actionpack 2.3.14 → 2.3.15
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- data/Rakefile +2 -2
- data/lib/action_controller.rb +1 -1
- data/lib/action_controller/request.rb +1 -1
- data/lib/action_pack/version.rb +1 -1
- data/test/controller/request_test.rb +3 -0
- data/test/controller/webservice_test.rb +13 -0
- metadata +11 -18
data/Rakefile
CHANGED
|
@@ -78,8 +78,8 @@ spec = Gem::Specification.new do |s|
|
|
|
78
78
|
|
|
79
79
|
s.requirements << 'none'
|
|
80
80
|
|
|
81
|
-
s.add_dependency('activesupport', '= 2.3.
|
|
82
|
-
s.add_dependency('rack', '~> 1.1.
|
|
81
|
+
s.add_dependency('activesupport', '= 2.3.15' + PKG_BUILD)
|
|
82
|
+
s.add_dependency('rack', '~> 1.1.3')
|
|
83
83
|
|
|
84
84
|
s.require_path = 'lib'
|
|
85
85
|
|
data/lib/action_controller.rb
CHANGED
|
@@ -225,7 +225,7 @@ module ActionController
|
|
|
225
225
|
not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
|
|
226
226
|
return not_trusted_addrs.first unless not_trusted_addrs.empty?
|
|
227
227
|
end
|
|
228
|
-
remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
|
|
228
|
+
remote_ips = @env['HTTP_X_FORWARDED_FOR'].present? && @env['HTTP_X_FORWARDED_FOR'].split(',')
|
|
229
229
|
|
|
230
230
|
if @env.include? 'HTTP_CLIENT_IP'
|
|
231
231
|
if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
|
data/lib/action_pack/version.rb
CHANGED
|
@@ -20,6 +20,9 @@ class RequestTest < ActiveSupport::TestCase
|
|
|
20
20
|
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
|
|
21
21
|
assert_equal '1.2.3.4', request.remote_ip
|
|
22
22
|
|
|
23
|
+
request = stub_request 'HTTP_X_FORWARDED_FOR' => ''
|
|
24
|
+
assert_nil request.remote_ip
|
|
25
|
+
|
|
23
26
|
request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
|
|
24
27
|
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
|
|
25
28
|
assert_equal '3.4.5.6', request.remote_ip
|
|
@@ -121,6 +121,19 @@ class WebServiceTest < ActionController::IntegrationTest
|
|
|
121
121
|
end
|
|
122
122
|
end
|
|
123
123
|
|
|
124
|
+
def test_post_xml_using_a_disallowed_type_attribute
|
|
125
|
+
$stderr = StringIO.new
|
|
126
|
+
with_test_route_set do
|
|
127
|
+
post '/', '<foo type="symbol">value</foo>', 'CONTENT_TYPE' => 'application/xml'
|
|
128
|
+
assert_response 500
|
|
129
|
+
|
|
130
|
+
post '/', '<foo type="yaml">value</foo>', 'CONTENT_TYPE' => 'application/xml'
|
|
131
|
+
assert_response 500
|
|
132
|
+
end
|
|
133
|
+
ensure
|
|
134
|
+
$stderr = STDERR
|
|
135
|
+
end
|
|
136
|
+
|
|
124
137
|
def test_register_and_use_yaml
|
|
125
138
|
with_test_route_set do
|
|
126
139
|
ActionController::Base.param_parsers[Mime::YAML] = Proc.new { |d| YAML.load(d) }
|
metadata
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
5
|
-
prerelease:
|
|
4
|
+
prerelease: false
|
|
6
5
|
segments:
|
|
7
6
|
- 2
|
|
8
7
|
- 3
|
|
9
|
-
-
|
|
10
|
-
version: 2.3.
|
|
8
|
+
- 15
|
|
9
|
+
version: 2.3.15
|
|
11
10
|
platform: ruby
|
|
12
11
|
authors:
|
|
13
12
|
- David Heinemeier Hansson
|
|
@@ -15,38 +14,35 @@ autorequire:
|
|
|
15
14
|
bindir: bin
|
|
16
15
|
cert_chain: []
|
|
17
16
|
|
|
18
|
-
date:
|
|
17
|
+
date: 2013-01-08 00:00:00 -08:00
|
|
18
|
+
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: activesupport
|
|
22
22
|
prerelease: false
|
|
23
23
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
-
none: false
|
|
25
24
|
requirements:
|
|
26
25
|
- - "="
|
|
27
26
|
- !ruby/object:Gem::Version
|
|
28
|
-
hash: 31
|
|
29
27
|
segments:
|
|
30
28
|
- 2
|
|
31
29
|
- 3
|
|
32
|
-
-
|
|
33
|
-
version: 2.3.
|
|
30
|
+
- 15
|
|
31
|
+
version: 2.3.15
|
|
34
32
|
type: :runtime
|
|
35
33
|
version_requirements: *id001
|
|
36
34
|
- !ruby/object:Gem::Dependency
|
|
37
35
|
name: rack
|
|
38
36
|
prerelease: false
|
|
39
37
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
40
|
-
none: false
|
|
41
38
|
requirements:
|
|
42
39
|
- - ~>
|
|
43
40
|
- !ruby/object:Gem::Version
|
|
44
|
-
hash: 19
|
|
45
41
|
segments:
|
|
46
42
|
- 1
|
|
47
43
|
- 1
|
|
48
|
-
-
|
|
49
|
-
version: 1.1.
|
|
44
|
+
- 3
|
|
45
|
+
version: 1.1.3
|
|
50
46
|
type: :runtime
|
|
51
47
|
version_requirements: *id002
|
|
52
48
|
description: Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser.
|
|
@@ -498,6 +494,7 @@ files:
|
|
|
498
494
|
- test/template/url_helper_test.rb
|
|
499
495
|
- test/testing_sandbox.rb
|
|
500
496
|
- test/view/test_case_test.rb
|
|
497
|
+
has_rdoc: true
|
|
501
498
|
homepage: http://www.rubyonrails.org
|
|
502
499
|
licenses: []
|
|
503
500
|
|
|
@@ -507,27 +504,23 @@ rdoc_options: []
|
|
|
507
504
|
require_paths:
|
|
508
505
|
- lib
|
|
509
506
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
510
|
-
none: false
|
|
511
507
|
requirements:
|
|
512
508
|
- - ">="
|
|
513
509
|
- !ruby/object:Gem::Version
|
|
514
|
-
hash: 3
|
|
515
510
|
segments:
|
|
516
511
|
- 0
|
|
517
512
|
version: "0"
|
|
518
513
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
519
|
-
none: false
|
|
520
514
|
requirements:
|
|
521
515
|
- - ">="
|
|
522
516
|
- !ruby/object:Gem::Version
|
|
523
|
-
hash: 3
|
|
524
517
|
segments:
|
|
525
518
|
- 0
|
|
526
519
|
version: "0"
|
|
527
520
|
requirements:
|
|
528
521
|
- none
|
|
529
522
|
rubyforge_project: actionpack
|
|
530
|
-
rubygems_version: 1.
|
|
523
|
+
rubygems_version: 1.3.6
|
|
531
524
|
signing_key:
|
|
532
525
|
specification_version: 3
|
|
533
526
|
summary: Web-flow and rendering framework putting the VC in MVC.
|