Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
  • 17 commits
  • 26 files changed
  • 4 commit comments
  • 5 contributors
Commits on Feb 10, 2013
@tenderlove tenderlove adding test for CVE f8a2ec2
Commits on Feb 11, 2013
@Davidslv Davidslv Update activesupport/lib/active_support/core_ext/time/calculations.rb
Just maintaining the coherence with other methods, since everything has "at_" as prefix.
41cf359
@carlosantoniodasilva carlosantoniodasilva Merge pull request #9251 from Davidslv/patch-1
Add alias to maintain coherence with other methods, in end_of_day
d6adcb4
@carlosantoniodasilva carlosantoniodasilva Revert "Merge pull request #9251 from Davidslv/patch-1"
This reverts commit d6adcb4, reversing
changes made to 2e4aa39.

Reason: merged to unmaintained branch.
ae61bf4
@tenderlove tenderlove Merge branch '2-3-sec' into 2-3-stable
* 2-3-sec:
  bumping to 2.3.17
  fix serialization vulnerability
  fixing attr_protected CVE-2013-0276
1737f94
Commits on Feb 15, 2013
@fxn fxn Revert "Switched to newer rdoc and gem package tasks (and their requi…
…res)."

This is a manual revert of commit 79aa54d, since the commit itself touches
in addition some version numbers.

API generation before Rails 3 uses the Jamis template, which requires an
old version of RDoc. To generate the API you need Rake 0.8.x or 0.9.x,
and the RDoc distributed with 1.8.7 (version 1.0.1).
dad3109
Commits on Mar 16, 2013
@tenderlove tenderlove stop calling to_sym when building arel nodes [CVE-2013-1854] ef9f053
@charliesome charliesome fix incorrect ^$ usage leading to XSS in sanitize_css [CVE-2013-1855]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
f67851a
@tenderlove tenderlove fix protocol checking in sanitization [CVE-2013-1857]
Conflicts:
	actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
	actionpack/test/controller/html-scanner/sanitizer_test.rb
10f0e6f
Commits on Mar 18, 2013
@tenderlove tenderlove Revert "Revert "Switched to newer rdoc and gem package tasks (and the…
…ir requires).""

I can't build the gems without reverting this commit.

This reverts commit dad3109.
af7da4d
@tenderlove tenderlove bumping to 2.3.18 3773c2f
Commits on Apr 04, 2013
@fxn fxn Revert "Revert "Revert "Switched to newer rdoc and gem package tasks …
…(and their requires)."""

We need an old RDoc to be able to generate the API.

