actionpack 3.1.5.rc1 → 3.1.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- data/CHANGELOG.md +13 -0
- data/lib/action_dispatch/http/request.rb +22 -0
- data/lib/action_pack/version.rb +1 -1
- metadata +12 -20
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
## Rails 3.1.5 (May 31, 2012) ##
|
|
2
|
+
|
|
3
|
+
* Detect optional glob params when adding non-greedy regexp - closes #4817.
|
|
4
|
+
|
|
5
|
+
* Strip null bytes from Location header
|
|
6
|
+
|
|
7
|
+
* Return the same session data object when setting session id
|
|
8
|
+
|
|
9
|
+
* Avoid inspecting the whole route set, closes #1525
|
|
10
|
+
|
|
11
|
+
* Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
|
|
12
|
+
CVE-2012-2660
|
|
13
|
+
|
|
1
14
|
## Rails 3.1.4 (unreleased) ##
|
|
2
15
|
|
|
3
16
|
* :subdomain can now be specified with a value of false in url_for,
|
|
@@ -267,6 +267,28 @@ module ActionDispatch
|
|
|
267
267
|
LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip }
|
|
268
268
|
end
|
|
269
269
|
|
|
270
|
+
protected
|
|
271
|
+
|
|
272
|
+
# Remove nils from the params hash
|
|
273
|
+
def deep_munge(hash)
|
|
274
|
+
hash.each_value do |v|
|
|
275
|
+
case v
|
|
276
|
+
when Array
|
|
277
|
+
v.grep(Hash) { |x| deep_munge(x) }
|
|
278
|
+
when Hash
|
|
279
|
+
deep_munge(v)
|
|
280
|
+
end
|
|
281
|
+
end
|
|
282
|
+
|
|
283
|
+
keys = hash.keys.find_all { |k| hash[k] == [nil] }
|
|
284
|
+
keys.each { |k| hash[k] = nil }
|
|
285
|
+
hash
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
def parse_query(qs)
|
|
289
|
+
deep_munge(super)
|
|
290
|
+
end
|
|
291
|
+
|
|
270
292
|
private
|
|
271
293
|
|
|
272
294
|
def check_method(name)
|
data/lib/action_pack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,15 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionpack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 9
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 3
|
|
8
8
|
- 1
|
|
9
9
|
- 5
|
|
10
|
-
|
|
11
|
-
- 1
|
|
12
|
-
version: 3.1.5.rc1
|
|
10
|
+
version: 3.1.5
|
|
13
11
|
platform: ruby
|
|
14
12
|
authors:
|
|
15
13
|
- David Heinemeier Hansson
|
|
@@ -17,7 +15,7 @@ autorequire:
|
|
|
17
15
|
bindir: bin
|
|
18
16
|
cert_chain: []
|
|
19
17
|
|
|
20
|
-
date: 2012-05-
|
|
18
|
+
date: 2012-05-31 00:00:00 Z
|
|
21
19
|
dependencies:
|
|
22
20
|
- !ruby/object:Gem::Dependency
|
|
23
21
|
name: activesupport
|
|
@@ -27,14 +25,12 @@ dependencies:
|
|
|
27
25
|
requirements:
|
|
28
26
|
- - "="
|
|
29
27
|
- !ruby/object:Gem::Version
|
|
30
|
-
hash:
|
|
28
|
+
hash: 9
|
|
31
29
|
segments:
|
|
32
30
|
- 3
|
|
33
31
|
- 1
|
|
34
32
|
- 5
|
|
35
|
-
|
|
36
|
-
- 1
|
|
37
|
-
version: 3.1.5.rc1
|
|
33
|
+
version: 3.1.5
|
|
38
34
|
type: :runtime
|
|
39
35
|
version_requirements: *id001
|
|
40
36
|
- !ruby/object:Gem::Dependency
|
|
@@ -45,14 +41,12 @@ dependencies:
|
|
|
45
41
|
requirements:
|
|
46
42
|
- - "="
|
|
47
43
|
- !ruby/object:Gem::Version
|
|
48
|
-
hash:
|
|
44
|
+
hash: 9
|
|
49
45
|
segments:
|
|
50
46
|
- 3
|
|
51
47
|
- 1
|
|
52
48
|
- 5
|
|
53
|
-
|
|
54
|
-
- 1
|
|
55
|
-
version: 3.1.5.rc1
|
|
49
|
+
version: 3.1.5
|
|
56
50
|
type: :runtime
|
|
57
51
|
version_requirements: *id002
|
|
58
52
|
- !ruby/object:Gem::Dependency
|
|
@@ -416,14 +410,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
416
410
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
417
411
|
none: false
|
|
418
412
|
requirements:
|
|
419
|
-
- - "
|
|
413
|
+
- - ">="
|
|
420
414
|
- !ruby/object:Gem::Version
|
|
421
|
-
hash:
|
|
415
|
+
hash: 3
|
|
422
416
|
segments:
|
|
423
|
-
-
|
|
424
|
-
|
|
425
|
-
- 1
|
|
426
|
-
version: 1.3.1
|
|
417
|
+
- 0
|
|
418
|
+
version: "0"
|
|
427
419
|
requirements:
|
|
428
420
|
- none
|
|
429
421
|
rubyforge_project:
|