deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Instiki 0.17.2: Security Release

Browse source 
This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See

  http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4

There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.
This commit is contained in:
Jacques Distler 2009-09-05 02:01:46 -05:00
parent 34c4306867
commit 4bdf703ab2
211 changed files with 3959 additions and 1325 deletions
Download patch file Download diff file Expand all files Collapse all files

5
vendor/rails/actionpack/lib/action_controller/http_authentication.rb vendored
View file

@ -139,7 +139,7 @@ module ActionController
end
def decode_credentials(request)
ActiveSupport::Base64.decode64(authorization(request).split.last || '')
ActiveSupport::Base64.decode64(authorization(request).split(' ', 2).last || '')
end
def encode_credentials(user_name, password)
@ -195,9 +195,10 @@ module ActionController
return false unless password
method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
uri = credentials[:uri][0,1] == '/' ? request.request_uri : request.url
[true, false].any? do |password_is_ha1|
expected = expected_response(method, request.env['REQUEST_URI'], credentials, password, password_is_ha1)
expected = expected_response(method, uri, credentials, password, password_is_ha1)
expected == credentials[:response]
end
end