This reverts commit af7da4d.
b662deb
@fxn fxn enforces rake 0.8.0 in the Rakefile 3229a51
@fxn fxn removes the obsolete task pdoc c1def53
@fxn fxn typo 08d83a9
Commits on Apr 09, 2013
@tenderlove tenderlove Merge branch '2-3-later' into 2-3-stable
* 2-3-later:
  adding test for CVE
4d47885
Commits on Apr 22, 2013
@fxn fxn allow the branch to be managed with a modern rake 89322cd
Showing with 275 additions and 247 deletions.
  1. +59 −59 Rakefile
  2. +22 −24 actionmailer/Rakefile
  3. +2 −2 actionmailer/actionmailer.gemspec
  4. +1 −1  actionmailer/lib/action_mailer/version.rb
  5. +25 −26 actionpack/Rakefile
  6. +2 −2 actionpack/actionpack.gemspec
  7. +8 −8 actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
  8. +1 −1  actionpack/lib/action_pack/version.rb
  9. +19 −0 actionpack/test/controller/html-scanner/sanitizer_test.rb
  10. +13 −10 activemodel/Rakefile
  11. +22 −24 activerecord/Rakefile
  12. +2 −2 activerecord/activerecord.gemspec
  13. +1 −1  activerecord/lib/active_record/base.rb
  14. +1 −1  activerecord/lib/active_record/reflection.rb
  15. +1 −1  activerecord/lib/active_record/version.rb
  16. +12 −0 activerecord/test/cases/base_test.rb
  17. +21 −23 activeresource/Rakefile
  18. +2 −2 activeresource/activeresource.gemspec
  19. +1 −1  activeresource/lib/active_resource/version.rb
  20. +20 −22 activesupport/Rakefile
  21. +1 −1  activesupport/activesupport.gemspec
  22. +5 −0 activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
  23. +1 −1  activesupport/lib/active_support/version.rb
  24. +26 −28 railties/Rakefile
  25. +1 −1  railties/lib/rails/version.rb
  26. +6 −6 railties/railties.gemspec
View
118 Rakefile
@@ -1,5 +1,4 @@
require 'rake'
-require 'rdoc/task'
env = %(PKG_BUILD="#{ENV['PKG_BUILD']}") if ENV['PKG_BUILD']
@@ -16,68 +15,69 @@ task :default => :test
desc "Run #{task_name} task for all projects"
task task_name do
PROJECTS.each do |project|
- system %(cd #{project} && #{env} #{$0} #{task_name})
+ system %(cd #{project} && #{env} rake _#{RAKEVERSION}_ #{task_name})
end
end
end
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # In order to generate the API please install Ruby 1.8.7 and rake 0.8.0. Then:
+ #
+ # rake _0.8.0_ task_name
+ #
+ # Reason is the Jamis template used for the API needs RDoc 1.x. Recent rake libs
+ # do not provide rake/rdoctask, and RDoc 1.x provides no alternative task. This
+ # is easy to setup with a Ruby version manager.
+ desc "Generate documentation for the Rails framework"
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc/rdoc'
+ rdoc.title = "Ruby on Rails Documentation"
+ rdoc.main = "railties/README"
+
+ rdoc.options << '--line-numbers' << '--inline-source'
+ rdoc.options << '-A cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.options << '--main' << 'railties/README'
+
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : './doc/template/horo'
+
+ rdoc.rdoc_files.include('railties/CHANGELOG')
+ rdoc.rdoc_files.include('railties/MIT-LICENSE')
+ rdoc.rdoc_files.include('railties/README')
+ rdoc.rdoc_files.include('railties/lib/{*.rb,commands/*.rb,rails/*.rb,rails_generator/*.rb}')
+
+ rdoc.rdoc_files.include('activerecord/README')
+ rdoc.rdoc_files.include('activerecord/CHANGELOG')
+ rdoc.rdoc_files.include('activerecord/lib/active_record/**/*.rb')
+ rdoc.rdoc_files.exclude('activerecord/lib/active_record/vendor/*')
+
+ rdoc.rdoc_files.include('activeresource/README')
+ rdoc.rdoc_files.include('activeresource/CHANGELOG')
+ rdoc.rdoc_files.include('activeresource/lib/active_resource.rb')
+ rdoc.rdoc_files.include('activeresource/lib/active_resource/*')
+
+ rdoc.rdoc_files.include('actionpack/README')
+ rdoc.rdoc_files.include('actionpack/CHANGELOG')
+ rdoc.rdoc_files.include('actionpack/lib/action_controller/**/*.rb')
+ rdoc.rdoc_files.include('actionpack/lib/action_view/**/*.rb')
+ rdoc.rdoc_files.exclude('actionpack/lib/action_controller/vendor/*')
+
+ rdoc.rdoc_files.include('actionmailer/README')
+ rdoc.rdoc_files.include('actionmailer/CHANGELOG')
+ rdoc.rdoc_files.include('actionmailer/lib/action_mailer/base.rb')
+ rdoc.rdoc_files.exclude('actionmailer/lib/action_mailer/vendor/*')
+
+ rdoc.rdoc_files.include('activesupport/README')
+ rdoc.rdoc_files.include('activesupport/CHANGELOG')
+ rdoc.rdoc_files.include('activesupport/lib/active_support/**/*.rb')
+ rdoc.rdoc_files.exclude('activesupport/lib/active_support/vendor/*')
+ end
-desc "Generate documentation for the Rails framework"
