actionpack 3.1.11 → 3.1.12

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +1 -1
  3. data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +5 -5
  4. data/lib/action_pack/version.rb +1 -1
  5. metadata +27 -27
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3e37bbcafb1b07b0732f02113ac4d8a0b50dccf9
4
- data.tar.gz: 3741c6f652f01ea438825ce7a8d72874b5183332
3
+ metadata.gz: 2c423d4e0da24d8506d8dfd759d28c201735a2e5
4
+ data.tar.gz: 44e0ab2d57cbeea6b1b18cd7d313665abfa1bf60
5
5
  SHA512:
6
- metadata.gz: e27fb48371aadb9db7d34b68bae46c9b17509695d3387ea55817bfb6007648e3b607f7e0a855c800449d67f1f5e567b99b37921f42c1a177f397d01ddbe21139
7
- data.tar.gz: bf22b6ca891c7b117257330d8277696c37a6e251c24bd09f1ceeb646dbccf19c275d901f74e4afaf63788878bec672052b7c8792f00a692cc0eb3f9c4c121359
6
+ metadata.gz: 77902afcf2aa8a91ba0df275d278f231b5c1b8a77a1535255fbe7683b6d998e4253ead0ee57ec4306008f9a1dfe613d4668c14dcc70e87162e07c6301be6b71d
7
+ data.tar.gz: ddd9a06ad58e592d40fbd82c3a020ee73521174968f1b27b7c236e5dca14a4eb2ef711aa7aa00f1dd843baf0bac49bc6a13005a60c7abfb30d91c9c4bd2373d1
data/CHANGELOG.md CHANGED
@@ -1,4 +1,4 @@
1
- ## Rails 3.1.11 (unreleased)
1
+ ## Rails 3.1.11 (Feb 11, 2011) ##
2
2
 
3
3
  * Fixed JSON params parsing regression for non-object JSON content.
4
4
 
data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb CHANGED
@@ -66,7 +66,7 @@ module HTML
66
66
 
67
67
  # A regular expression of the valid characters used to separate protocols like
68
68
  # the ':' in 'http://foo.com'
69
- self.protocol_separator = /:|(&#0*58)|(&#x70)|(%|%)3A/
69
+ self.protocol_separator = /:|(&#0*58)|(&#x70)|(&#x0*3a)|(%|%)3A/i
70
70
 
71
71
  # Specifies a Set of HTML attributes that can have URIs.
72
72
  self.uri_attributes = Set.new(%w(href src cite action longdesc xlink:href lowsrc))
@@ -110,8 +110,8 @@ module HTML
110
110
  style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
111
111
 
112
112
  # gauntlet
113
- if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
114
- style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
113
+ if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ ||
114
+ style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/
115
115
  return ''
116
116
  end
117
117
 
@@ -122,7 +122,7 @@ module HTML
122
122
  elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
123
123
  unless val.split().any? do |keyword|
124
124
  !allowed_css_keywords.include?(keyword) &&
125
- keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
125
+ keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/
126
126
  end
127
127
  clean << prop + ': ' + val + ';'
128
128
  end
@@ -171,7 +171,7 @@ module HTML
171
171
 
