actionpack 2.3.15 → 2.3.16
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/Rakefile +2 -2
- data/lib/action_controller.rb +1 -1
- data/lib/action_controller/request.rb +23 -0
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_view/helpers/sanitize_helper.rb +1 -1
- data/test/controller/request/query_string_parsing_test.rb +10 -1
- data/test/template/sanitize_helper_test.rb +2 -2
- metadata +47 -62
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: ee983eb1f4b16d6d88162f14cac1c1f9f56c89ab
|
4
|
+
data.tar.gz: d646cb7cccbb7c02dd398819719cbf26d7ac2bc5
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7e33647ae632cef2c087874e907a89abfb3b1706404d27edf5195dd9846925e5b4bd8110bc7da8c635f6e2f17744760864ab22352836bff93f8ac0b1248752ca
|
7
|
+
data.tar.gz: 0de78e576b8e6443bf6ba392230695a5815dd6151d4526ddd30b9aade8f6ddef16341b514283332567b735299f1946d265bf989845fa2048906b9adde0d1cf2e
|
data/Rakefile
CHANGED
@@ -78,8 +78,8 @@ spec = Gem::Specification.new do |s|
|
|
78
78
|
|
79
79
|
s.requirements << 'none'
|
80
80
|
|
81
|
-
s.add_dependency('activesupport', '= 2.3.
|
82
|
-
s.add_dependency('rack', '~> 1.1.
|
81
|
+
s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD)
|
82
|
+
s.add_dependency('rack', '~> 1.1.0')
|
83
83
|
|
84
84
|
s.require_path = 'lib'
|
85
85
|
|
data/lib/action_controller.rb
CHANGED
@@ -491,5 +491,28 @@ EOM
|
|
491
491
|
value
|
492
492
|
end
|
493
493
|
end
|
494
|
+
protected
|
495
|
+
|
496
|
+
# Remove nils from the params hash
|
497
|
+
def deep_munge(hash)
|
498
|
+
keys = hash.keys.find_all { |k| hash[k] == [nil] }
|
499
|
+
keys.each { |k| hash[k] = nil }
|
500
|
+
|
501
|
+
hash.each_value do |v|
|
502
|
+
case v
|
503
|
+
when Array
|
504
|
+
v.grep(Hash) { |x| deep_munge(x) }
|
505
|
+
v.compact!
|
506
|
+
when Hash
|
507
|
+
deep_munge(v)
|
508
|
+
end
|
509
|
+
end
|
510
|
+
|
511
|
+
hash
|
512
|
+
end
|
513
|
+
|
514
|
+
def parse_query(qs)
|
515
|
+
deep_munge(super)
|
516
|
+
end
|
494
517
|
end
|
495
518
|
end
|
data/lib/action_pack/version.rb
CHANGED
@@ -72,7 +72,7 @@ module ActionView
|
|
72
72
|
# strip_tags("<div id='top-bar'>Welcome to my website!</div>")
|
73
73
|
# # => Welcome to my website!
|
74
74
|
def strip_tags(html)
|
75
|
-
self.class.full_sanitizer.sanitize(html)
|
75
|
+
self.class.full_sanitizer.sanitize(html)
|
76
76
|
end
|
77
77
|
|
78
78
|
# Strips all link tags from +text+ leaving just the link text.
|
@@ -81,7 +81,16 @@ class QueryStringParsingTest < ActionController::IntegrationTest
|
|
81
81
|
end
|
82
82
|
|
83
83
|
test "query string without equal" do
|
84
|
-
assert_parses({
|
84
|
+
assert_parses({"action" => nil}, "action")
|
85
|
+
assert_parses({"action" => {"foo" => nil}}, "action[foo]")
|
86
|
+
assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar]")
|
87
|
+
assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar][]")
|
88
|
+
assert_parses({"action" => {"foo" => nil}}, "action[foo][]")
|
89
|
+
assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]")
|
90
|
+
end
|
91
|
+
|
92
|
+
def test_array_parses_without_nil
|
93
|
+
assert_parses({"action" => ['1']}, "action[]=1&action[]")
|
85
94
|
end
|
86
95
|
|
87
96
|
test "query string with empty key" do
|
@@ -42,9 +42,9 @@ class SanitizeHelperTest < ActionView::TestCase
|
|
42
42
|
[nil, '', ' '].each do |blank|
|
43
43
|
stripped = strip_tags(blank)
|
44
44
|
assert_equal blank, stripped
|
45
|
-
assert stripped.html_safe? unless blank.nil?