-RDoc::Task.new do |rdoc|
- rdoc.rdoc_dir = 'doc/rdoc'
- rdoc.title = "Ruby on Rails Documentation"
- rdoc.main = "railties/README"
-
- rdoc.options << '--line-numbers' << '--inline-source'
- rdoc.options << '-A cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.options << '--main' << 'railties/README'
-
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : './doc/template/horo'
-
- rdoc.rdoc_files.include('railties/CHANGELOG')
- rdoc.rdoc_files.include('railties/MIT-LICENSE')
- rdoc.rdoc_files.include('railties/README')
- rdoc.rdoc_files.include('railties/lib/{*.rb,commands/*.rb,rails/*.rb,rails_generator/*.rb}')
-
- rdoc.rdoc_files.include('activerecord/README')
- rdoc.rdoc_files.include('activerecord/CHANGELOG')
- rdoc.rdoc_files.include('activerecord/lib/active_record/**/*.rb')
- rdoc.rdoc_files.exclude('activerecord/lib/active_record/vendor/*')
-
- rdoc.rdoc_files.include('activeresource/README')
- rdoc.rdoc_files.include('activeresource/CHANGELOG')
- rdoc.rdoc_files.include('activeresource/lib/active_resource.rb')
- rdoc.rdoc_files.include('activeresource/lib/active_resource/*')
-
- rdoc.rdoc_files.include('actionpack/README')
- rdoc.rdoc_files.include('actionpack/CHANGELOG')
- rdoc.rdoc_files.include('actionpack/lib/action_controller/**/*.rb')
- rdoc.rdoc_files.include('actionpack/lib/action_view/**/*.rb')
- rdoc.rdoc_files.exclude('actionpack/lib/action_controller/vendor/*')
-
- rdoc.rdoc_files.include('actionmailer/README')
- rdoc.rdoc_files.include('actionmailer/CHANGELOG')
- rdoc.rdoc_files.include('actionmailer/lib/action_mailer/base.rb')
- rdoc.rdoc_files.exclude('actionmailer/lib/action_mailer/vendor/*')
-
- rdoc.rdoc_files.include('activesupport/README')
- rdoc.rdoc_files.include('activesupport/CHANGELOG')
- rdoc.rdoc_files.include('activesupport/lib/active_support/**/*.rb')
- rdoc.rdoc_files.exclude('activesupport/lib/active_support/vendor/*')
-end
-
-# Enhance rdoc task to copy referenced images also
-task :rdoc do
- FileUtils.mkdir_p "doc/rdoc/files/examples/"
- FileUtils.copy "activerecord/examples/associations.png", "doc/rdoc/files/examples/associations.png"
-end
-
-desc "Publish API docs for Rails as a whole and for each component"
-task :pdoc => :rdoc do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/api", "doc/rdoc").upload
- PROJECTS.each do |project|
- system %(cd #{project} && #{env} #{$0} pdoc)
+ # Enhance rdoc task to copy referenced images also
+ task :rdoc do
+ FileUtils.mkdir_p "doc/rdoc/files/examples/"
+ FileUtils.copy "activerecord/examples/associations.png", "doc/rdoc/files/examples/associations.png"
end
end
View
46 actionmailer/Rakefile
@@ -1,9 +1,8 @@
require 'rubygems'
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
require 'rake/packagetask'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'action_mailer', 'version')
PKG_BUILD = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -27,19 +26,21 @@ Rake::TestTask.new { |t|
t.warning = false
}
-
-# Generate the RDoc documentation
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Action Mailer -- Easy email delivery and testing"
- rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'CHANGELOG')
- rdoc.rdoc_files.include('lib/action_mailer.rb')
- rdoc.rdoc_files.include('lib/action_mailer/*.rb')
-}
-
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Generate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Action Mailer -- Easy email delivery and testing"
+ rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'CHANGELOG')
+ rdoc.rdoc_files.include('lib/action_mailer.rb')
+ rdoc.rdoc_files.include('lib/action_mailer/*.rb')
+ end
+end
# Create compressed packages
spec = Gem::Specification.new do |s|
@@ -54,17 +55,20 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.3.17' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.18' + PKG_BUILD)
+ s.has_rdoc = true
s.requirements << 'none'
s.require_path = 'lib'
+ s.autorequire = 'action_mailer'
s.files = [ "Rakefile", "install.rb", "README", "CHANGELOG", "MIT-LICENSE" ]
s.files = s.files + Dir.glob( "lib/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
s.files = s.files + Dir.glob( "test/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
-
-Gem::PackageTask.new(spec) do |p|
+
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
@@ -78,12 +82,6 @@ task :pgem => [:package] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the API documentation"
