[DRE-commits] [rails-3.2] 01/03: Imported Upstream version 3.2.19

Antonio Terceiro terceiro at moszumanska.debian.org
Thu Jul 17 17:42:51 UTC 2014


This is an automated email from the git hooks/post-receive script.

terceiro pushed a commit to branch master
in repository rails-3.2.

commit d6f32d7fef598ec67da51e286b19de989e723c9c
Author: Antonio Terceiro <terceiro at debian.org>
Date:   Thu Jul 17 14:38:11 2014 -0300

    Imported Upstream version 3.2.19
---
 RAILS_VERSION                                      |  2 +-
 actionmailer/CHANGELOG.md                          |  5 ++++
 actionmailer/lib/action_mailer/version.rb          |  2 +-
 actionpack/CHANGELOG.md                            | 10 ++++++++
 .../lib/action_controller/metal/force_ssl.rb       |  2 +-
 actionpack/lib/action_pack/version.rb              |  2 +-
 .../lib/action_view/helpers/number_helper.rb       |  8 +++----
 .../lib/action_view/helpers/translation_helper.rb  | 10 +++++++-
 actionpack/lib/action_view/template/resolver.rb    | 28 ++++++++++++++++------
 .../test/template/translation_helper_test.rb       |  6 +++++
 activemodel/CHANGELOG.md                           |  5 ++++
 activemodel/lib/active_model/version.rb            |  2 +-
 activerecord/CHANGELOG.md                          |  9 +++++++
 .../connection_adapters/postgresql_adapter.rb      |  6 ++---
 activerecord/lib/active_record/session_store.rb    |  2 +-
 activerecord/lib/active_record/version.rb          |  2 +-
 .../test/cases/adapters/postgresql/quoting_test.rb |  5 ++++
 activeresource/CHANGELOG.md                        |  5 ++++
 activeresource/lib/active_resource/version.rb      |  2 +-
 activesupport/CHANGELOG.md                         | 10 ++++++++
 activesupport/lib/active_support/railtie.rb        |  7 ++++++
 activesupport/lib/active_support/version.rb        |  2 +-
 railties/CHANGELOG.md                              |  5 ++++
 railties/lib/rails/version.rb                      |  2 +-
 railties/test/application/configuration_test.rb    | 12 ++++++++++
 version.rb                                         |  2 +-
 26 files changed, 127 insertions(+), 26 deletions(-)

diff --git a/RAILS_VERSION b/RAILS_VERSION
index f05489d..100838d 100644
--- a/RAILS_VERSION
+++ b/RAILS_VERSION
@@ -1 +1 @@
-3.2.18
+3.2.19
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
index 94d3f54..d7ed55e 100644
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb
index 8212a9b..f769dca 100644
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 1264e85..15fc0af 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Fix regression when using `ActionView::Helpers::TranslationHelper#translate` with
+    `options[:raise]`.
+
+    This regression was introduced at ec16ba75a5493b9da972eea08bae630eba35b62f.
+
+    *Shota Fukumori (sora_h)*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 *   Only accept actions without File::SEPARATOR in the name.
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
index 7a0ede0..1d0a69b 100644
--- a/actionpack/lib/action_controller/metal/force_ssl.rb
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -22,7 +22,7 @@ module ActionController
       #
       # ==== Options
       # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except<tt>  - The callback should be run for all actions except this action
+      # * <tt>except</tt>  - The callback should be run for all actions except this action
       def force_ssl(options = {})
         host = options.delete(:host)
         before_filter(options) do
diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index ac6d334..3dc00b9 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb
index 91f6043..8ebd7e2 100644
--- a/actionpack/lib/action_view/helpers/number_helper.rb
+++ b/actionpack/lib/action_view/helpers/number_helper.rb
@@ -129,10 +129,10 @@ module ActionView
       #
       #  number_to_currency(-1234567890.50, :negative_format => "(%u%n)")
       #  # => ($1,234,567,890.50)
-      #  number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "")
-      #  # => £1234567890,50
-      #  number_to_currency(1234567890.50, :unit => "£", :separator => ",", :delimiter => "", :format => "%n %u")
-      #  # => 1234567890,50 £
+      #  number_to_currency(1234567890.50, :unit => "R$", :separator => ",", :delimiter => "")
+      #  # => R$1234567890,50
+      #  number_to_currency(1234567890.50, :unit => "R$", :separator => ",", :delimiter => "", :format => "%n %u")
+      #  # => 1234567890,50 R$
       def number_to_currency(number, options = {})
         return unless number
 
