[DRE-commits] [rails-3.2] 01/03: Imported Upstream version 3.2.19
Antonio Terceiro
terceiro at moszumanska.debian.org
Thu Jul 17 17:42:51 UTC 2014
This is an automated email from the git hooks/post-receive script.
terceiro pushed a commit to branch master
in repository rails-3.2.
commit d6f32d7fef598ec67da51e286b19de989e723c9c
Author: Antonio Terceiro <terceiro at debian.org>
Date: Thu Jul 17 14:38:11 2014 -0300
Imported Upstream version 3.2.19
---
RAILS_VERSION | 2 +-
actionmailer/CHANGELOG.md | 5 ++++
actionmailer/lib/action_mailer/version.rb | 2 +-
actionpack/CHANGELOG.md | 10 ++++++++
.../lib/action_controller/metal/force_ssl.rb | 2 +-
actionpack/lib/action_pack/version.rb | 2 +-
.../lib/action_view/helpers/number_helper.rb | 8 +++----
.../lib/action_view/helpers/translation_helper.rb | 10 +++++++-
actionpack/lib/action_view/template/resolver.rb | 28 ++++++++++++++++------
.../test/template/translation_helper_test.rb | 6 +++++
activemodel/CHANGELOG.md | 5 ++++
activemodel/lib/active_model/version.rb | 2 +-
activerecord/CHANGELOG.md | 9 +++++++
.../connection_adapters/postgresql_adapter.rb | 6 ++---
activerecord/lib/active_record/session_store.rb | 2 +-
activerecord/lib/active_record/version.rb | 2 +-
.../test/cases/adapters/postgresql/quoting_test.rb | 5 ++++
activeresource/CHANGELOG.md | 5 ++++
activeresource/lib/active_resource/version.rb | 2 +-
activesupport/CHANGELOG.md | 10 ++++++++
activesupport/lib/active_support/railtie.rb | 7 ++++++
activesupport/lib/active_support/version.rb | 2 +-
railties/CHANGELOG.md | 5 ++++
railties/lib/rails/version.rb | 2 +-
railties/test/application/configuration_test.rb | 12 ++++++++++
version.rb | 2 +-
26 files changed, 127 insertions(+), 26 deletions(-)
diff --git a/RAILS_VERSION b/RAILS_VERSION
index f05489d..100838d 100644
--- a/RAILS_VERSION
+++ b/RAILS_VERSION
@@ -1 +1 @@
-3.2.18
+3.2.19
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
index 94d3f54..d7ed55e 100644
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb
index 8212a9b..f769dca 100644
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1264e85..15fc0af 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
+ `options[:raise]`.
+
+ This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
+
+ *Shota Fukumori (sora_h)*
+
+
## Rails 3.2.18 (May 6, 2014) ##
* Only accept actions without File::SEPARATOR in the name.
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 7a0ede0..1d0a69b 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -22,7 +22,7 @@ module ActionController
#
# ==== Options
# * <tt>only</tt> - The callback should be run only for this action
- # * <tt>except<tt> - The callback should be run for all actions except this action
+ # * <tt>except</tt> - The callback should be run for all actions except this action
def force_ssl(options = {})
host = options.delete(:host)
before_filter(options) do
diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index ac6d334..3dc00b9 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb
index 91f6043..8ebd7e2 100644
--- a/actionpack/lib/action_view/helpers/number_helper.rb
+++ b/actionpack/lib/action_view/helpers/number_helper.rb
@@ -129,10 +129,10 @@ module ActionView
#
# number_to_currency(-1234567890.50, :negative_format => "(%u%n)")
# # => ($1,234,567,890.50)
- # number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "")
- # # => £1234567890,50
- # number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "", :format => "%n %u")
- # # => 1234567890,50 £
+ # number_to_currency(1234567890.50, :unit => "R$", :separator => ",", :delimiter => "")
+ # # => R$1234567890,50
+ # number_to_currency(1234567890.50, :unit => "R$", :separator => ",", :delimiter => "", :format => "%n %u")
+ # # => 1234567890,50 R$
def number_to_currency(number, options = {})
return unless number
