
end
# Returns the response's content MIME type, or nil if content type has been set.
2  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
View
@@ -162,7 +162,7 @@ def parse(parent, line, pos, content, strict=true)
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
name.downcase!
unless closing
2  actionpack/lib/action_pack/version.rb
View
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
10 actionpack/test/controller/content_type_test.rb
View
@@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
format.rss { render :text => "hello world!", :content_type => Mime::XML }
end
end
+
+ def render_content_type_from_user_input
+ response.content_type= params[:hello]
+ render :text=>"hello"
+ end
def rescue_action(e) raise end
end
@@ -129,6 +134,11 @@ def test_change_for_rxml
assert_equal Mime::HTML, @response.content_type
assert_equal "utf-8", @response.charset
end
+
+ def test_user_supplied_value
+ get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
+ assert_equal "hello/world%0D%0AAttack: true", @response.content_type
+ end
end
class AcceptBasedContentTypeTest < ActionController::TestCase
7 actionpack/test/controller/html-scanner/sanitizer_test.rb
View
@@ -5,6 +5,13 @@ def setup
@sanitizer = nil # used by assert_sanitizer
end
+ def test_strip_tags_with_quote
+ sanitizer = HTML::FullSanitizer.new
+ string = '<" <img src="trollface.gif" onload="alert(1)"> hi'
+
+ assert_equal ' hi', sanitizer.sanitize(string)
+ end
+
def test_strip_tags
sanitizer = HTML::FullSanitizer.new
assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))
2  activerecord/Rakefile
View
@@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
2  activerecord/lib/active_record/connection_adapters/mysql_adapter.rb
View
@@ -238,7 +238,7 @@ def quote(value, column = nil)
end
def quote_column_name(name) #:nodoc:
- @quoted_column_names[name] ||= "`#{name}`"
+ @quoted_column_names[name] ||= "`#{name.to_s.gsub('`', '``')}`"
end
def quote_table_name(name) #:nodoc:
2  activerecord/lib/active_record/connection_adapters/sqlite_adapter.rb
View
@@ -162,7 +162,7 @@ def quote_string(s) #:nodoc:
end
def quote_column_name(name) #:nodoc:
- %Q("#{name}")
+ %Q("#{name.to_s.gsub('"', '""')}")
end
1  activerecord/lib/active_record/validations.rb
View
@@ -333,7 +333,6 @@ def to_xml(options={})
end
def generate_message(attribute, message = :invalid, options = {})
- ActiveSupport::Deprecation.warn("ActiveRecord::Errors#generate_message has been deprecated. Please use ActiveRecord::Error.new().to_s.")
Error.new(@base, attribute, message, options).to_s
end
end
2  activerecord/lib/active_record/version.rb
View
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
17 activerecord/test/cases/base_test.rb
View
@@ -79,6 +79,23 @@ class TopicWithProtectedContentAndAccessibleAuthorName < ActiveRecord::Base
class BasicsTest < ActiveRecord::TestCase
fixtures :topics, :companies, :developers, :projects, :computers, :accounts, :minimalistics, 'warehouse-things', :authors, :categorizations, :categories, :posts
+ def test_column_names_are_escaped
+ conn = ActiveRecord::Base.connection
+ classname = conn.class.name[/[^:]*$/]
+ badchar = {
+ 'SQLite3Adapter' => '"',
+ 'MysqlAdapter' => '`',
+ 'Mysql2Adapter' => '`',
+ 'PostgreSQLAdapter' => '"',
+ 'OracleAdapter' => '"',
+ }.fetch(classname) {
+ raise "need a bad char for #{classname}"
+ }
+
+ quoted = conn.quote_column_name "foo#{badchar}bar"
+ assert_equal("#{badchar}foo#{badchar * 2}bar#{badchar}", quoted)
+ end
+
def test_table_exists
assert !NonExistentTable.table_exists?
assert Topic.table_exists?
2  activeresource/Rakefile
View
@@ -66,7 +66,7 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.require_path = 'lib'