-task :pdoc => [:rdoc] do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/am", "doc").upload
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
require 'rubyforge'
View
4 actionmailer/actionmailer.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'actionmailer'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Service layer for easy email delivery and testing.'
s.description = 'Makes it trivial to test and deliver emails sent from a single service layer.'
@@ -10,5 +10,5 @@ Gem::Specification.new do |s|
s.require_path = 'lib'
- s.add_dependency 'actionpack', '= 2.3.17'
+ s.add_dependency 'actionpack', '= 2.3.18'
end
View
2  actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
51 actionpack/Rakefile
@@ -1,9 +1,8 @@
require 'rubygems'
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
require 'rake/packagetask'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'action_pack', 'version')
PKG_BUILD = ENV['PKG_BUILD'] ? '.' + ENV['PKG_BUILD'] : ''
@@ -43,23 +42,26 @@ Rake::TestTask.new(:test_active_record_integration) do |t|
end
-# Genereate the RDoc documentation
-
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Action Pack -- On rails from request to response"
- rdoc.options << '--line-numbers' << '--inline-source'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- if ENV['DOC_FILES']
- rdoc.rdoc_files.include(ENV['DOC_FILES'].split(/,\s*/))
- else
- rdoc.rdoc_files.include('README', 'RUNNING_UNIT_TESTS', 'CHANGELOG')
- rdoc.rdoc_files.include(Dir['lib/**/*.rb'] -
- Dir['lib/*/vendor/**/*.rb'])
- rdoc.rdoc_files.exclude('lib/actionpack.rb')
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Generate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Action Pack -- On rails from request to response"
+ rdoc.options << '--line-numbers' << '--inline-source'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ if ENV['DOC_FILES']
+ rdoc.rdoc_files.include(ENV['DOC_FILES'].split(/,\s*/))
+ else
+ rdoc.rdoc_files.include('README', 'RUNNING_UNIT_TESTS', 'CHANGELOG')
+ rdoc.rdoc_files.include(Dir['lib/**/*.rb'] -
+ Dir['lib/*/vendor/**/*.rb'])
+ rdoc.rdoc_files.exclude('lib/actionpack.rb')
+ end
end
-}
+end
# Create compressed packages
dist_dirs = [ "lib", "test" ]
@@ -76,12 +78,14 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionpack"
s.homepage = "http://www.rubyonrails.org"
+ s.has_rdoc = true
s.requirements << 'none'
- s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.18' + PKG_BUILD)
s.add_dependency('rack', '~> 1.1.0')
s.require_path = 'lib'
+ s.autorequire = 'action_controller'
s.files = [ "Rakefile", "install.rb", "README", "RUNNING_UNIT_TESTS", "CHANGELOG", "MIT-LICENSE" ]
dist_dirs.each do |dir|
@@ -89,7 +93,8 @@ spec = Gem::Specification.new do |s|
end
end
-Gem::PackageTask.new(spec) do |p|
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
@@ -139,12 +144,6 @@ task :pgem => [:package] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the API documentation"
-task :pdoc => [:rdoc] do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/ap", "doc").upload
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
require 'rubyforge'
View
4 actionpack/actionpack.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'actionpack'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Web-flow and rendering framework putting the VC in MVC.'
s.description = 'Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn\'t require a browser.'
@@ -10,6 +10,6 @@ Gem::Specification.new do |s|
s.require_path = 'lib'
- s.add_dependency 'activesupport', '= 2.3.17'
+ s.add_dependency 'activesupport', '= 2.3.18'
s.add_dependency 'rack', '~> 1.1.0'
end
View
16 actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
@@ -62,8 +62,8 @@ class WhiteListSanitizer < Sanitizer
# A regular expression of the valid characters used to separate protocols like
# the ':' in 'http://foo.com'
- self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|&#37;)3A/
-
+ self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i
+
# Specifies a Set of HTML attributes that can have URIs.
self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc))
@@ -106,8 +106,8 @@ def sanitize_css(style)
style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
# gauntlet
- if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
- style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
+ if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
+ style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