diff --git a/actionpack/lib/action_view/helpers/translation_helper.rb b/actionpack/lib/action_view/helpers/translation_helper.rb
index 6ef652d..4654a6f 100644
--- a/actionpack/lib/action_view/helpers/translation_helper.rb
+++ b/actionpack/lib/action_view/helpers/translation_helper.rb
@@ -36,7 +36,13 @@ module ActionView
def translate(key, options = {})
# If the user has specified rescue_format then pass it all through, otherwise use
# raise and do the work ourselves
- options[:raise] = true unless options.key?(:raise) || options.key?(:rescue_format)
+ if options.key?(:raise) || options.key?(:rescue_format)
+ raise_error = options[:raise] || options[:rescue_format]
+ else
+ raise_error = false
+ options[:raise] = true
+ end
+
if html_safe_translation_key?(key)
html_safe_options = options.dup
options.except(*I18n::RESERVED_KEYS).each do |name, value|
@@ -51,6 +57,8 @@ module ActionView
I18n.translate(scope_key_by_partial(key), options)
end
rescue I18n::MissingTranslationData => e
+ raise e if raise_error
+
keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope])
content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}")
end
diff --git a/actionpack/lib/action_view/template/resolver.rb b/actionpack/lib/action_view/template/resolver.rb
index f855ea2..47ea8a3 100644
--- a/actionpack/lib/action_view/template/resolver.rb
+++ b/actionpack/lib/action_view/template/resolver.rb
@@ -120,13 +120,7 @@ module ActionView
def query(path, details, formats)
query = build_query(path, details)
- # deals with case-insensitive file systems.
- sanitizer = Hash.new { |h,dir| h[dir] = Dir["#{dir}/*"] }
-
- template_paths = Dir[query].reject { |filename|
- File.directory?(filename) ||
- !sanitizer[File.dirname(filename)].include?(filename)
- }
+ template_paths = find_template_paths query
template_paths.map { |template|
handler, format = extract_handler_and_format(template, formats)
@@ -139,6 +133,26 @@ module ActionView
}
end
+ if RUBY_VERSION >= '2.2.0'
+ def find_template_paths(query)
+ Dir[query].reject { |filename|
+ File.directory?(filename) ||
+ # deals with case-insensitive file systems.
+ !File.fnmatch(query, filename, File::FNM_EXTGLOB)
+ }
+ end
+ else
+ def find_template_paths(query)
+ # deals with case-insensitive file systems.
+ sanitizer = Hash.new { |h,dir| h[dir] = Dir["#{dir}/*"] }
+
+ Dir[query].reject { |filename|
+ File.directory?(filename) ||
+ !sanitizer[File.dirname(filename)].include?(filename)
+ }
+ end
+ end
+
# Helper for building query glob string based on resolver's pattern.
def build_query(path, details)
query = @pattern.dup
diff --git a/actionpack/test/template/translation_helper_test.rb b/actionpack/test/template/translation_helper_test.rb
index ebf0f89..96580a2 100644
--- a/actionpack/test/template/translation_helper_test.rb
+++ b/actionpack/test/template/translation_helper_test.rb
@@ -52,6 +52,12 @@ class TranslationHelperTest < ActiveSupport::TestCase
assert_equal false, translate(:"translations.missing", :rescue_format => nil).html_safe?
end
+ def test_raises_missing_translation_message_with_raise_option
+ assert_raise(I18n::MissingTranslationData) do
+ translate(:"translations.missing", :raise => true)
+ end
+ end
+
def test_i18n_translate_defaults_to_nil_rescue_format
expected = 'translation missing: en.translations.missing'
assert_equal expected, I18n.translate(:"translations.missing")
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index fb4bfda..4f2e4e1 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/activemodel/lib/active_model/version.rb b/activemodel/lib/active_model/version.rb
index e675c74..3137205 100644
--- a/activemodel/lib/active_model/version.rb
+++ b/activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 6ac368f..0334f44 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,12 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* Fix SQL Injection Vulnerability in 'bitstring' quoting.
