actionpack 3.0.18 → 3.0.19

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

@@ -0,0 +1,7 @@
1
+ ---
2
+ !binary "U0hBMQ==":
3
+ metadata.gz: 0a7e9ae651abc0a3754a626d318b31c2b803d595
4
+ data.tar.gz: 73f5d21b129de3cddf43e3f392b79c444ced9996
5
+ !binary "U0hBNTEy":
6
+ metadata.gz: e60a6daeae274813b631e95716981782f699fd2e73e86f89e2a89cfdd6c780f76b5ae809a593895b315a88a4c76304e3b06a8be7c29fd1d4f603c693ab4eabb2
7
+ data.tar.gz: 83a4577c0c9d8fdefa4c5f05e2724462e13d75dcd6f1ef40671a949d9a38139755f72776006794cfe3024176c15062db95e8b8227e0cad92a93dcfbf66806bc9
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ ## Rails 3.0.19
2
+
3
+ * Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
4
+
1
5
  ## Rails 3.0.18
2
6
 
3
7
  ## Rails 3.0.17 (Aug 9, 2012)
@@ -258,18 +258,14 @@ module ActionDispatch
258
258
  LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip }
259
259
  end
260
260
 
261
- protected
262
-
263
261
  # Remove nils from the params hash
264
262
  def deep_munge(hash)
265
- keys = hash.keys.find_all { |k| hash[k] == [nil] }
266
- keys.each { |k| hash[k] = nil }
267
-
268
- hash.each_value do |v|
263
+ hash.each do |k, v|
269
264
  case v
270
265
  when Array
271
266
  v.grep(Hash) { |x| deep_munge(x) }
272
267
  v.compact!
268
+ hash[k] = nil if v.empty?
273
269
  when Hash
274
270
  deep_munge(v)
275
271
  end
@@ -278,6 +274,8 @@ module ActionDispatch
278
274
  hash
279
275
  end
280
276
 