diff --git a/actionpack/lib/action_view/helpers/translation_helper.rb b/actionpack/lib/action_view/helpers/translation_helper.rb
index 6ef652d..4654a6f 100644
--- a/actionpack/lib/action_view/helpers/translation_helper.rb
+++ b/actionpack/lib/action_view/helpers/translation_helper.rb
@@ -36,7 +36,13 @@ module ActionView
       def translate(key, options = {})
         # If the user has specified rescue_format then pass it all through, otherwise use
         # raise and do the work ourselves
-        options[:raise] = true unless options.key?(:raise) || options.key?(:rescue_format)
+        if options.key?(:raise) || options.key?(:rescue_format)
+          raise_error = options[:raise] || options[:rescue_format]
+        else
+          raise_error = false
+          options[:raise] = true
+        end
+
         if html_safe_translation_key?(key)
           html_safe_options = options.dup
           options.except(*I18n::RESERVED_KEYS).each do |name, value|
@@ -51,6 +57,8 @@ module ActionView
           I18n.translate(scope_key_by_partial(key), options)
         end
       rescue I18n::MissingTranslationData => e
+        raise e if raise_error
+
         keys = I18n.normalize_keys(e.locale, e.key, e.options[:scope])
         content_tag('span', keys.last.to_s.titleize, :class => 'translation_missing', :title => "translation missing: #{keys.join('.')}")
       end
diff --git a/actionpack/lib/action_view/template/resolver.rb b/actionpack/lib/action_view/template/resolver.rb
index f855ea2..47ea8a3 100644
--- a/actionpack/lib/action_view/template/resolver.rb
+++ b/actionpack/lib/action_view/template/resolver.rb
@@ -120,13 +120,7 @@ module ActionView
     def query(path, details, formats)
       query = build_query(path, details)
 
-      # deals with case-insensitive file systems.
-      sanitizer = Hash.new { |h,dir| h[dir] = Dir["#{dir}/*"] }
-
-      template_paths = Dir[query].reject { |filename|
-        File.directory?(filename) ||
-          !sanitizer[File.dirname(filename)].include?(filename)
-      }
+      template_paths = find_template_paths query
 
       template_paths.map { |template|
         handler, format = extract_handler_and_format(template, formats)
@@ -139,6 +133,26 @@ module ActionView
       }
     end
 
+    if RUBY_VERSION >= '2.2.0'
+      def find_template_paths(query)
+        Dir[query].reject { |filename|
+          File.directory?(filename) ||
+            # deals with case-insensitive file systems.
+            !File.fnmatch(query, filename, File::FNM_EXTGLOB)
+        }
+      end
+    else
+      def find_template_paths(query)
+        # deals with case-insensitive file systems.
+        sanitizer = Hash.new { |h,dir| h[dir] = Dir["#{dir}/*"] }
+
+        Dir[query].reject { |filename|
+          File.directory?(filename) ||
+            !sanitizer[File.dirname(filename)].include?(filename)
+        }
+      end
+    end
+
     # Helper for building query glob string based on resolver's pattern.
     def build_query(path, details)
       query = @pattern.dup
diff --git a/actionpack/test/template/translation_helper_test.rb b/actionpack/test/template/translation_helper_test.rb
index ebf0f89..96580a2 100644
--- a/actionpack/test/template/translation_helper_test.rb
+++ b/actionpack/test/template/translation_helper_test.rb
@@ -52,6 +52,12 @@ class TranslationHelperTest < ActiveSupport::TestCase
     assert_equal false, translate(:"translations.missing", :rescue_format => nil).html_safe?
   end
 
