Security: Update to Rails 2.3.14
This commit is contained in:
parent
3c650f2cf6
commit
4b2448b09a
26 changed files with 106 additions and 33 deletions
2
vendor/rails/actionmailer/Rakefile
vendored
2
vendor/rails/actionmailer/Rakefile
vendored
|
@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s|
|
|||
s.rubyforge_project = "actionmailer"
|
||||
s.homepage = "http://www.rubyonrails.org"
|
||||
|
||||
s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
|
||||
|
||||
s.requirements << 'none'
|
||||
s.require_path = 'lib'
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActionMailer
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 12
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
4
vendor/rails/actionpack/CHANGELOG
vendored
4
vendor/rails/actionpack/CHANGELOG
vendored
|
@ -1935,7 +1935,7 @@ superclass' view_paths. [Rick Olson]
|
|||
|
||||
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
|
||||
|
||||
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
|
||||
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
|
||||
|
||||
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
|
||||
|
||||
|
@ -2532,7 +2532,7 @@ superclass' view_paths. [Rick Olson]
|
|||
|
||||
* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
|
||||
|
||||
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
|
||||
* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
|
||||
|
||||
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
|
||||
|
||||
|
|
2
vendor/rails/actionpack/Rakefile
vendored
2
vendor/rails/actionpack/Rakefile
vendored
|
@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s|
|
|||
|
||||
s.requirements << 'none'
|
||||
|
||||
s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
|
||||
s.add_dependency('rack', '~> 1.1.0')
|
||||
|
||||
s.require_path = 'lib'
|
||||
|
|
|
@ -64,12 +64,13 @@ module ActionController # :nodoc:
|
|||
# the character set information will also be included in the content type
|
||||
# information.
|
||||
def content_type=(mime_type)
|
||||
self.headers["Content-Type"] =
|
||||
new_content_type =
|
||||
if mime_type =~ /charset/ || (c = charset).nil?
|
||||
mime_type.to_s
|
||||
else
|
||||
"#{mime_type}; charset=#{c}"
|
||||
end
|
||||
self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
|
||||
end
|
||||
|
||||
# Returns the response's content MIME type, or nil if content type has been set.
|
||||
|
|
|
@ -162,7 +162,7 @@ module HTML #:nodoc:
|
|||
end
|
||||
|
||||
closing = ( scanner.scan(/\//) ? :close : nil )
|
||||
return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
|
||||
return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
|
||||
name.downcase!
|
||||
|
||||
unless closing
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActionPack #:nodoc:
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 12
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
|
@ -15,7 +15,6 @@ module ActionView
|
|||
erb = "#{magic}<% __in_erb_template=true %>#{template.source}"
|
||||
|
||||
if erb.respond_to?(:force_encoding)
|
||||
erb.force_encoding(template.source.encoding)
|
||||
# erb.force_encoding(template.source.encoding)
|
||||
erb.force_encoding('UTF-8')
|
||||
end
|
||||
|
|
|
@ -46,6 +46,11 @@ class ContentTypeController < ActionController::Base
|
|||
format.rss { render :text => "hello world!", :content_type => Mime::XML }
|
||||
end
|
||||
end
|
||||
|
||||
def render_content_type_from_user_input
|
||||
response.content_type= params[:hello]
|
||||
render :text=>"hello"
|
||||
end
|
||||
|
||||
def rescue_action(e) raise end
|
||||
end
|
||||
|
@ -129,6 +134,11 @@ class ContentTypeTest < ActionController::TestCase
|
|||
assert_equal Mime::HTML, @response.content_type
|
||||
assert_equal "utf-8", @response.charset
|
||||
end
|
||||
|
||||
def test_user_supplied_value
|
||||
get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
|
||||
assert_equal "hello/world%0D%0AAttack: true", @response.content_type
|
||||
end
|
||||
end
|
||||
|
||||
class AcceptBasedContentTypeTest < ActionController::TestCase
|
||||
|
|
|
@ -5,6 +5,13 @@ class SanitizerTest < ActionController::TestCase
|
|||
@sanitizer = nil # used by assert_sanitizer
|
||||
end
|
||||
|
||||
def test_strip_tags_with_quote
|
||||
sanitizer = HTML::FullSanitizer.new
|
||||
string = '<" <img src="trollface.gif" onload="alert(1)"> hi'
|
||||
|
||||
assert_equal ' hi', sanitizer.sanitize(string)
|
||||
end
|
||||
|
||||
def test_strip_tags
|
||||
sanitizer = HTML::FullSanitizer.new
|
||||
assert_equal("<<<bad html", sanitizer.sanitize("<<<bad html"))
|
||||
|
|
2
vendor/rails/activerecord/Rakefile
vendored
2
vendor/rails/activerecord/Rakefile
vendored
|
@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
|
|||
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
|
||||
end
|
||||
|
||||
s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
|
||||
|
||||
s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
|
||||
s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
|
||||
|
|
|
@ -238,7 +238,7 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def quote_column_name(name) #:nodoc:
|
||||
@quoted_column_names[name] ||= "`#{name}`"
|
||||
@quoted_column_names[name] ||= "`#{name.to_s.gsub('`', '``')}`"
|
||||
end
|
||||
|
||||
def quote_table_name(name) #:nodoc:
|
||||
|
|
|
@ -162,7 +162,7 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def quote_column_name(name) #:nodoc:
|
||||
%Q("#{name}")
|
||||
%Q("#{name.to_s.gsub('"', '""')}")
|
||||
end
|
||||
|
||||
|
||||
|
|
|
@ -333,7 +333,6 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def generate_message(attribute, message = :invalid, options = {})
|
||||
ActiveSupport::Deprecation.warn("ActiveRecord::Errors#generate_message has been deprecated. Please use ActiveRecord::Error.new().to_s.")
