Merge remote-tracking branch 'github/rack-1.x' into 2-3-github

pin to rack ~> 1.1 instead of ~> 1.1.0
Some pretty gnarly bugs and security issues are present in the latest rack 1.1.x release. There are 1.2.x and 1.3.x releases that correct these. This changes the gem dependencies to allow for rack versions > 1.1. At GitHub we're on 1.2.4 (latest 1.2.x release at present) and should have some results from real world testing soon.
2026-01-13 00:28:26 -05:00 · 2011-11-17 12:57:09 -08:00 · 2011-11-17 12:51:32 -08:00
5 changed files with 8 additions and 11 deletions
--- a/actionpack/Rakefile
+++ b/actionpack/Rakefile
@@ -79,7 +79,7 @@ spec = Gem::Specification.new do |s|
  s.requirements << 'none'

  s.add_dependency('activesupport', '= 2.3.14' + PKG_BUILD)
-  s.add_dependency('rack', '~> 1.1.3')
+  s.add_dependency('rack', '~> 1.1')

  s.require_path = 'lib'

--- a/actionpack/lib/action_controller.rb
+++ b/actionpack/lib/action_controller.rb
@@ -31,7 +31,7 @@ rescue LoadError
  end
 end

-gem 'rack', '~> 1.1.3'
+gem 'rack', '~> 1.1'
 require 'rack'
 require 'action_controller/cgi_ext'

--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -225,7 +225,7 @@ module ActionController
        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
        return not_trusted_addrs.first unless not_trusted_addrs.empty?
      end
-      remote_ips = @env['HTTP_X_FORWARDED_FOR'].present? && @env['HTTP_X_FORWARDED_FOR'].split(',')
+      remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')

      if @env.include? 'HTTP_CLIENT_IP'
        if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -20,9 +20,6 @@ class RequestTest < ActiveSupport::TestCase
      'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
    assert_equal '1.2.3.4', request.remote_ip

-    request = stub_request 'HTTP_X_FORWARDED_FOR' => ''
-    assert_nil request.remote_ip
-
    request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
      'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
    assert_equal '3.4.5.6', request.remote_ip
--- a/activerecord/lib/active_record/validations.rb
+++ b/activerecord/lib/active_record/validations.rb
@@ -602,14 +602,14 @@ module ActiveRecord
      # Validates that the specified attribute matches the length restrictions supplied. Only one option can be used at a time:
      #
      #   class Person < ActiveRecord::Base
-      #     validates_length_of :first_name, :maximum => 30
-      #     validates_length_of :last_name, :maximum => 30, :message => "less than %{count} if you don't mind"
+      #     validates_length_of :first_name, :maximum=>30
+      #     validates_length_of :last_name, :maximum=>30, :message=>"less than %{count} if you don't mind"
      #     validates_length_of :fax, :in => 7..32, :allow_nil => true
      #     validates_length_of :phone, :in => 7..32, :allow_blank => true
      #     validates_length_of :user_name, :within => 6..20, :too_long => "pick a shorter name", :too_short => "pick a longer name"
-      #     validates_length_of :zip_code, :minimum => 5, :too_short => "please enter at least %{count} characters"
-      #     validates_length_of :smurf_leader, :is => 4, :message => "papa is spelled with %{count} characters... don't play me"
-      #     validates_length_of :essay, :minimum => 100, :too_short => "Your essay must be at least %{count} words"), :tokenizer => lambda {|str| str.scan(/\w+/) }
+      #     validates_length_of :fav_bra_size, :minimum => 1, :too_short => "please enter at least %{count} character"
+      #     validates_length_of :smurf_leader, :is => 4, :message => "papa is spelled with %{count} characters... don't play me."
+      #     validates_length_of :essay, :minimum => 100, :too_short => "Your essay must be at least %{count} words."), :tokenizer => lambda {|str| str.scan(/\w+/) }
      #   end
      #
      # Configuration options: