Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-8163: regression fix #39806

Merged
merged 1 commit into from Jul 9, 2020

Conversation

Beuc
Copy link

@Beuc Beuc commented Jul 8, 2020

Summary

Allow again the following non-reserved local names: _ arg args block
Closes: #39301

Other Information

See rationale at #39301 (comment)
Tested notably against redmine 3.4
Includes tests backported from current rails.
ruby -I actionview/lib:actionview/test actionview/test/template/compiled_templates_test.rb

Allow again the following non-reserved local names: _ arg args block
Closes: rails#39301
@Beuc Beuc force-pushed the CVE-2020-8163-regression branch from 9bdb8b8 to 1cd1e6c Compare Jul 8, 2020
@Beuc
Copy link
Author

Beuc commented Jul 8, 2020

(Adjusted syntax so test_template_with_ruby_keyword_locals passes with older Ruby.)

@a17levine
Copy link

a17levine commented Jul 9, 2020

@Beuc this passed in my test suite 💯 , much appreciated!

@rafaelfranca rafaelfranca merged commit 0ecaaf7 into rails:4-2-stable Jul 9, 2020
1 check failed
@a17levine
Copy link

a17levine commented Jul 10, 2020

@rafaelfranca will this replace the 4.2.11.3 build on RubyGems or should I just source from this github branch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants