actionpack 3.2.14 → 3.2.15.rc1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/CHANGELOG.md +32 -0
- data/lib/action_dispatch/middleware/remote_ip.rb +1 -1
- data/lib/action_dispatch/routing/route_set.rb +2 -1
- data/lib/action_dispatch/testing/assertions/response.rb +1 -1
- data/lib/action_dispatch/testing/assertions/routing.rb +3 -3
- data/lib/action_pack/version.rb +2 -2
- data/lib/action_view/lookup_context.rb +2 -5
- data/lib/action_view/renderer/abstract_renderer.rb +0 -6
- data/lib/action_view/renderer/partial_renderer.rb +0 -2
- data/lib/action_view/renderer/template_renderer.rb +2 -3
- metadata +136 -177
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9b9db0adb5f239abf14e5fb60cf66f27bb6eb7d5
|
4
|
+
data.tar.gz: 648a873bc49f7825e8e1a60c7fe0d88ab6572baf
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: ea7b80cc27e813eb7fc6f992e67d113063761ad122e485ce3fe1f36d32b53e6cfd062d5183d988793a0f5e00ef7d800bf0458160fa02dfc4c5ed17b77f6abf1d
|
7
|
+
data.tar.gz: e89b01d1413976a438b6fe4408d62dea0dec30919723d7ca9e79d73bd1d03235b8ff720c4a9661653d149b16f03aeb5a203b94706ae9278d6899b3e7771c4f73
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,35 @@
|
|
1
|
+
## unreleased ##
|
2
|
+
|
3
|
+
* Fix `ActionDispatch::RemoteIp::GetIp#calculate_ip` to only check for spoofing
|
4
|
+
attacks if both `HTTP_CLIENT_IP` and `HTTP_X_FORWARDED_FOR` are set.
|
5
|
+
|
6
|
+
Fixes #12410
|
7
|
+
Backports #10844
|
8
|
+
|
9
|
+
*Tamir Duberstein*
|
10
|
+
|
11
|
+
* Fix the assert_recognizes test method so that it works when there are
|
12
|
+
constraints on the querystring.
|
13
|
+
|
14
|
+
Issue/Pull Request #9368
|
15
|
+
Backport #5219
|
16
|
+
|
17
|
+
*Brian Hahn*
|
18
|
+
|
19
|
+
* Fix to render partial by context(#11605).
|
20
|
+
|
21
|
+
*Kassio Borges*
|
22
|
+
|
23
|
+
* Fix `ActionDispatch::Assertions::ResponseAssertions#assert_redirected_to`
|
24
|
+
does not show user-supplied message.
|
25
|
+
|
26
|
+
Issue: when `assert_redirected_to` fails due to the response redirect not
|
27
|
+
matching the expected redirect the user-supplied message (second parameter)
|
28
|
+
is not shown. This message is only shown if the response is not a redirect.
|
29
|
+
|
30
|
+
*Alexey Chernenkov*
|
31
|
+
|
32
|
+
|
1
33
|
## Rails 3.2.14 (Jul 22, 2013) ##
|
2
34
|
|
3
35
|
* Merge `:action` from routing scope and assign endpoint if both `:controller`
|
@@ -49,7 +49,7 @@ module ActionDispatch
|
|
49
49
|
forwarded_ips = ips_from('HTTP_X_FORWARDED_FOR')
|
50
50
|
remote_addrs = ips_from('REMOTE_ADDR')
|
51
51
|
|
52
|
-
check_ip = client_ip && @middleware.check_ip
|
52
|
+
check_ip = client_ip && forwarded_ips.present? && @middleware.check_ip
|
53
53
|
if check_ip && !forwarded_ips.include?(client_ip)
|
54
54
|
# We don't know which came from the proxy, and which from the user
|
55
55
|
raise IpSpoofAttackError, "IP spoofing attack?!" \
|
@@ -611,9 +611,10 @@ module ActionDispatch
|
|
611
611
|
def recognize_path(path, environment = {})
|
612
612
|
method = (environment[:method] || "GET").to_s.upcase
|
613
613
|
path = Journey::Router::Utils.normalize_path(path) unless path =~ %r{://}
|
614
|
+
extras = environment[:extras] || {}
|
614
615
|
|
615
616
|
begin
|
616
|
-
env = Rack::MockRequest.env_for(path, {:method => method})
|
617
|
+
env = Rack::MockRequest.env_for(path, {:method => method, :params => extras})
|
617
618
|
rescue URI::InvalidURIError => e
|
618
619
|
raise ActionController::RoutingError, e.message
|
619
620
|
end
|
@@ -62,7 +62,7 @@ module ActionDispatch
|
|
62
62
|
redirect_expected = normalize_argument_to_redirection(options)
|
63
63
|
|
64
64
|
if redirect_is != redirect_expected
|
65
|
-
flunk "Expected response to be a redirect to
|
65
|
+
flunk(build_message(message, "Expected response to be a redirect to <?> but was a redirect to <?>", redirect_expected, redirect_is))
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
@@ -39,7 +39,7 @@ module ActionDispatch
|
|
39
39
|
# # Test a custom route
|
40
40
|
# assert_recognizes({:controller => 'items', :action => 'show', :id => '1'}, 'view/item1')
|
41
41
|
def assert_recognizes(expected_options, path, extras={}, message=nil)
|
42
|
-
request = recognized_request_for(path)
|
42
|
+
request = recognized_request_for(path, extras)
|
43
43
|
|
44
44
|
expected_options = expected_options.clone
|
45
45
|
extras.each_key { |key| expected_options.delete key } unless extras.nil?