return ''
end
@@ -117,8 +117,8 @@ def sanitize_css(style)
clean << prop + ': ' + val + ';'
elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
unless val.split().any? do |keyword|
- !allowed_css_keywords.include?(keyword) &&
- keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
+ !allowed_css_keywords.include?(keyword) &&
+ keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
end
clean << prop + ': ' + val + ';'
end
@@ -166,8 +166,8 @@ def process_attributes_for(node, options)
end
def contains_bad_protocols?(attr_name, value)
- uri_attributes.include?(attr_name) &&
- (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first))
+ uri_attributes.include?(attr_name) &&
+ (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip))
end
end
end
View
2  actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
19 actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -169,6 +169,7 @@ def test_should_block_script_tag
%(<IMG SRC="jav&#x0A;ascript:alert('XSS');">),
%(<IMG SRC="jav&#x0D;ascript:alert('XSS');">),
%(<IMG SRC=" &#14; javascript:alert('XSS');">),
+ %(<IMG SRC="javascript&#x3a;alert('XSS');">),
%(<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>)].each_with_index do |img_hack, i|
define_method "test_should_not_fall_for_xss_image_hack_#{i+1}" do
assert_sanitized img_hack, "<img>"
@@ -249,6 +250,11 @@ def test_should_sanitize_div_style_expression
assert_equal '', sanitize_css(raw)
end
+ def test_should_sanitize_across_newlines
+ raw = %(\nwidth:\nexpression(alert('XSS'));\n)
+ assert_equal '', sanitize_css(raw)
+ end
+
def test_should_sanitize_img_vbscript
assert_sanitized %(<img src='vbscript:msgbox("XSS")' />), '<img />'
end
@@ -265,6 +271,19 @@ def test_should_not_mangle_urls_with_ampersand
assert_sanitized %{<a href=\"http://www.domain.com?var1=1&amp;var2=2\">my link</a>}
end
+ def test_should_sanitize_neverending_attribute
+ assert_sanitized "<span class=\"\\", "<span class=\"\\\">"
+ end
+
+ def test_x03a
+ assert_sanitized %(<a href="javascript&#x3a;alert('XSS');">), "<a>"
+ assert_sanitized %(<a href="javascript&#x003a;alert('XSS');">), "<a>"
+ assert_sanitized %(<a href="http&#x3a;//legit">), %(<a href="http://legit">)
+ assert_sanitized %(<a href="javascript&#x3A;alert('XSS');">), "<a>"
+ assert_sanitized %(<a href="javascript&#x003A;alert('XSS');">), "<a>"
+ assert_sanitized %(<a href="http&#x3A;//legit">), %(<a href="http://legit">)
+ end
+
protected
def assert_sanitized(input, expected = nil)
@sanitizer ||= HTML::WhiteListSanitizer.new
View
23 activemodel/Rakefile
@@ -1,7 +1,6 @@
#!/usr/bin/env ruby
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
task :default => :test
@@ -12,13 +11,17 @@ Rake::TestTask.new do |t|
t.warning = true
end
-# Generate the RDoc documentation
-RDoc::Task.new do |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Active Model"
- rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'CHANGES')
- rdoc.rdoc_files.include('lib/**/*.rb')
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Generate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Active Model"
+ rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'CHANGES')
+ rdoc.rdoc_files.include('lib/**/*.rb')
+ end
end
View
46 activerecord/Rakefile
@@ -1,9 +1,8 @@
require 'rubygems'
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
require 'rake/packagetask'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'active_record', 'version')
require File.expand_path(File.dirname(__FILE__)) + "/test/config"
@@ -154,20 +153,22 @@ end
task :build_frontbase_databases => 'frontbase:build_databases'
task :rebuild_frontbase_databases => 'frontbase:rebuild_databases'
-
-# Generate the RDoc documentation
-
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Active Record -- Object-relation mapping put on rails"
- rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'RUNNING_UNIT_TESTS', 'CHANGELOG')
- rdoc.rdoc_files.include('lib/**/*.rb')
- rdoc.rdoc_files.exclude('lib/active_record/vendor/*')
- rdoc.rdoc_files.include('dev-utils/*.rb')
-}
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Generate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Active Record -- Object-relation mapping put on rails"
+ rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'RUNNING_UNIT_TESTS', 'CHANGELOG')
+ rdoc.rdoc_files.include('lib/**/*.rb')
+ rdoc.rdoc_files.exclude('lib/active_record/vendor/*')
+ rdoc.rdoc_files.include('dev-utils/*.rb')
+ end
+end