|
46
45
|
end
|
47
|
-
|
46
|
+
assert_equal "", strip_tags("<script>")
|
47
|
+
assert_equal "something <img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)"))
|
48
48
|
end
|
49
49
|
|
50
50
|
def test_sanitize_is_marked_safe
|
metadata
CHANGED
@@ -1,59 +1,51 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
segments:
|
6
|
-
- 2
|
7
|
-
- 3
|
8
|
-
- 15
|
9
|
-
version: 2.3.15
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 2.3.16
|
10
5
|
platform: ruby
|
11
|
-
authors:
|
6
|
+
authors:
|
12
7
|
- David Heinemeier Hansson
|
13
8
|
autorequire:
|
14
9
|
bindir: bin
|
15
10
|
cert_chain: []
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
dependencies:
|
20
|
-
- !ruby/object:Gem::Dependency
|
11
|
+
date: 2013-01-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
21
14
|
name: activesupport
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
segments:
|
28
|
-
- 2
|
29
|
-
- 3
|
30
|
-
- 15
|
31
|
-
version: 2.3.15
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.3.16
|
32
20
|
type: :runtime
|
33
|
-
version_requirements: *id001
|
34
|
-
- !ruby/object:Gem::Dependency
|
35
|
-
name: rack
|
36
21
|
prerelease: false
|
37
|
-
|
38
|
-
requirements:
|
39
|
-
- -
|
40
|
-
- !ruby/object:Gem::Version
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.3.16
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rack
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.1.0
|
46
34
|
type: :runtime
|
47
|
-
|
48
|
-
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.1.0
|
41
|
+
description: Eases web-request routing, handling, and response as a half-way front,
|
42
|
+
half-way page controller. Implemented with specific emphasis on enabling easy unit/integration
|
43
|
+
testing that doesn't require a browser.
|
49
44
|
email: david@loudthinking.com
|
50
45
|
executables: []
|
51
|
-
|
52
46
|
extensions: []
|
53
|
-
|
54
47
|
extra_rdoc_files: []
|
55
|
-
|
56
|
-
files:
|
48
|
+
files:
|
57
49
|
- Rakefile
|
58
50
|
- install.rb
|
59
51
|
- README
|
@@ -494,35 +486,28 @@ files:
|
|
494
486
|
- test/template/url_helper_test.rb
|
495
487
|
- test/testing_sandbox.rb
|
496
488
|
- test/view/test_case_test.rb
|
497
|
-
has_rdoc: true
|
498
489
|
homepage: http://www.rubyonrails.org
|
499
490
|
licenses: []
|
500
|
-
|
491
|
+
metadata: {}
|
501
492
|
post_install_message:
|
502
493
|
rdoc_options: []
|
503
|
-
|
504
|
-
require_paths:
|
494
|
+
require_paths:
|
505
495
|
- lib
|
506
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
507
|
-
requirements:
|
496
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
497
|
+
requirements:
|
508
498
|
- - ">="
|
509
|
-
- !ruby/object:Gem::Version
|
510
|
-
|
511
|
-
|
512
|
-
|
513
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
514
|
-
requirements:
|
499
|
+
- !ruby/object:Gem::Version
|
500
|
+
version: '0'
|
501
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
502
|
+
requirements:
|
515
503
|
- - ">="
|
516
|
-
- !ruby/object:Gem::Version
|
517
|
-
|
518
|
-
|
519
|
-
version: "0"
|
520
|
-
requirements:
|
504
|
+
- !ruby/object:Gem::Version
|
505
|
+
version: '0'
|
506
|
+
requirements:
|
521
507
|
- none
|
522
508
|
rubyforge_project: actionpack
|
523
|
-
rubygems_version:
|
509
|
+
rubygems_version: 2.0.0.preview3.1
|
524
510
|
signing_key:
|
525
|
-
specification_version:
|
511
|
+
specification_version: 4
|
526
512
|
summary: Web-flow and rendering framework putting the VC in MVC.
|
527
513
|
test_files: []
|
528
|
-
|