+  def test_raises_missing_translation_message_with_raise_option
+    assert_raise(I18n::MissingTranslationData) do
+      translate(:"translations.missing", :raise => true)
+    end
+  end
+
   def test_i18n_translate_defaults_to_nil_rescue_format
     expected = 'translation missing: en.translations.missing'
     assert_equal expected, I18n.translate(:"translations.missing")
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index fb4bfda..4f2e4e1 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activemodel/lib/active_model/version.rb b/activemodel/lib/active_model/version.rb
index e675c74..3137205 100644
--- a/activemodel/lib/active_model/version.rb
+++ b/activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 6ac368f..0334f44 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,12 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Fix SQL Injection Vulnerability in 'bitstring' quoting.
+
+    Fixes CVE-2014-3482.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index e98337e..3cd65d0 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
           when 'xml'   then "xml '#{quote_string(value)}'"
           when /^bit/
             case value
-            when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-            when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+            when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+            when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
             end
           else
             super
@@ -1160,7 +1160,7 @@ module ActiveRecord
         FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:
 
         def exec_no_cache(sql, binds)
-          @connection.async_exec(sql)
+          @connection.async_exec(sql, [])
         end
 
         def exec_cache(sql, binds)
diff --git a/activerecord/lib/active_record/session_store.rb b/activerecord/lib/active_record/session_store.rb
index 7e8adb7..442a2c4 100644
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -9,7 +9,7 @@ module ActiveRecord
   #
   # The default assumes a +sessions+ tables with columns:
   #   +id+ (numeric primary key),
-  #   +session_id+ (text, or longtext if your session data exceeds 65K), and
+  #   +session_id+ (string, :limit => 255), and
   #   +data+ (text or longtext; careful if your session data exceeds 65KB).
   #
   # The +session_id+ column should always be indexed for speedy lookups.
diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb
index 3dd782a..cc73a14 100644
--- a/activerecord/lib/active_record/version.rb
+++ b/activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 172055f..cfdf16d 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
           assert_equal 'f', @conn.type_cast(false, nil)
           assert_equal 'f', @conn.type_cast(false, c)
         end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end
diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md
index 4a555cf..6450939 100644
--- a/activeresource/CHANGELOG.md
+++ b/activeresource/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb
index dee96b8..5e8910f 100644
--- a/activeresource/lib/active_resource/version.rb
+++ b/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index e22aded..6123be4 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,13 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+*   Make sure Active Support configurations are applied correctly.
+
+    Before this change configuration set using `config.active_support`
+    would not be set.
+
+    *Rafael Mendonça França*
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/activesupport/lib/active_support/railtie.rb b/activesupport/lib/active_support/railtie.rb
index 1638512..65851a0 100644
--- a/activesupport/lib/active_support/railtie.rb
+++ b/activesupport/lib/active_support/railtie.rb
@@ -55,5 +55,12 @@ module ActiveSupport
 
       Time.zone_default = zone_default
     end
+
+    initializer "active_support.set_configs" do |app|
+      app.config.active_support.each do |k, v|
+        k = "#{k}="
+        ActiveSupport.send(k, v) if ActiveSupport.respond_to? k
+      end
+    end
   end
 end
diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb
index 10c9fca..6fdf950 100644
--- a/activesupport/lib/active_support/version.rb
+++ b/activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index ce832d1..0ff661c 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Rails 3.2.19 (Jul 2, 2014) ##
+
+* No changes.
+
+
 ## Rails 3.2.18 (May 6, 2014) ##
 
 * No changes.
diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb
index ec2f546..ef640c9 100644
--- a/railties/lib/rails/version.rb
+++ b/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index eb16713..626dd64 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -454,6 +454,18 @@ module ApplicationTests
       assert ActionView::Resolver.caching?
     end
 
+    test "configure Active Support using config.active_support" do
+      add_to_config <<-RUBY
+        config.active_support.escape_html_entities_in_json = true
+      RUBY
+
+      require 'active_support/json'
+      require "#{app_path}/config/environment"
+
+      assert ActiveSupport.escape_html_entities_in_json
+      assert ActiveSupport::JSON::Encoding.escape_html_entities_in_json
+    end
+
     test "config.action_dispatch.show_exceptions is sent in env" do
       make_basic_app do |app|
         app.config.action_dispatch.show_exceptions = true
diff --git a/version.rb b/version.rb
index ec2f546..ef640c9 100644
--- a/version.rb
+++ b/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 18
+    TINY  = 19
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/rails-3.2.git



More information about the Pkg-ruby-extras-commits mailing list