# Enhance rdoc task to copy referenced images also
task :rdoc do
@@ -192,14 +193,16 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.18' + PKG_BUILD)
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite3"
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite3"
s.require_path = 'lib'
+ s.autorequire = 'active_record'
+ s.has_rdoc = true
s.extra_rdoc_files = %w( README )
s.rdoc_options.concat ['--main', 'README']
@@ -209,7 +212,8 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "activerecord"
end
-Gem::PackageTask.new(spec) do |p|
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
@@ -249,12 +253,6 @@ task :pgem => [:package] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the API documentation"
-task :pdoc => [:rdoc] do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/ar", "doc").upload
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
require 'rubyforge'
View
4 activerecord/activerecord.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'activerecord'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Implements the ActiveRecord pattern for ORM.'
s.description = 'Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.'
@@ -13,5 +13,5 @@ Gem::Specification.new do |s|
s.rdoc_options = ['--main', 'README']
s.extra_rdoc_files = ['README']
- s.add_dependency 'activesupport', '= 2.3.17'
+ s.add_dependency 'activesupport', '= 2.3.18'
end
View
2  activerecord/lib/active_record/base.rb
@@ -2307,7 +2307,7 @@ def aggregate_mapping(reflection)
def expand_hash_conditions_for_aggregates(attrs)
expanded_attrs = {}
attrs.each do |attr, value|
- unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
+ unless (aggregation = reflect_on_aggregation(attr)).nil?
mapping = aggregate_mapping(aggregation)
mapping.each do |field_attr, aggregate_attr|
if mapping.size == 1 && !value.respond_to?(aggregate_attr)
View
2  activerecord/lib/active_record/reflection.rb
@@ -18,7 +18,7 @@ def create_reflection(macro, name, options, active_record)
when :composed_of
reflection = AggregateReflection.new(macro, name, options, active_record)
end
- write_inheritable_hash :reflections, name => reflection
+ write_inheritable_hiwa :reflections, name => reflection
reflection
end
View
2  activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
12 activerecord/test/cases/base_test.rb
@@ -920,6 +920,18 @@ def test_mass_assignment_protection_against_class_attribute_writers
end
end
+ def test_firm_safe_assign
+ firm = Company.new
+
+ assert_raise(ActiveRecord::UnknownAttributeError) do
+ firm.attributes = { "rating=\n" => 5 }
+ end
+ assert_equal 1, firm.rating
+
+ firm.attributes = { "rating(1)\n" => 5 }
+ assert_equal 1, firm.rating
+ end
+
def test_customized_primary_key_remains_protected
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
assert_nil subscriber.id
View
44 activeresource/Rakefile
@@ -1,9 +1,8 @@
require 'rubygems'
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
require 'rake/packagetask'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'active_resource', 'version')
@@ -35,19 +34,21 @@ Rake::TestTask.new { |t|
t.warning = true
}
-
-# Generate the RDoc documentation
-
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Active Resource -- Object-oriented REST services"
- rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'CHANGELOG')
- rdoc.rdoc_files.include('lib/**/*.rb')
- rdoc.rdoc_files.exclude('lib/activeresource.rb')
-}
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Generate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Active Resource -- Object-oriented REST services"
+ rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'CHANGELOG')
+ rdoc.rdoc_files.include('lib/**/*.rb')
+ rdoc.rdoc_files.exclude('lib/activeresource.rb')
+ end
+end
# Create compressed packages
@@ -66,10 +67,12 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.18' + PKG_BUILD)
s.require_path = 'lib'
+ s.autorequire = 'active_resource'
+ s.has_rdoc = true
s.extra_rdoc_files = %w( README )
s.rdoc_options.concat ['--main', 'README']
@@ -79,7 +82,8 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "activeresource"
end
-Gem::PackageTask.new(spec) do |p|
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
@@ -119,12 +123,6 @@ task :pgem => [:package] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the API documentation"
-task :pdoc => [:rdoc] do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/ar", "doc").upload
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