|
||||
Error.new(@base, attribute, message, options).to_s
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActiveRecord
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 12
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
|
@ -79,6 +79,23 @@ end
|
|||
class BasicsTest < ActiveRecord::TestCase
|
||||
fixtures :topics, :companies, :developers, :projects, :computers, :accounts, :minimalistics, 'warehouse-things', :authors, :categorizations, :categories, :posts
|
||||
|
||||
def test_column_names_are_escaped
|
||||
conn = ActiveRecord::Base.connection
|
||||
classname = conn.class.name[/[^:]*$/]
|
||||
badchar = {
|
||||
'SQLite3Adapter' => '"',
|
||||
'MysqlAdapter' => '`',
|
||||
'Mysql2Adapter' => '`',
|
||||
'PostgreSQLAdapter' => '"',
|
||||
'OracleAdapter' => '"',
|
||||
}.fetch(classname) {
|
||||
raise "need a bad char for #{classname}"
|
||||
}
|
||||
|
||||
quoted = conn.quote_column_name "foo#{badchar}bar"
|
||||
assert_equal("#{badchar}foo#{badchar * 2}bar#{badchar}", quoted)
|
||||
end
|
||||
|
||||
def test_table_exists
|
||||
assert !NonExistentTable.table_exists?
|
||||
assert Topic.table_exists?
|
||||
|
|
12
vendor/rails/activeresource/Rakefile
vendored
12
vendor/rails/activeresource/Rakefile
vendored
|
@ -1,9 +1,9 @@
|
|||
require 'rubygems'
|
||||
require 'rake'
|
||||
require 'rake/testtask'
|
||||
require 'rake/rdoctask'
|
||||
require 'rdoc/task'
|
||||
require 'rake/packagetask'
|
||||
require 'rake/gempackagetask'
|
||||
require 'rubygems/package_task'
|
||||
|
||||
require File.join(File.dirname(__FILE__), 'lib', 'active_resource', 'version')
|
||||
|
||||
|
@ -38,7 +38,7 @@ Rake::TestTask.new { |t|
|
|||
|
||||
# Generate the RDoc documentation
|
||||
|
||||
Rake::RDocTask.new { |rdoc|
|
||||
RDoc::Task.new { |rdoc|
|
||||
rdoc.rdoc_dir = 'doc'
|
||||
rdoc.title = "Active Resource -- Object-oriented REST services"
|
||||
rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
|
||||
|
@ -66,12 +66,10 @@ spec = Gem::Specification.new do |s|
|
|||
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
|
||||
end
|
||||
|
||||
s.add_dependency('activesupport', '= 2.3.11' + PKG_BUILD)
|
||||
s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
|
||||
|
||||
s.require_path = 'lib'
|
||||
s.autorequire = 'active_resource'
|
||||
|
||||
s.has_rdoc = true
|
||||
s.extra_rdoc_files = %w( README )
|
||||
s.rdoc_options.concat ['--main', 'README']
|
||||
|
||||
|
@ -81,7 +79,7 @@ spec = Gem::Specification.new do |s|
|
|||
s.rubyforge_project = "activeresource"
|
||||
end
|
||||
|
||||
Rake::GemPackageTask.new(spec) do |p|
|
||||
Gem::PackageTask.new(spec) do |p|
|
||||
p.gem_spec = spec
|
||||
p.need_tar = true
|
||||
p.need_zip = true
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActiveResource
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 11
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
|
@ -19,7 +19,7 @@ class ERB
|
|||
if s.html_safe?
|
||||
s
|
||||
else
|
||||
s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
|
||||
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<").html_safe
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -130,14 +130,18 @@ module ActiveSupport
|
|||
end
|
||||
|
||||
def merge!(other_hash)
|
||||
other_hash.each {|k,v| self[k] = v }
|
||||
if block_given?
