Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: rails/rails
...
head fork: rails/rails
Checking mergeability… Don't worry, you can still create the pull request.
  • 2 commits
  • 18 files changed
  • 0 commit comments
  • 1 contributor
View
2  RAILS_VERSION
@@ -1 +1 @@
-4.0.7
+4.0.8
View
5 actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
2  actionmailer/lib/action_mailer/version.rb
@@ -1,7 +1,7 @@
module ActionMailer
# Returns the version of the currently loaded ActionMailer as a Gem::Version
def self.version
- Gem::Version.new "4.0.7"
+ Gem::Version.new "4.0.8"
end
module VERSION #:nodoc:
View
5 actionpack/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
2  actionpack/lib/action_pack/version.rb
@@ -1,7 +1,7 @@
module ActionPack
# Returns the version of the currently loaded ActionPack as a Gem::Version
def self.version
- Gem::Version.new "4.0.7"
+ Gem::Version.new "4.0.8"
end
module VERSION #:nodoc:
View
5 activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
2  activemodel/lib/active_model/version.rb
@@ -1,7 +1,7 @@
module ActiveModel
# Returns the version of the currently loaded ActiveModel as a Gem::Version
def self.version
- Gem::Version.new "4.0.7"
+ Gem::Version.new "4.0.8"
end
module VERSION #:nodoc:
View
7 activerecord/CHANGELOG.md
@@ -1,3 +1,10 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+* Fix regression added from the latest security fix.
+
+ *Sean Griffin*, *Matthew Draper*
+
+
## Rails 4.0.7 (July 2, 2014) ##
* Fix SQL Injection Vulnerability in 'range' quoting.
View
2  activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
@@ -24,7 +24,7 @@ def quote(value, column = nil) #:nodoc:
when Range
if /range$/ =~ sql_type
escaped = quote_string(PostgreSQLColumn.range_to_string(value))
- "#{escaped}::#{sql_type}"
+ "'#{escaped}'::#{sql_type}"
else
super
end
View
2  activerecord/lib/active_record/version.rb
@@ -1,7 +1,7 @@
module ActiveRecord
# Returns the version of the currently loaded ActiveRecord as a Gem::Version
def self.version
- Gem::Version.new "4.0.7"
+ Gem::Version.new "4.0.8"
end
module VERSION #:nodoc:
View
2  activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -56,7 +56,7 @@ def test_quote_cast_numeric
def test_quote_range
range = "1,2]'; SELECT * FROM users; --".."a"
c = PostgreSQLColumn.new(nil, nil, OID::Range.new(:integer), 'int8range')
- assert_equal "[1,2]''; SELECT * FROM users; --,a]::int8range", @conn.quote(range, c)
+ assert_equal "'[1,2]''; SELECT * FROM users; --,a]'::int8range", @conn.quote(range, c)
end
end
end
View
26 activerecord/test/cases/adapters/postgresql/range_test.rb
@@ -0,0 +1,26 @@
+require "cases/helper"
+
+if ActiveRecord::Base.connection.supports_ranges?
+ class PostgresqlRange < ActiveRecord::Base
+ self.table_name = "postgresql_ranges"
+ end
+
+ class PostgresqlRangeTest < ActiveRecord::TestCase
+ test "update_all with ranges" do
+ PostgresqlRange.create!
+
+ PostgresqlRange.update_all(int8_range: 1..100)
+
+ assert_equal 1...101, PostgresqlRange.first.int8_range
+ end
+
+ test "ranges correctly escape input" do
+ e = assert_raises(ActiveRecord::StatementInvalid) do
+ range = "1,2]'; SELECT * FROM users; --".."a"
+ PostgresqlRange.update_all(int8_range: range)
+ end
+
+ assert e.message.starts_with?("PG::InvalidTextRepresentation")
+ end
+ end
+end
View
5 activesupport/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
2  activesupport/lib/active_support/version.rb
@@ -1,7 +1,7 @@
module ActiveSupport
# Returns the version of the currently loaded ActiveSupport as a Gem::Version
def self.version
- Gem::Version.new "4.0.7"
+ Gem::Version.new "4.0.8"
end
module VERSION #:nodoc:
View
5 guides/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
5 railties/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 4.0.8 (July 2, 2014) ##
+
+*No changes*
+
+
## Rails 4.0.7 (July 2, 2014) ##
*No changes*
View
2  railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION
MAJOR = 4
MINOR = 0
- TINY = 7
+ TINY = 8
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
View
2  version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION
MAJOR = 4
MINOR = 0
- TINY = 7
+ TINY = 8
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

No commit comments for this range

Something went wrong with that request. Please try again.