2  activeresource/lib/active_resource/version.rb
View
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
2  activesupport/lib/active_support/core_ext/string/output_safety.rb
View
@@ -19,7 +19,7 @@ def html_escape(s)
if s.html_safe?
s
else
- s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
+ s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;").html_safe
end
end
10 activesupport/lib/active_support/ordered_hash.rb
View
@@ -130,14 +130,18 @@ def shift
end
def merge!(other_hash)
- other_hash.each {|k,v| self[k] = v }
+ if block_given?
+ other_hash.each { |k, v| self[k] = key?(k) ? yield(k, self[k], v) : v }
+ else
+ other_hash.each { |k, v| self[k] = v }
+ end
self
end
alias_method :update, :merge!
- def merge(other_hash)
- dup.merge!(other_hash)
+ def merge(other_hash, &block)
+ dup.merge!(other_hash, &block)
end
# When replacing with another hash, the initial order of our keys must come from the other hash -ordered or not.
2  activesupport/lib/active_support/version.rb
View
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
7 activesupport/test/core_ext/string_ext_test.rb
View
@@ -2,10 +2,17 @@
require 'date'
require 'abstract_unit'
require 'inflector_test_cases'
+require 'active_support/core_ext/string/output_safety'
class StringInflectionsTest < Test::Unit::TestCase
include InflectorTestCases
+ def test_erb_escape
+ string = [192, 60].pack('CC')
+ expected = 192.chr + "&lt;"
+ assert_equal expected, ERB::Util.html_escape(string)
+ end
+
def test_pluralize
SingularToPlural.each do |singular, plural|
assert_equal(plural, singular.pluralize)
26 activesupport/test/ordered_hash_test.rb
View
@@ -147,6 +147,32 @@ def test_merge
assert_equal @ordered_hash.keys, merged.keys
end
+ def test_merge_with_block
+ hash = ActiveSupport::OrderedHash.new
+ hash[:a] = 0
+ hash[:b] = 0
+ merged = hash.merge(:b => 2, :c => 7) do |key, old_value, new_value|
+ new_value + 1
+ end
+
+ assert_equal 0, merged[:a]
+ assert_equal 3, merged[:b]
+ assert_equal 7, merged[:c]
+ end
+
+ def test_merge_bang_with_block
+ hash = ActiveSupport::OrderedHash.new
+ hash[:a] = 0
+ hash[:b] = 0
+ hash.merge!(:a => 1, :c => 7) do |key, old_value, new_value|
+ new_value + 3
+ end
+
+ assert_equal 4, hash[:a]
+ assert_equal 0, hash[:b]
+ assert_equal 7, hash[:c]
+ end
+
def test_shift
pair = @ordered_hash.shift
assert_equal [@keys.first, @values.first], pair
10 railties/Rakefile
View
@@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s|
EOF
s.add_dependency('rake', '>= 0.8.3')
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activerecord', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionmailer', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activeresource', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activerecord', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionmailer', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activeresource', '= 2.3.14' + PKG_BUILD)
s.rdoc_options << '--exclude' << '.'
2  railties/lib/rails/version.rb
View
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
5 railties/lib/tasks/documentation.rake
View
@@ -1,3 +1,5 @@
+begin
+ require 'rdoc/task'
namespace :doc do
desc "Generate documentation for the application. Set custom template with TEMPLATE=/path/to/rdoc/template.rb or title with TITLE=\"Custom Title\""
RDoc::Task.new("app") { |rdoc|
@@ -86,3 +88,6 @@ namespace :doc do
end
end
end
+rescue LoadError
+ $stderr.puts 'Please install RDoc 2.4.2+ to generate documentation.'
+end

Showing you all comments on commits in this comparison.

ippa

cool

Something went wrong with that request. Please try again.