277
+ protected
278
+
281
279
  def parse_query(qs)
282
280
  deep_munge(super)
283
281
  end
@@ -38,13 +38,13 @@ module ActionDispatch
38
38
  when Proc
39
39
  strategy.call(request.raw_post)
40
40
  when :xml_simple, :xml_node
41
- data = Hash.from_xml(request.body.read) || {}
41
+ data = request.deep_munge(Hash.from_xml(request.body.read) || {})
42
42
  request.body.rewind if request.body.respond_to?(:rewind)
43
43
  data.with_indifferent_access
44
44
  when :yaml
45
45
  YAML.load(request.raw_post)
46
46
  when :json
47
- data = ActiveSupport::JSON.decode(request.body)
47
+ data = request.deep_munge ActiveSupport::JSON.decode(request.body)
48
48
  request.body.rewind if request.body.respond_to?(:rewind)
49
49
  data = {:_json => data} unless data.is_a?(Hash)
50
50
  data.with_indifferent_access
@@ -2,7 +2,7 @@ module ActionPack
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
- TINY = 18
5
+ TINY = 19
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,158 +1,139 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.18
5
- prerelease:
4
+ version: 3.0.19
6
5
  platform: ruby
7
6
  authors:
8
7
  - David Heinemeier Hansson
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-12-23 00:00:00.000000000 Z
11
+ date: 2013-01-08 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: activesupport
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
17
  - - '='
20
18
  - !ruby/object:Gem::Version
21
- version: 3.0.18
19
+ version: 3.0.19
22
20
  type: :runtime
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
24
  - - '='
28
25
  - !ruby/object:Gem::Version
29
- version: 3.0.18
26
+ version: 3.0.19
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: activemodel
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
31
  - - '='
36
32
  - !ruby/object:Gem::Version
37
- version: 3.0.18
33
+ version: 3.0.19
38
34
  type: :runtime
39
35
  prerelease: false
40
36
  version_requirements: !ruby/object:Gem::Requirement
41
- none: false
42
37
  requirements:
43
38
  - - '='
44
39
  - !ruby/object:Gem::Version
45
- version: 3.0.18
40
+ version: 3.0.19
46
41
  - !ruby/object:Gem::Dependency
47
42
  name: builder
48
43
  requirement: !ruby/object:Gem::Requirement
49
- none: false
50
44
  requirements:
51
- - - ~>
45
+ - - "~>"
52
46
  - !ruby/object:Gem::Version
53
47
  version: 2.1.2
54
48
  type: :runtime
55
49
  prerelease: false
56
50
  version_requirements: !ruby/object:Gem::Requirement
57
- none: false
58
51
  requirements:
59
- - - ~>
52
+ - - "~>"
60
53
  - !ruby/object:Gem::Version
61
54
  version: 2.1.2
62
55
  - !ruby/object:Gem::Dependency
63
56
  name: i18n
64
57
  requirement: !ruby/object:Gem::Requirement
65
- none: false
66
58
  requirements:
67
- - - ~>
59
+ - - "~>"
68
60
  - !ruby/object:Gem::Version
69
61
  version: 0.5.0
70
62
  type: :runtime
71
63
  prerelease: false
72
64
  version_requirements: !ruby/object:Gem::Requirement
73
- none: false
74
65
  requirements:
75
- - - ~>
66
+ - - "~>"
76
67
  - !ruby/object:Gem::Version
77
68
  version: 0.5.0
78
69
  - !ruby/object:Gem::Dependency
79
70
  name: rack
80
71
  requirement: !ruby/object:Gem::Requirement
81
- none: false
82
72
  requirements:
83
- - - ~>
73
+ - - "~>"
84
74
  - !ruby/object:Gem::Version
85
75
  version: 1.2.5
86
76
  type: :runtime
87
77
  prerelease: false
88
78
  version_requirements: !ruby/object:Gem::Requirement
89
- none: false
90
79
  requirements:
91
- - - ~>
80
+ - - "~>"
92
81
  - !ruby/object:Gem::Version
93
82
  version: 1.2.5
94
83
  - !ruby/object:Gem::Dependency
95
84
  name: rack-test
96
85
  requirement: !ruby/object:Gem::Requirement
97
- none: false
98
86
  requirements:
99
- - - ~>
87
+ - - "~>"
100
88
  - !ruby/object:Gem::Version
101
89
  version: 0.5.7
102
90
  type: :runtime
103
91
  prerelease: false
104
92
  version_requirements: !ruby/object:Gem::Requirement
105
- none: false
106
93
  requirements:
107
- - - ~>
94
+ - - "~>"
108
95
  - !ruby/object:Gem::Version
109
96
  version: 0.5.7
110
97
  - !ruby/object:Gem::Dependency
111
98
  name: rack-mount
112
99
  requirement: !ruby/object:Gem::Requirement
113
- none: false
114
100
  requirements:
115
- - - ~>
101
+ - - "~>"
116
102
  - !ruby/object:Gem::Version
117
103
  version: 0.6.14
118
104
  type: :runtime
119
105
  prerelease: false
120
106
  version_requirements: !ruby/object:Gem::Requirement
121
- none: false
122
107
  requirements:
123
- - - ~>
108
+ - - "~>"
124
109
  - !ruby/object:Gem::Version
125
110
  version: 0.6.14
126
111
  - !ruby/object:Gem::Dependency
127
112
  name: tzinfo
128
113
  requirement: !ruby/object:Gem::Requirement
129
- none: false
130
114
  requirements:
131
- - - ~>
115
+ - - "~>"
132
116
  - !ruby/object:Gem::Version
133
117
  version: 0.3.23
134
118
  type: :runtime
135
119
  prerelease: false
136
120
  version_requirements: !ruby/object:Gem::Requirement
137
- none: false
138
121
  requirements:
139
- - - ~>
122
+ - - "~>"
140
123
  - !ruby/object:Gem::Version
141
124
  version: 0.3.23
142
125
  - !ruby/object:Gem::Dependency
143
126
  name: erubis
144
127
  requirement: !ruby/object:Gem::Requirement
145
- none: false
146
128
  requirements:
147
- - - ~>
129
+ - - "~>"
148
130
  - !ruby/object:Gem::Version
149
131
  version: 2.6.6
150
132
  type: :runtime
151
133
  prerelease: false
152
134
  version_requirements: !ruby/object:Gem::Requirement
153
- none: false
154
135
  requirements:
155
- - - ~>
136
+ - - "~>"
156
137
  - !ruby/object:Gem::Version
157
138
  version: 2.6.6
158
139
  description: Web apps on Rails. Simple, battle-tested conventions for building and
@@ -328,30 +309,26 @@ files:
328
309
  - lib/action_view.rb
329
310
  homepage: http://www.rubyonrails.org
330
311
  licenses: []
312
+ metadata: {}
331
313
  post_install_message:
332
314
  rdoc_options: []
333
315
  require_paths:
334
316
  - lib
335
317
  required_ruby_version: !ruby/object:Gem::Requirement
336
- none: false
337
318
  requirements:
338
- - - ! '>='
319
+ - - ">="
339
320
  - !ruby/object:Gem::Version
340
321
  version: 1.8.7
341
322
  required_rubygems_version: !ruby/object:Gem::Requirement
342
- none: false
343
323
  requirements:
344
- - - ! '>='
324
+ - - ">="
345
325
  - !ruby/object:Gem::Version
346
326
  version: '0'
347
- segments:
348
- - 0
349
- hash: -3360704144752750580
350
327
  requirements:
351
328
  - none
352
329
  rubyforge_project: actionpack
353
- rubygems_version: 1.8.24
330
+ rubygems_version: 2.0.0.preview3
354
331
  signing_key:
355
- specification_version: 3
332
+ specification_version: 4
356
333
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
357
334
  test_files: []