|
||||
other_hash.each { |k, v| self[k] = key?(k) ? yield(k, self[k], v) : v }
|
||||
else
|
||||
other_hash.each { |k, v| self[k] = v }
|
||||
end
|
||||
self
|
||||
end
|
||||
|
||||
alias_method :update, :merge!
|
||||
|
||||
def merge(other_hash)
|
||||
dup.merge!(other_hash)
|
||||
def merge(other_hash, &block)
|
||||
dup.merge!(other_hash, &block)
|
||||
end
|
||||
|
||||
# When replacing with another hash, the initial order of our keys must come from the other hash -ordered or not.
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActiveSupport
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 12
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
|
@ -2,10 +2,17 @@
|
|||
require 'date'
|
||||
require 'abstract_unit'
|
||||
require 'inflector_test_cases'
|
||||
require 'active_support/core_ext/string/output_safety'
|
||||
|
||||
class StringInflectionsTest < Test::Unit::TestCase
|
||||
include InflectorTestCases
|
||||
|
||||
def test_erb_escape
|
||||
string = [192, 60].pack('CC')
|
||||
expected = 192.chr + "<"
|
||||
assert_equal expected, ERB::Util.html_escape(string)
|
||||
end
|
||||
|
||||
def test_pluralize
|
||||
SingularToPlural.each do |singular, plural|
|
||||
assert_equal(plural, singular.pluralize)
|
||||
|
|
|
@ -147,6 +147,32 @@ class OrderedHashTest < Test::Unit::TestCase
|
|||
assert_equal @ordered_hash.keys, merged.keys
|
||||
end
|
||||
|
||||
def test_merge_with_block
|
||||
hash = ActiveSupport::OrderedHash.new
|
||||
hash[:a] = 0
|
||||
hash[:b] = 0
|
||||
merged = hash.merge(:b => 2, :c => 7) do |key, old_value, new_value|
|
||||
new_value + 1
|
||||
end
|
||||
|
||||
assert_equal 0, merged[:a]
|
||||
assert_equal 3, merged[:b]
|
||||
assert_equal 7, merged[:c]
|
||||
end
|
||||
|
||||
def test_merge_bang_with_block
|
||||
hash = ActiveSupport::OrderedHash.new
|
||||
hash[:a] = 0
|
||||
hash[:b] = 0
|
||||
hash.merge!(:a => 1, :c => 7) do |key, old_value, new_value|
|
||||
new_value + 3
|
||||
end
|
||||
|
||||
assert_equal 4, hash[:a]
|
||||
assert_equal 0, hash[:b]
|
||||
assert_equal 7, hash[:c]
|
||||
end
|
||||
|
||||
def test_shift
|
||||
pair = @ordered_hash.shift
|
||||
assert_equal [@keys.first, @values.first], pair
|
||||
|
|
10
vendor/rails/railties/Rakefile
vendored
10
vendor/rails/railties/Rakefile
vendored
|
@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s|
|
|||
EOF
|
||||
|
||||
s.add_dependency('rake', '>= 0.8.3')
|
||||
s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('activerecord', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('actionmailer', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('activeresource', '= 2.3.12' + PKG_BUILD)
|
||||
s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
|
||||
s.add_dependency('activerecord', '= 2.3.14' + PKG_BUILD)
|
||||
s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
|
||||
s.add_dependency('actionmailer', '= 2.3.14' + PKG_BUILD)
|
||||
s.add_dependency('activeresource', '= 2.3.14' + PKG_BUILD)
|
||||
|
||||
s.rdoc_options << '--exclude' << '.'
|
||||
|
||||
|
|
2
vendor/rails/railties/lib/rails/version.rb
vendored
2
vendor/rails/railties/lib/rails/version.rb
vendored
|
@ -2,7 +2,7 @@ module Rails
|
|||
module VERSION #:nodoc:
|
||||
MAJOR = 2
|
||||
MINOR = 3
|
||||
TINY = 12
|
||||
TINY = 14
|
||||
|
||||
STRING = [MAJOR, MINOR, TINY].join('.')
|
||||
end
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
begin
|
||||
require 'rdoc/task'
|
||||
namespace :doc do
|
||||
desc "Generate documentation for the application. Set custom template with TEMPLATE=/path/to/rdoc/template.rb or title with TITLE=\"Custom Title\""
|
||||
RDoc::Task.new("app") { |rdoc|
|
||||
|
@ -86,3 +88,6 @@ namespace :doc do
|
|||
end
|
||||
end
|
||||
end
|
||||
rescue LoadError
|
||||
$stderr.puts 'Please install RDoc 2.4.2+ to generate documentation.'
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue