actionpack 7.1.4.2 → 7.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/action_controller/metal/http_authentication.rb +2 -2
- data/lib/action_dispatch/routing/inspector.rb +1 -1
- data/lib/action_dispatch/routing/mapper.rb +1 -1
- data/lib/action_dispatch/routing/route_set.rb +1 -1
- data/lib/action_dispatch.rb +4 -0
- data/lib/action_pack/gem_version.rb +2 -2
- metadata +11 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef6ded6ec75402697cbeaf5e35774fc5883ec6dea9a31c9698b28949c0b9547f
|
4
|
+
data.tar.gz: d31034f579dbab96df8449bbe31b449aa6c6d94711ce0f394ed3933bd316546b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 563f1655070799cff368211fbe55ce13d4cd8a5984ca16d9c94df8fb6fec119c644d0a43a3fadf088cf2df019d4c6266a1e36ea4e3de1a82dbdf92f8e100d3c1
|
7
|
+
data.tar.gz: 170f1c5406ee4c8d740d50b63fd74d8c803b3aa4f8a16b69d73355949bb7a9d7835d4118d685050c3dd967cac6933403e1097575ab1d9e4dbfbdce292defe978
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
## Rails 7.1.5 (October 30, 2024) ##
|
2
|
+
|
3
|
+
* No changes.
|
4
|
+
|
5
|
+
|
1
6
|
## Rails 7.1.4.2 (October 23, 2024) ##
|
2
7
|
|
3
8
|
* No changes.
|
@@ -9,10 +14,14 @@
|
|
9
14
|
|
10
15
|
[CVE-2024-47887]
|
11
16
|
|
17
|
+
*John Hawthorn*
|
18
|
+
|
12
19
|
* Avoid regex backtracking in query parameter filtering
|
13
20
|
|
14
21
|
[CVE-2024-41128]
|
15
22
|
|
23
|
+
*John Hawthorn*
|
24
|
+
|
16
25
|
## Rails 7.1.4 (August 22, 2024) ##
|
17
26
|
|
18
27
|
* Resolve deprecation warning in latest `selenium-webdriver`.
|
@@ -207,7 +207,7 @@ module ActionController
|
|
207
207
|
end
|
208
208
|
end
|
209
209
|
|
210
|
-
# Returns
|
210
|
+
# Returns true on a valid response, false otherwise.
|
211
211
|
def authenticate(request, realm, &password_procedure)
|
212
212
|
request.authorization && validate_digest_response(request, realm, &password_procedure)
|
213
213
|
end
|
@@ -425,7 +425,7 @@ module ActionController
|
|
425
425
|
module ControllerMethods
|
426
426
|
# Authenticate using an HTTP Bearer token, or otherwise render an HTTP
|
427
427
|
# header requesting the client to send a Bearer token. For the authentication
|
428
|
-
# to be considered successful, +login_procedure+
|
428
|
+
# to be considered successful, +login_procedure+ must not return a false
|
429
429
|
# value. Typically, the authenticated user is returned.
|
430
430
|
#
|
431
431
|
# See ActionController::HttpAuthentication::Token for example usage.
|
@@ -99,7 +99,7 @@ module ActionDispatch
|
|
99
99
|
{ controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
|
100
100
|
elsif filter[:grep]
|
101
101
|
grep_pattern = Regexp.new(filter[:grep])
|
102
|
-
path =
|
102
|
+
path = RFC2396_PARSER.escape(filter[:grep])
|
103
103
|
normalized_path = ("/" + path).squeeze("/")
|
104
104
|
|
105
105
|
{
|
@@ -2026,7 +2026,7 @@ module ActionDispatch
|
|
2026
2026
|
name_for_action(options.delete(:as), action)
|
2027
2027
|
end
|
2028
2028
|
|
2029
|
-
path = Mapping.normalize_path
|
2029
|
+
path = Mapping.normalize_path RFC2396_PARSER.escape(path), formatted
|
2030
2030
|
ast = Journey::Parser.parse path
|
2031
2031
|
|
2032
2032
|
mapping = Mapping.build(@scope, @set, ast, controller, default_action, to, via, formatted, options_constraints, anchor, options)
|
@@ -903,7 +903,7 @@ module ActionDispatch
|
|
903
903
|
params.each do |key, value|
|
904
904
|
if value.is_a?(String)
|
905
905
|
value = value.dup.force_encoding(Encoding::BINARY)
|
906
|
-
params[key] =
|
906
|
+
params[key] = RFC2396_PARSER.unescape(value)
|
907
907
|
end
|
908
908
|
end
|
909
909
|
req.path_parameters = params
|
data/lib/action_dispatch.rb
CHANGED
@@ -29,6 +29,7 @@ require "active_support/core_ext/module/attribute_accessors"
|
|
29
29
|
|
30
30
|
require "action_pack"
|
31
31
|
require "rack"
|
32
|
+
require "uri"
|
32
33
|
require "action_dispatch/deprecator"
|
33
34
|
|
34
35
|
module Rack # :nodoc:
|
@@ -53,6 +54,9 @@ module ActionDispatch
|
|
53
54
|
message: "ActionDispatch::IllegalStateError is deprecated without replacement.",
|
54
55
|
deprecator: ActionDispatch.deprecator
|
55
56
|
|
57
|
+
RFC2396_PARSER = defined?(URI::RFC2396_PARSER) ? URI::RFC2396_PARSER : URI::RFC2396_Parser.new
|
58
|
+
private_constant :RFC2396_PARSER
|
59
|
+
|
56
60
|
class MissingController < NameError
|
57
61
|
end
|
58
62
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.1.
|
4
|
+
version: 7.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-10-
|
11
|
+
date: 2024-10-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 7.1.
|
19
|
+
version: 7.1.5
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 7.1.
|
26
|
+
version: 7.1.5
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: nokogiri
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -128,28 +128,28 @@ dependencies:
|
|
128
128
|
requirements:
|
129
129
|
- - '='
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: 7.1.
|
131
|
+
version: 7.1.5
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - '='
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: 7.1.
|
138
|
+
version: 7.1.5
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
140
|
name: activemodel
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 7.1.
|
145
|
+
version: 7.1.5
|
146
146
|
type: :development
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 7.1.
|
152
|
+
version: 7.1.5
|
153
153
|
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
154
154
|
testing MVC web applications. Works with any Rack-compatible server.
|
155
155
|
email: david@loudthinking.com
|
@@ -346,10 +346,10 @@ licenses:
|
|
346
346
|
- MIT
|
347
347
|
metadata:
|
348
348
|
bug_tracker_uri: https://github.com/rails/rails/issues
|
349
|
-
changelog_uri: https://github.com/rails/rails/blob/v7.1.
|
350
|
-
documentation_uri: https://api.rubyonrails.org/v7.1.
|
349
|
+
changelog_uri: https://github.com/rails/rails/blob/v7.1.5/actionpack/CHANGELOG.md
|
350
|
+
documentation_uri: https://api.rubyonrails.org/v7.1.5/
|
351
351
|
mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
|
352
|
-
source_code_uri: https://github.com/rails/rails/tree/v7.1.
|
352
|
+
source_code_uri: https://github.com/rails/rails/tree/v7.1.5/actionpack
|
353
353
|
rubygems_mfa_required: 'true'
|
354
354
|
post_install_message:
|
355
355
|
rdoc_options: []
|