172
172
  def contains_bad_protocols?(attr_name, value)
173
173
  uri_attributes.include?(attr_name) &&
174
- (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(%|&#37;)3A/ && !allowed_protocols.include?(value.split(protocol_separator).first.downcase))
174
+ (value =~ /(^[^\/:]*):|(&#0*58)|(&#x70)|(&#x0*3a)|(%|&#37;)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip))
175
175
  end
176
176
  end
177
177
  end
data/lib/action_pack/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActionPack
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 1
5
- TINY = 11
5
+ TINY = 12
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.11
4
+ version: 3.1.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-02-11 00:00:00.000000000 Z
11
+ date: 2013-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,152 +16,152 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.1.11
19
+ version: 3.1.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.1.11
26
+ version: 3.1.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.1.11
33
+ version: 3.1.12
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.1.11
40
+ version: 3.1.12
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rack-cache
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ~>
46
46
  - !ruby/object:Gem::Version
47
47
  version: '1.2'
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ~>
53
53
  - !ruby/object:Gem::Version
54
54
  version: '1.2'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: builder
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - "~>"
59
+ - - ~>
60
60
  - !ruby/object:Gem::Version
61
61
  version: 3.0.0
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - "~>"
66
+ - - ~>
67
67
  - !ruby/object:Gem::Version
68
68
  version: 3.0.0
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: i18n
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - "~>"
73
+ - - ~>
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0.6'
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - "~>"
80
+ - - ~>
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0.6'
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: rack
85
85
  requirement: !ruby/object:Gem::Requirement
86
86
  requirements:
87
- - - "~>"
87
+ - - ~>
88
88
  - !ruby/object:Gem::Version
89
89
  version: 1.3.6
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
- - - "~>"
94
+ - - ~>
95
95
  - !ruby/object:Gem::Version
96
96
  version: 1.3.6
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: rack-test
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - "~>"
101
+ - - ~>
102
102
  - !ruby/object:Gem::Version
103
103
  version: 0.6.1
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - "~>"
108
+ - - ~>
109
109
  - !ruby/object:Gem::Version
110
110
  version: 0.6.1
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: rack-mount
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - "~>"
115
+ - - ~>
116
116
  - !ruby/object:Gem::Version
117
117
  version: 0.8.2
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - "~>"
122
+ - - ~>
123
123
  - !ruby/object:Gem::Version
124
124
  version: 0.8.2
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: sprockets
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
- - - "~>"
129
+ - - ~>
130
130
  - !ruby/object:Gem::Version
131
131
  version: 2.0.4
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
- - - "~>"
136
+ - - ~>
137
137
  - !ruby/object:Gem::Version
138
138
  version: 2.0.4
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: erubis
141
141
  requirement: !ruby/object:Gem::Requirement
142
142
  requirements:
143
- - - "~>"
143
+ - - ~>
144
144
  - !ruby/object:Gem::Version
145
145
  version: 2.7.0
146
146
  type: :runtime
147
147
  prerelease: false
148
148
  version_requirements: !ruby/object:Gem::Requirement
149
149
  requirements:
150
- - - "~>"
150
+ - - ~>
151
151
  - !ruby/object:Gem::Version
152
152
  version: 2.7.0
153
153
  - !ruby/object:Gem::Dependency
154
154
  name: tzinfo
155
155
  requirement: !ruby/object:Gem::Requirement
156
156
  requirements:
157
- - - "~>"
157
+ - - ~>
158
158
  - !ruby/object:Gem::Version
159
159
  version: 0.3.29
160
160
  type: :development
161
161
  prerelease: false
162
162
  version_requirements: !ruby/object:Gem::Requirement
163
163
  requirements:
164
- - - "~>"
164
+ - - ~>
165
165
  - !ruby/object:Gem::Version
166
166
  version: 0.3.29
167
167
  description: Web apps on Rails. Simple, battle-tested conventions for building and
@@ -368,18 +368,18 @@ require_paths:
368
368
  - lib
369
369
  required_ruby_version: !ruby/object:Gem::Requirement
370
370
  requirements:
371
- - - ">="
371
+ - - '>='
372
372
  - !ruby/object:Gem::Version
373
373
  version: 1.8.7
374
374
  required_rubygems_version: !ruby/object:Gem::Requirement
375
375
  requirements:
376
- - - ">="
376
+ - - '>='
377
377
  - !ruby/object:Gem::Version
378
378
  version: '0'
379
379
  requirements:
380
380
  - none
381
381
  rubyforge_project:
382
- rubygems_version: 2.0.0.rc.2
382
+ rubygems_version: 2.0.2
383
383
  signing_key:
384
384
  specification_version: 4
385
385
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).