`rubyforge login`
View
4 activeresource/activeresource.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'activeresource'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Think Active Record for web resources.'
s.description = 'Wraps web resources in model classes that can be manipulated through XML over REST.'
@@ -13,5 +13,5 @@ Gem::Specification.new do |s|
s.rdoc_options = ['--main', 'README']
s.extra_rdoc_files = ['README']
- s.add_dependency 'activesupport', '= 2.3.17'
+ s.add_dependency 'activesupport', '= 2.3.18'
end
View
2  activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
42 activesupport/Rakefile
@@ -1,6 +1,5 @@
require 'rake/testtask'
-require 'rdoc/task'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'active_support', 'version')
@@ -25,19 +24,22 @@ Rake::TestTask.new { |t|
# Create compressed packages
dist_dirs = [ "lib", "test"]
-# Genereate the RDoc documentation
-
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Active Support -- Utility classes and standard library extensions from Rails"
- rdoc.options << '--line-numbers' << '--inline-source'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'CHANGELOG')
- rdoc.rdoc_files.include('lib/active_support.rb')
- rdoc.rdoc_files.include('lib/active_support/**/*.rb')
- rdoc.rdoc_files.exclude('lib/active_support/vendor/*')
-}
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ # Genereate the RDoc documentation
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Active Support -- Utility classes and standard library extensions from Rails"
+ rdoc.options << '--line-numbers' << '--inline-source'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'CHANGELOG')
+ rdoc.rdoc_files.include('lib/active_support.rb')
+ rdoc.rdoc_files.include('lib/active_support/**/*.rb')
+ rdoc.rdoc_files.exclude('lib/active_support/vendor/*')
+ end
+end
spec = Gem::Specification.new do |s|
s.platform = Gem::Platform::RUBY
@@ -48,6 +50,7 @@ spec = Gem::Specification.new do |s|
s.files = [ "CHANGELOG", "README" ] + Dir.glob( "lib/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
s.require_path = 'lib'
+ s.has_rdoc = true
s.author = "David Heinemeier Hansson"
s.email = "david@loudthinking.com"
@@ -55,7 +58,8 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "activesupport"
end
-Gem::PackageTask.new(spec) do |p|
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
@@ -68,12 +72,6 @@ task :pgem => [:package] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the API documentation"
-task :pdoc => [:rdoc] do
- require 'rake/contrib/sshpublisher'
- Rake::SshDirPublisher.new("wrath.rubyonrails.org", "public_html/as", "doc").upload
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
require 'rubyforge'
View
2  activesupport/activesupport.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'activesupport'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Support and utility classes used by the Rails framework.'
s.description = 'Utility library which carries commonly used classes and goodies from the Rails framework'
View
5 activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
@@ -109,6 +109,11 @@ def write_inheritable_hash(key, hash)
write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
end
+ def write_inheritable_hiwa(key, hash)
+ write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil?
+ write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
+ end
+
def read_inheritable_attribute(key)
inheritable_attributes[key]
end
View
2  activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
54 railties/Rakefile
@@ -1,7 +1,6 @@
require 'rake'
require 'rake/testtask'
-require 'rdoc/task'
-require 'rubygems/package_task'
+require RAKEVERSION == '0.8.0' ? 'rake/gempackagetask' : 'rubygems/package_task'
require 'date'
require 'rbconfig'
@@ -267,18 +266,22 @@ task :generate_app_doc do
system %{cd #{PKG_DESTINATION}; rake doc:app}
end
-RDoc::Task.new { |rdoc|
- rdoc.rdoc_dir = 'doc'
- rdoc.title = "Railties -- Gluing the Engine to the Rails"
- rdoc.options << '--line-numbers' << '--inline-source' << '--accessor' << 'cattr_accessor=object'
- rdoc.options << '--charset' << 'utf-8'
- rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
- rdoc.rdoc_files.include('README', 'CHANGELOG')
- rdoc.rdoc_files.include('lib/*.rb')
- rdoc.rdoc_files.include('lib/rails/*.rb')
- rdoc.rdoc_files.include('lib/rails_generator/*.rb')
- rdoc.rdoc_files.include('lib/commands/**/*.rb')
