Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: rails/rails
...
head fork: rails/rails
  • 2 commits
  • 20 files changed
  • 0 commit comments
  • 1 contributor
2  RAILS_VERSION
View
@@ -1 +1 @@
-4.1.3
+4.1.4
5 actionmailer/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  actionmailer/lib/action_mailer/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
5 actionpack/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  actionpack/lib/action_pack/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
5 actionview/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  actionview/lib/action_view/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
5 activemodel/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  activemodel/lib/active_model/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
7 activerecord/CHANGELOG.md
View
@@ -1,3 +1,10 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* Fix regression added from the latest security fix.
+
+ *Sean Griffin*, *Matthew Draper*
+
+
## Rails 4.1.3 (July 2, 2014) ##
* Fix SQL Injection Vulnerability in 'range' quoting.
2  activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
View
@@ -24,7 +24,7 @@ def quote(value, column = nil) #:nodoc:
when Range
if /range$/ =~ sql_type
escaped = quote_string(PostgreSQLColumn.range_to_string(value))
- "#{escaped}::#{sql_type}"
+ "'#{escaped}'::#{sql_type}"
else
super
end
2  activerecord/lib/active_record/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
2  activerecord/test/cases/adapters/postgresql/quoting_test.rb
View
@@ -61,7 +61,7 @@ def test_quote_time_usec
def test_quote_range
range = "1,2]'; SELECT * FROM users; --".."a"
c = PostgreSQLColumn.new(nil, nil, OID::Range.new(:integer), 'int8range')
- assert_equal "[1,2]''; SELECT * FROM users; --,a]::int8range", @conn.quote(range, c)
+ assert_equal "'[1,2]''; SELECT * FROM users; --,a]'::int8range", @conn.quote(range, c)
end
end
end
18 activerecord/test/cases/adapters/postgresql/range_test.rb
View
@@ -216,6 +216,24 @@ def test_exclude_beginning_for_date_ranges
assert_equal Date.new(2012, 1, 3)..Date.new(2012, 1, 4), range.date_range
end
+ def test_update_all_with_ranges
+ PostgresqlRange.create!
+
+ PostgresqlRange.update_all(int8_range: 1..100)
+
+ assert_equal 1...101, PostgresqlRange.first.int8_range
+ end
+
+ def test_ranges_correctly_escape_input
+ e = assert_raises(ActiveRecord::StatementInvalid) do
+ range = "1,2]'; SELECT * FROM users; --".."a"
+ PostgresqlRange.update_all(int8_range: range)
+ end
+
+ assert e.message.starts_with?("PG::InvalidTextRepresentation")
+ ActiveRecord::Base.connection.rollback_transaction
+ end
+
private
def assert_equal_round_trip(range, attribute, value)
round_trip(range, attribute, value)
5 activesupport/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  activesupport/lib/active_support/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
5 guides/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
5 railties/CHANGELOG.md
View
@@ -1,3 +1,8 @@
+## Rails 4.1.4 (July 2, 2014) ##
+
+* No changes.
+
+
## Rails 4.1.3 (July 2, 2014) ##
* No changes.
2  railties/lib/rails/gem_version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
2  version.rb
View
@@ -7,7 +7,7 @@ def self.gem_version
module VERSION
MAJOR = 4
MINOR = 1
- TINY = 3
+ TINY = 4
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

No commit comments for this range

Something went wrong with that request. Please try again.