Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: rails/rails
...
head fork: rails/rails
  • 7 commits
  • 18 files changed
  • 0 commit comments
  • 2 contributors
Commits on Jun 14, 2012
Xavier Noria fxn removes item in the Active Record CHANGELOG
That change to update_attribute was considered
to be too subtle and was reverted in 30ea923
just before Rails 3 shipped. Later we introduced
update_column (Rails 3.1).
666a48a
Aaron Patterson tenderlove adding a test for #6459 28e744d
Commits on Jul 23, 2012
Aaron Patterson tenderlove updating changelog a4b8a7e
Commits on Jul 26, 2012
Aaron Patterson tenderlove * Do not convert digest auth strings to symbols. CVE-2012-3424 eb69ad2
Aaron Patterson tenderlove updating changelog with CVE 140a70a
Aaron Patterson tenderlove updating rails release date 6cf68d7
Aaron Patterson tenderlove bumping to 3.1.7 d314a48
2  RAILS_VERSION
View
@@ -1 +1 @@
-3.1.6
+3.1.7
4 actionmailer/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* No changes.
2  actionmailer/lib/action_mailer/version.rb
View
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
4 actionpack/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* Do not convert digest auth strings to symbols. CVE-2012-3424
+
## Rails 3.1.6 (Jun 12, 2012)
* nil is removed from array parameter values
4 actionpack/lib/action_controller/metal/http_authentication.rb
View
@@ -227,9 +227,9 @@ def decode_credentials_header(request)
end
def decode_credentials(header)
- Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+ HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
key, value = pair.split('=', 2)
- [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
+ [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
end]
end
2  actionpack/lib/action_pack/version.rb
View
@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
10 actionpack/test/controller/routing_test.rb
View
@@ -207,6 +207,16 @@ def test_draw_with_block_arity_one_raises
end
end
+ def test_specific_controller_action_failure
+ @rs.draw do
+ mount lambda {} => "/foo"
+ end
+
+ assert_raises(ActionController::RoutingError) do
+ url_for(@rs, :controller => "omg", :action => "lol")
+ end
+ end
+
def test_default_setup
@rs.draw { match '/:controller(/:action(/:id))' }
assert_equal({:controller => "content", :action => 'index'}, rs.recognize_path("/content"))
4 activemodel/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* No changes.
2  activemodel/lib/active_model/version.rb
View
@@ -2,7 +2,7 @@ module ActiveModel
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
6 activerecord/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* protect against the nesting of hashes changing the
@@ -633,8 +637,6 @@
## Rails 3.0.0 (August 29, 2010) ##
-* Changed update_attribute to not run callbacks and update the record directly in the database *Neeraj Singh*
-
* Add scoping and unscoped as the syntax to replace the old with_scope and with_exclusive_scope *José Valim*
* New rake task, db:migrate:status, displays status of migrations #4947 *Kevin Skoglund*
2  activerecord/lib/active_record/version.rb
View
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
4 activeresource/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* No changes.
2  activeresource/lib/active_resource/version.rb
View
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
4 activesupport/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* No changes.
2  activesupport/lib/active_support/version.rb
View
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
4 railties/CHANGELOG.md
View
@@ -1,3 +1,7 @@
+## Rails 3.1.7 (Jul 26, 2012)
+
+* No changes.
+
## Rails 3.1.6 (Jun 12, 2012)
* No changes.
2  railties/lib/rails/version.rb
View
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
2  version.rb
View
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 1
- TINY = 6
+ TINY = 7
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

No commit comments for this range

Something went wrong with that request. Please try again.