diff --git a/vendor/rails/actionmailer/Rakefile b/vendor/rails/actionmailer/Rakefile
index ba85056e..7e0a0239 100644
--- a/vendor/rails/actionmailer/Rakefile
+++ b/vendor/rails/actionmailer/Rakefile
@@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "actionmailer"
s.homepage = "http://www.rubyonrails.org"
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
s.requirements << 'none'
s.require_path = 'lib'
diff --git a/vendor/rails/actionmailer/lib/action_mailer/version.rb b/vendor/rails/actionmailer/lib/action_mailer/version.rb
index ce0b782e..7627ff22 100644
--- a/vendor/rails/actionmailer/lib/action_mailer/version.rb
+++ b/vendor/rails/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
diff --git a/vendor/rails/actionpack/CHANGELOG b/vendor/rails/actionpack/CHANGELOG
index af6b0be2..3270c72f 100644
--- a/vendor/rails/actionpack/CHANGELOG
+++ b/vendor/rails/actionpack/CHANGELOG
@@ -1935,7 +1935,7 @@ superclass' view_paths. [Rick Olson]
* Update documentation for erb trim syntax. #5651 [matt@mattmargolis.net]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
@@ -2532,7 +2532,7 @@ superclass' view_paths. [Rick Olson]
* Provide support for decimal columns to form helpers. Closes #5672. [Dave Thomas]
-* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com, sebastien@goetzilla.info]
+* Pass :id => nil or :class => nil to error_messages_for to supress that html attribute. #3586 [olivier_ansaldi@yahoo.com]
* Reset @html_document between requests so assert_tag works. #4810 [Jarkko Laine, easleydp@gmail.com]
diff --git a/vendor/rails/actionpack/Rakefile b/vendor/rails/actionpack/Rakefile
index 004ed541..ce4c41aa 100644
--- a/vendor/rails/actionpack/Rakefile
+++ b/vendor/rails/actionpack/Rakefile
@@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s|
s.requirements << 'none'
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.add_dependency('rack', '~> 1.1.0')
s.require_path = 'lib'
diff --git a/vendor/rails/actionpack/lib/action_controller/response.rb b/vendor/rails/actionpack/lib/action_controller/response.rb
index 815f749e..ff1702e8 100644
--- a/vendor/rails/actionpack/lib/action_controller/response.rb
+++ b/vendor/rails/actionpack/lib/action_controller/response.rb
@@ -64,12 +64,13 @@ module ActionController # :nodoc:
# the character set information will also be included in the content type
# information.
def content_type=(mime_type)
- self.headers["Content-Type"] =
+ new_content_type =
if mime_type =~ /charset/ || (c = charset).nil?
mime_type.to_s
else
"#{mime_type}; charset=#{c}"
end
+ self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
end
# Returns the response's content MIME type, or nil if content type has been set.
diff --git a/vendor/rails/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/vendor/rails/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
index 0cd05d8e..ae24723d 100644
--- a/vendor/rails/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
+++ b/vendor/rails/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -162,7 +162,7 @@ module HTML #:nodoc:
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[^\s!>\/]+/)
name.downcase!
unless closing
diff --git a/vendor/rails/actionpack/lib/action_pack/version.rb b/vendor/rails/actionpack/lib/action_pack/version.rb
index 010bfcb0..330eecb1 100644
--- a/vendor/rails/actionpack/lib/action_pack/version.rb
+++ b/vendor/rails/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
diff --git a/vendor/rails/actionpack/lib/action_view/template_handlers/erb.rb b/vendor/rails/actionpack/lib/action_view/template_handlers/erb.rb
index 41c88f59..a0131e13 100644
--- a/vendor/rails/actionpack/lib/action_view/template_handlers/erb.rb
+++ b/vendor/rails/actionpack/lib/action_view/template_handlers/erb.rb
@@ -15,7 +15,6 @@ module ActionView
erb = "#{magic}<% __in_erb_template=true %>#{template.source}"
if erb.respond_to?(:force_encoding)
- erb.force_encoding(template.source.encoding)
# erb.force_encoding(template.source.encoding)
erb.force_encoding('UTF-8')
end
diff --git a/vendor/rails/actionpack/test/controller/content_type_test.rb b/vendor/rails/actionpack/test/controller/content_type_test.rb
index 32c1757e..852fbfaa 100644
--- a/vendor/rails/actionpack/test/controller/content_type_test.rb
+++ b/vendor/rails/actionpack/test/controller/content_type_test.rb
@@ -46,6 +46,11 @@ class ContentTypeController < ActionController::Base
format.rss { render :text => "hello world!", :content_type => Mime::XML }
end
end
+
+ def render_content_type_from_user_input
+ response.content_type= params[:hello]
+ render :text=>"hello"
+ end
def rescue_action(e) raise end
end
@@ -129,6 +134,11 @@ class ContentTypeTest < ActionController::TestCase
assert_equal Mime::HTML, @response.content_type
assert_equal "utf-8", @response.charset
end
+
+ def test_user_supplied_value
+ get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
+ assert_equal "hello/world%0D%0AAttack: true", @response.content_type
+ end
end
class AcceptBasedContentTypeTest < ActionController::TestCase
diff --git a/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb b/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb
index 19235448..92032514 100644
--- a/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb
+++ b/vendor/rails/actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -5,6 +5,13 @@ class SanitizerTest < ActionController::TestCase
@sanitizer = nil # used by assert_sanitizer
end
+ def test_strip_tags_with_quote
+ sanitizer = HTML::FullSanitizer.new
+ string = '<" 
hi'
+
+ assert_equal ' hi', sanitizer.sanitize(string)
+ end
+
def test_strip_tags
sanitizer = HTML::FullSanitizer.new
assert_equal("<< '"',
+ 'MysqlAdapter' => '`',
+ 'Mysql2Adapter' => '`',
+ 'PostgreSQLAdapter' => '"',
+ 'OracleAdapter' => '"',
+ }.fetch(classname) {
+ raise "need a bad char for #{classname}"
+ }
+
+ quoted = conn.quote_column_name "foo#{badchar}bar"
+ assert_equal("#{badchar}foo#{badchar * 2}bar#{badchar}", quoted)
+ end
+
def test_table_exists
assert !NonExistentTable.table_exists?
