github/rails
1
1
Fork 0
mirror of https://github.com/github/rails.git synced 2026-01-11 07:38:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3-2-stable-rel' into 3-2-stable

Browse Source 
* 3-2-stable-rel:
  updating changelogs
  bumping version numbers
  updating changelogs with security fixes
  updating changelogs
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
This commit is contained in:
Aaron Patterson
2012-06-12 14:25:27 -07:00
parent 5dd2cfc8b4 8381d398ce
commit 10cdbbc56b
20 changed files with 58 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
RAILS_VERSION
View File

@@ -1 +1 @@
3.2.5
3.2.6

4
actionmailer/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## Rails 3.2.6 (Jun 12, 2012)
* No changes.
## Rails 3.2.5 (Jun 1, 2012) ##
* No changes.

2
actionmailer/lib/action_mailer/version.rb
View File

@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

6
actionpack/CHANGELOG.md
View File

@@ -1,4 +1,8 @@
## Rails 3.2.6 (unreleased) ##
## Rails 3.2.6 (Jun 12, 2012) ##
* nil is removed from array parameter values
CVE-2012-2694
* Deprecate `:confirm` in favor of `':data => { :confirm => "Text" }'` option for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and `submit_tag` helpers.

6
actionpack/lib/action_dispatch/http/request.rb
View File

@@ -251,17 +251,19 @@ module ActionDispatch
# Remove nils from the params hash
def deep_munge(hash)
keys = hash.keys.find_all { |k| hash[k] == [nil] }
keys.each { |k| hash[k] = nil }
hash.each_value do |v|
case v
when Array
v.grep(Hash) { |x| deep_munge(x) }
v.compact!
when Hash
deep_munge(v)
end
end
keys = hash.keys.find_all { |k| hash[k] == [nil] }
keys.each { |k| hash[k] = nil }
hash
end

2
actionpack/lib/action_pack/version.rb
View File

@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

4
actionpack/test/dispatch/request/query_string_parsing_test.rb
View File

@@ -89,6 +89,10 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]")
end
def test_array_parses_without_nil
assert_parses({"action" => ['1']}, "action[]=1&action[]")
end
test "query string with empty key" do
assert_parses(
{ "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },

4
activemodel/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## Rails 3.2.6 (Jun 12, 2012)
* No changes.
## Rails 3.2.4 (May 31, 2012) ##
* No changes.

2
activemodel/lib/active_model/version.rb
View File

@@ -2,7 +2,7 @@ module ActiveModel
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

8
activerecord/CHANGELOG.md
View File

@@ -1,4 +1,10 @@
## Rails 3.2.6 (unreleased) ##
## Rails 3.2.6 (Jun 12, 2012) ##
* protect against the nesting of hashes changing the
table context in the next call to build_from_hash. This fix
covers this case as well.
CVE-2012-2695
* Revert earlier 'perf fix' (see 3.2.4 changelog / GH #6289). This
change introduced a regression (GH #6609). assoc.clear and

6
activerecord/lib/active_record/relation/predicate_builder.rb
View File

@@ -1,16 +1,16 @@
module ActiveRecord
class PredicateBuilder # :nodoc:
def self.build_from_hash(engine, attributes, default_table, check_column = true)
def self.build_from_hash(engine, attributes, default_table, allow_table_name = true)
predicates = attributes.map do |column, value|
table = default_table
if value.is_a?(Hash)
if allow_table_name && value.is_a?(Hash)
table = Arel::Table.new(column, engine)
build_from_hash(engine, value, table, false)
else
column = column.to_s
if check_column && column.include?('.')
if allow_table_name && column.include?('.')
table_name, column = column.split('.', 2)
table = Arel::Table.new(table_name, engine)
end

2
activerecord/lib/active_record/version.rb
View File

@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

6
activerecord/test/cases/relation/where_test.rb
View File

@@ -11,6 +11,12 @@ module ActiveRecord
end
end
def test_where_error_with_hash
assert_raises(ActiveRecord::StatementInvalid) do
Post.where(:id => { :posts => {:author_id => 10} }).first
end
end
def test_where_with_table_name
post = Post.first
assert_equal post, Post.where(:posts => { 'id' => post.id }).first

4
activeresource/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## Rails 3.2.6 (Jun 12, 2012)
* No changes.
## Rails 3.2.5 (Jun 1, 2012) ##
* No changes.

2
activeresource/lib/active_resource/version.rb
View File

@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

4
activesupport/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## Rails 3.2.6 (Jun 12, 2012)
* No changes.
## Rails 3.2.5 (Jun 1, 2012) ##
* ActiveSupport::JSON::Variable is deprecated. Define your own #as_json and #encode_json methods

2
activesupport/lib/active_support/version.rb
View File

@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

4
railties/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## Rails 3.2.6 (Jun 12, 2012)
* No changes.
## Rails 3.2.4 (May 31, 2012) ##
* Add hook for resource route's generator. *Santiago Pastorino*

2
railties/lib/rails/version.rb
View File

@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

2
version.rb
View File

@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
TINY = 5
TINY = 6
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')