+
+ Fixes CVE-2014-3482.
+
+ *Rafael Mendonça França*
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index e98337e..3cd65d0 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
when 'xml' then "xml '#{quote_string(value)}'"
when /^bit/
case value
- when /^[01]*$/ then "B'#{value}'" # Bit-string notation
- when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+ when /\A[01]*\Z/ then "B'#{value}'" # Bit-string notation
+ when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
end
else
super
@@ -1160,7 +1160,7 @@ module ActiveRecord
FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:
def exec_no_cache(sql, binds)
- @connection.async_exec(sql)
+ @connection.async_exec(sql, [])
end
def exec_cache(sql, binds)
diff --git a/activerecord/lib/active_record/session_store.rb b/activerecord/lib/active_record/session_store.rb
index 7e8adb7..442a2c4 100644
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -9,7 +9,7 @@ module ActiveRecord
#
# The default assumes a +sessions+ tables with columns:
# +id+ (numeric primary key),
- # +session_id+ (text, or longtext if your session data exceeds 65K), and
+ # +session_id+ (string, :limit => 255), and
# +data+ (text or longtext; careful if your session data exceeds 65KB).
#
# The +session_id+ column should always be indexed for speedy lookups.
diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb
index 3dd782a..cc73a14 100644
--- a/activerecord/lib/active_record/version.rb
+++ b/activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 172055f..cfdf16d 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
assert_equal 'f', @conn.type_cast(false, nil)
assert_equal 'f', @conn.type_cast(false, c)
end
+
+ def test_quote_bit_string
+ c = PostgreSQLColumn.new(nil, 1, 'bit')
+ assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+ end
end
end
end
diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md
index 4a555cf..6450939 100644
--- a/activeresource/CHANGELOG.md
+++ b/activeresource/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb
index dee96b8..5e8910f 100644
--- a/activeresource/lib/active_resource/version.rb
+++ b/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index e22aded..6123be4 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* Make sure Active Support configurations are applied correctly.
+
+ Before this change configuration set using `config.active_support`
+ would not be set.
+
+ *Rafael Mendonça França*
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/activesupport/lib/active_support/railtie.rb b/activesupport/lib/active_support/railtie.rb
index 1638512..65851a0 100644
--- a/activesupport/lib/active_support/railtie.rb
+++ b/activesupport/lib/active_support/railtie.rb
@@ -55,5 +55,12 @@ module ActiveSupport
Time.zone_default = zone_default
end
+
+ initializer "active_support.set_configs" do |app|
+ app.config.active_support.each do |k, v|
+ k = "#{k}="
+ ActiveSupport.send(k, v) if ActiveSupport.respond_to? k
+ end
+ end
end
end
diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb
index 10c9fca..6fdf950 100644
--- a/activesupport/lib/active_support/version.rb
+++ b/activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index ce832d1..0ff661c 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
## Rails 3.2.18 (May 6, 2014) ##
* No changes.
diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb
index ec2f546..ef640c9 100644
--- a/railties/lib/rails/version.rb
+++ b/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index eb16713..626dd64 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -454,6 +454,18 @@ module ApplicationTests
assert ActionView::Resolver.caching?
end
+ test "configure Active Support using config.active_support" do
+ add_to_config <<-RUBY
+ config.active_support.escape_html_entities_in_json = true
+ RUBY
+
+ require 'active_support/json'
+ require "#{app_path}/config/environment"
+
+ assert ActiveSupport.escape_html_entities_in_json
+ assert ActiveSupport::JSON::Encoding.escape_html_entities_in_json
+ end
+
test "config.action_dispatch.show_exceptions is sent in env" do
make_basic_app do |app|
app.config.action_dispatch.show_exceptions = true
diff --git a/version.rb b/version.rb
index ec2f546..ef640c9 100644
--- a/version.rb
+++ b/version.rb
@@ -2,7 +2,7 @@ module Rails
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 18
+ TINY = 19
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails-3.2.git
More information about the Pkg-ruby-extras-commits
mailing list