actionpack 2.0.4 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/CHANGELOG +5 -0
  2. data/Rakefile +1 -1
  3. data/lib/action_controller/response.rb +2 -2
  4. data/lib/action_pack/version.rb +1 -1
  5. metadata +3 -4
data/CHANGELOG CHANGED
@@ -1,3 +1,8 @@
1
+ *2.0.5* (October 19th, 2008)
2
+
3
+ * Sanitize the URLs passed to redirect_to to prevent a potential response splitting attack [koz]
4
+
5
+
1
6
  *2.0.4* (2nd September 2008)
2
7
 
3
8
  * Avoid remote_ip spoofing. [Brian Candler]
data/Rakefile CHANGED
@@ -77,7 +77,7 @@ spec = Gem::Specification.new do |s|
77
77
  s.has_rdoc = true
78
78
  s.requirements << 'none'
79
79
 
80
- s.add_dependency('activesupport', '= 2.0.4' + PKG_BUILD)
80
+ s.add_dependency('activesupport', '= 2.0.5' + PKG_BUILD)
81
81
 
82
82
  s.require_path = 'lib'
83
83
  s.autorequire = 'action_controller'
data/lib/action_controller/response.rb CHANGED
@@ -30,9 +30,9 @@ module ActionController
30
30
 
31
31
  def redirect(to_url, response_status)
32
32
  self.headers["Status"] = response_status
33
- self.headers["Location"] = to_url
33
+ self.headers["Location"] = to_url.gsub(/[\r\n]/, '')
34
34
 
35
- self.body = "<html><body>You are being <a href=\"#{to_url}\">redirected</a>.</body></html>"
35
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(to_url)}\">redirected</a>.</body></html>"
36
36
  end
37
37
 
38
38
  def prepare!
data/lib/action_pack/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActionPack #:nodoc:
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 2
4
4
  MINOR = 0
5
- TINY = 4
5
+ TINY = 5
6
6
 
7
7
  STRING = [MAJOR, MINOR, TINY].join('.')
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.4
4
+ version: 2.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
@@ -9,7 +9,7 @@ autorequire: action_controller
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-09-03 00:00:00 +02:00
12
+ date: 2008-10-19 00:00:00 +02:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - "="
22
22
  - !ruby/object:Gem::Version
23
- version: 2.0.4
23
+ version: 2.0.5
24
24
  version:
25
25
  description: Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.
26
26
  email: david@loudthinking.com
@@ -305,7 +305,6 @@ files:
305
305
  - test/fixtures/public/javascripts
306
306
  - test/fixtures/public/javascripts/application.js
307
307
  - test/fixtures/public/javascripts/bank.js
308
- - test/fixtures/public/javascripts/cache
309
308
  - test/fixtures/public/javascripts/robber.js
310
309
  - test/fixtures/public/stylesheets
311
310
  - test/fixtures/public/stylesheets/bank.css