Instiki 0.17.2: Security Release

This release upgrades Instiki to Rails 2.3.4, which
patches two security holes in Rails. See

  http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4

There are also some new features, and the usual boatload
of bugfixes. See the CHANGELOG for details.

vendor/rails/activeresource/lib/active_resource/validations.rb

@@ -199,11 +199,10 @@ module ActiveResource
     alias_method :count, :size
     alias_method :length, :size
     
-    # Grabs errors from the XML response.
-    def from_xml(xml)
+    # Grabs errors from an array of messages (like ActiveRecord::Validations)
+    def from_array(messages)
       clear
       humanized_attributes = @base.attributes.keys.inject({}) { |h, attr_name| h.update(attr_name.humanize => attr_name) }
-      messages = Array.wrap(Hash.from_xml(xml)['errors']['error']) rescue []
       messages.each do |message|
         attr_message = humanized_attributes.keys.detect do |attr_name|
           if message[0, attr_name.size + 1] == "#{attr_name} "
@@ -214,6 +213,18 @@ module ActiveResource
         add_to_base message if attr_message.nil?
       end
     end
+
+    # Grabs errors from the json response.
+    def from_json(json)
+      array = ActiveSupport::JSON.decode(json)['errors'] rescue []
+      from_array array
+    end
+
+    # Grabs errors from the XML response.
+    def from_xml(xml)
+      array = Array.wrap(Hash.from_xml(xml)['errors']['error']) rescue []
+      from_array array
+    end
   end
   
   # Module to support validation and errors with Active Resource objects. The module overrides
@@ -248,7 +259,12 @@ module ActiveResource
       save_without_validation
       true
     rescue ResourceInvalid => error
-      errors.from_xml(error.response.body)
+      case error.response['Content-Type']
+      when 'application/xml'
+        errors.from_xml(error.response.body)
+      when 'application/json'
+        errors.from_json(error.response.body)
+      end
       false
     end