assert Topic.table_exists?
diff --git a/vendor/rails/activeresource/Rakefile b/vendor/rails/activeresource/Rakefile
index 3aa276b1..f153513d 100644
--- a/vendor/rails/activeresource/Rakefile
+++ b/vendor/rails/activeresource/Rakefile
@@ -1,9 +1,9 @@
require 'rubygems'
require 'rake'
require 'rake/testtask'
-require 'rake/rdoctask'
+require 'rdoc/task'
require 'rake/packagetask'
-require 'rake/gempackagetask'
+require 'rubygems/package_task'
require File.join(File.dirname(__FILE__), 'lib', 'active_resource', 'version')
@@ -38,7 +38,7 @@ Rake::TestTask.new { |t|
# Generate the RDoc documentation
-Rake::RDocTask.new { |rdoc|
+RDoc::Task.new { |rdoc|
rdoc.rdoc_dir = 'doc'
rdoc.title = "Active Resource -- Object-oriented REST services"
rdoc.options << '--line-numbers' << '--inline-source' << '-A cattr_accessor=object'
@@ -66,12 +66,10 @@ spec = Gem::Specification.new do |s|
s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
end
- s.add_dependency('activesupport', '= 2.3.11' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
s.require_path = 'lib'
- s.autorequire = 'active_resource'
- s.has_rdoc = true
s.extra_rdoc_files = %w( README )
s.rdoc_options.concat ['--main', 'README']
@@ -81,7 +79,7 @@ spec = Gem::Specification.new do |s|
s.rubyforge_project = "activeresource"
end
-Rake::GemPackageTask.new(spec) do |p|
+Gem::PackageTask.new(spec) do |p|
p.gem_spec = spec
p.need_tar = true
p.need_zip = true
diff --git a/vendor/rails/activeresource/lib/active_resource/version.rb b/vendor/rails/activeresource/lib/active_resource/version.rb
index 0e36311c..d8b34f12 100644
--- a/vendor/rails/activeresource/lib/active_resource/version.rb
+++ b/vendor/rails/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 11
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
diff --git a/vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb b/vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 60f9fd25..8e68ab0b 100644
--- a/vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -19,7 +19,7 @@ class ERB
if s.html_safe?
s
else
- s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
+ s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/ 2, :c => 7) do |key, old_value, new_value|
+ new_value + 1
+ end
+
+ assert_equal 0, merged[:a]
+ assert_equal 3, merged[:b]
+ assert_equal 7, merged[:c]
+ end
+
+ def test_merge_bang_with_block
+ hash = ActiveSupport::OrderedHash.new
+ hash[:a] = 0
+ hash[:b] = 0
+ hash.merge!(:a => 1, :c => 7) do |key, old_value, new_value|
+ new_value + 3
+ end
+
+ assert_equal 4, hash[:a]
+ assert_equal 0, hash[:b]
+ assert_equal 7, hash[:c]
+ end
+
def test_shift
pair = @ordered_hash.shift
assert_equal [@keys.first, @values.first], pair
diff --git a/vendor/rails/railties/Rakefile b/vendor/rails/railties/Rakefile
index 01ac7019..c3d8eeb7 100644
--- a/vendor/rails/railties/Rakefile
+++ b/vendor/rails/railties/Rakefile
@@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s|
EOF
s.add_dependency('rake', '>= 0.8.3')
- s.add_dependency('activesupport', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activerecord', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionpack', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('actionmailer', '= 2.3.12' + PKG_BUILD)
- s.add_dependency('activeresource', '= 2.3.12' + PKG_BUILD)
+ s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activerecord', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionpack', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('actionmailer', '= 2.3.14' + PKG_BUILD)
+ s.add_dependency('activeresource', '= 2.3.14' + PKG_BUILD)
s.rdoc_options << '--exclude' << '.'
diff --git a/vendor/rails/railties/lib/rails/version.rb b/vendor/rails/railties/lib/rails/version.rb
index 94df7c10..b89643ff 100644
--- a/vendor/rails/railties/lib/rails/version.rb
+++ b/vendor/rails/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 2
MINOR = 3
- TINY = 12
+ TINY = 14
STRING = [MAJOR, MINOR, TINY].join('.')
end
diff --git a/vendor/rails/railties/lib/tasks/documentation.rake b/vendor/rails/railties/lib/tasks/documentation.rake
index bc7887b7..b3111a5a 100644
--- a/vendor/rails/railties/lib/tasks/documentation.rake
+++ b/vendor/rails/railties/lib/tasks/documentation.rake
@@ -1,3 +1,5 @@
+begin
+ require 'rdoc/task'
namespace :doc do
desc "Generate documentation for the application. Set custom template with TEMPLATE=/path/to/rdoc/template.rb or title with TITLE=\"Custom Title\""
RDoc::Task.new("app") { |rdoc|
@@ -86,3 +88,6 @@ namespace :doc do
end
end
end
+rescue LoadError
+ $stderr.puts 'Please install RDoc 2.4.2+ to generate documentation.'
+end