-}
+if RAKEVERSION == '0.8.0'
+ require 'rake/rdoctask'
+
+ Rake::RDocTask.new do |rdoc|
+ rdoc.rdoc_dir = 'doc'
+ rdoc.title = "Railties -- Gluing the Engine to the Rails"
+ rdoc.options << '--line-numbers' << '--inline-source' << '--accessor' << 'cattr_accessor=object'
+ rdoc.options << '--charset' << 'utf-8'
+ rdoc.template = ENV['template'] ? "#{ENV['template']}.rb" : '../doc/template/horo'
+ rdoc.rdoc_files.include('README', 'CHANGELOG')
+ rdoc.rdoc_files.include('lib/*.rb')
+ rdoc.rdoc_files.include('lib/rails/*.rb')
+ rdoc.rdoc_files.include('lib/rails_generator/*.rb')
+ rdoc.rdoc_files.include('lib/commands/**/*.rb')
+ end
+end
# Generate GEM ----------------------------------------------------------------------------
@@ -313,18 +316,20 @@ spec = Gem::Specification.new do |s|
EOF
s.add_dependency('rake', '>= 0.8.3')
- s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD)
- s.add_dependency('activerecord', '= 2.3.17' + PKG_BUILD)
- s.add_dependency('actionpack', '= 2.3.17' + PKG_BUILD)
- s.add_dependency('actionmailer', '= 2.3.17' + PKG_BUILD)
- s.add_dependency('activeresource', '= 2.3.17' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.18' + PKG_BUILD)
+ s.add_dependency('activerecord', '= 2.3.18' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.18' + PKG_BUILD)
+ s.add_dependency('actionmailer', '= 2.3.18' + PKG_BUILD)
+ s.add_dependency('activeresource', '= 2.3.18' + PKG_BUILD)
s.rdoc_options << '--exclude' << '.'
+ s.has_rdoc = false
s.files = PKG_FILES
s.require_path = 'lib'
s.bindir = "bin" # Use these for applications.
s.executables = ["rails"]
+ s.default_executable = "rails"
s.author = "David Heinemeier Hansson"
s.email = "david@loudthinking.com"
@@ -332,7 +337,8 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "rails"
end
-Gem::PackageTask.new(spec) do |pkg|
+package_task = RAKEVERSION == '0.8.0' ? Rake::GemPackageTask : Gem::PackageTask
+package_task.new(spec) do |pkg|
pkg.gem_spec = spec
end
@@ -344,14 +350,6 @@ task :pgem => [:gem] do
`ssh gems.rubyonrails.org '/u/sites/gems/gemupdate.sh'`
end
-desc "Publish the guides"
-task :pguides => :generate_guides do
- mkdir_p 'pkg'
- `tar -czf pkg/guides.gz guides/output`
- Rake::SshFilePublisher.new("web.rubyonrails.org", "/u/sites/guides.rubyonrails.org/public", "pkg", "guides.gz").upload
- `ssh web.rubyonrails.org 'cd /u/sites/guides.rubyonrails.org/public/ && tar -xvzf guides.gz && mv guides/output/* . && rm -rf guides*'`
-end
-
desc "Publish the release files to RubyForge."
task :release => [ :package ] do
require 'rake/contrib/rubyforgepublisher'
View
2  railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 17
+ TINY = 18
STRING = [MAJOR, MINOR, TINY].join('.')
end
View
12 railties/railties.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |s|
s.name = 'rails'
- s.version = '2.3.17'
+ s.version = '2.3.18'
s.summary = 'Web-application framework with template engine, control-flow layer, and ORM.'
s.description = "Rails is a framework for building web-application using CGI, FCGI, mod_ruby, or WEBrick\non top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates."
@@ -14,9 +14,9 @@ Gem::Specification.new do |s|
s.rdoc_options = ['--exclude', '.']
s.add_dependency 'rake', '>= 0.8.3'
- s.add_dependency 'activesupport', '= 2.3.17'
- s.add_dependency 'activerecord', '= 2.3.17'
- s.add_dependency 'actionpack', '= 2.3.17'
- s.add_dependency 'actionmailer', '= 2.3.17'
- s.add_dependency 'activeresource', '= 2.3.17'
+ s.add_dependency 'activesupport', '= 2.3.18'
+ s.add_dependency 'activerecord', '= 2.3.18'
+ s.add_dependency 'actionpack', '= 2.3.18'
+ s.add_dependency 'actionmailer', '= 2.3.18'
+ s.add_dependency 'activeresource', '= 2.3.18'
end

Showing you all comments on commits in this comparison.

@clifff

To be super clear, the "fix serialization vulnerability" you mention in the commit is CVE-2013-0277, correct?

@vhladama

Shouldn't this be write_inheritable_hwia (hash with indifferent access) instead of write_inheritable_hiwa ?

@macksmind

I found an interesting side effect. I have some test code that expected Model.reflections.keys to be symbols, and now it uses strings. It wasn't hard to change my code, but I'm guessing I'm not the only one trying to be too clever.

@fxn
Owner

Can't you build the gems with Ruby 1.8.7 and rake 0.8? With this patch the API cannot be built as explained in the reverted commit.

Something went wrong with that request. Please try again.