|
@@ -179,7 +179,7 @@ module ActionDispatch
|
|
179
179
|
|
180
180
|
private
|
181
181
|
# Recognizes the route for a given path.
|
182
|
-
def recognized_request_for(path)
|
182
|
+
def recognized_request_for(path, extras = {})
|
183
183
|
if path.is_a?(Hash)
|
184
184
|
method = path[:method]
|
185
185
|
path = path[:path]
|
@@ -207,7 +207,7 @@ module ActionDispatch
|
|
207
207
|
|
208
208
|
request.request_method = method if method
|
209
209
|
|
210
|
-
params = @routes.recognize_path(path, { :method => method })
|
210
|
+
params = @routes.recognize_path(path, { :method => method, :extras => extras })
|
211
211
|
request.path_parameters = params.with_indifferent_access
|
212
212
|
|
213
213
|
request
|
data/lib/action_pack/version.rb
CHANGED
@@ -103,7 +103,7 @@ module ActionView
|
|
103
103
|
|
104
104
|
# Helpers related to template lookup using the lookup context information.
|
105
105
|
module ViewPaths
|
106
|
-
attr_reader :view_paths
|
106
|
+
attr_reader :view_paths
|
107
107
|
|
108
108
|
# Whenever setting view paths, makes a copy so we can manipulate then in
|
109
109
|
# instance objects as we wish.
|
@@ -200,10 +200,7 @@ module ActionView
|
|
200
200
|
def formats=(values)
|
201
201
|
if values
|
202
202
|
values.concat(default_formats) if values.delete "*/*"
|
203
|
-
if values == [:js]
|
204
|
-
values << :html
|
205
|
-
@html_fallback_for_js = true
|
206
|
-
end
|
203
|
+
values << :html if values == [:js]
|
207
204
|
end
|
208
205
|
super(values)
|
209
206
|
end
|
@@ -37,11 +37,5 @@ module ActionView
|
|
37
37
|
def instrument(name, options={})
|
38
38
|
ActiveSupport::Notifications.instrument("render_#{name}.action_view", options){ yield }
|
39
39
|
end
|
40
|
-
|
41
|
-
def prepend_formats(formats)
|
42
|
-
formats = Array(formats)
|
43
|
-
return if formats.empty? || @lookup_context.html_fallback_for_js
|
44
|
-
@lookup_context.formats = formats | @lookup_context.formats
|
45
|
-
end
|
46
40
|
end
|
47
41
|
end
|
@@ -10,10 +10,9 @@ module ActionView
|
|
10
10
|
template = determine_template(options)
|
11
11
|
context = @lookup_context
|
12
12
|
|
13
|
-
prepend_formats(template.formats)
|
14
|
-
|
15
13
|
unless context.rendered_format
|
16
|
-
context.
|
14
|
+
context.formats = template.formats unless template.formats.empty?
|
15
|
+
context.rendered_format = context.formats.first
|
17
16
|
end
|
18
17
|
|
19
18
|
render_template(template, options[:layout], options[:locals])
|
metadata
CHANGED
@@ -1,191 +1,162 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: actionpack
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 3
|
8
|
-
- 2
|
9
|
-
- 14
|
10
|
-
version: 3.2.14
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 3.2.15.rc1
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- David Heinemeier Hansson
|
14
8
|
autorequire:
|
15
9
|
bindir: bin
|
16
10
|
cert_chain: []
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
dependencies:
|
21
|
-
- !ruby/object:Gem::Dependency
|
22
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
23
|
-
none: false
|
24
|
-
requirements:
|
25
|
-
- - "="
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
hash: 19
|
28
|
-
segments:
|
29
|
-
- 3
|
30
|
-
- 2
|
31
|
-
- 14
|
32
|
-
version: 3.2.14
|
33
|
-
type: :runtime
|
11
|
+
date: 2013-10-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
34
14
|
name: activesupport
|
35
|
-
|
36
|
-
|
37
|
-
-
|
38
|
-
|
39
|
-
|
40
|
-
requirements:
|
41
|
-
- - "="
|
42
|
-
- !ruby/object:Gem::Version
|
43
|
-
hash: 19
|
44
|
-
segments:
|
45
|
-
- 3
|
46
|
-
- 2
|
47
|
-
- 14
|
48
|
-
version: 3.2.14
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 3.2.15.rc1
|
49
20
|
type: :runtime
|
50
|
-
name: activemodel
|
51
|
-
version_requirements: *id002
|
52
21
|
prerelease: false
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 3.2.15.rc1
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: activemodel
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 3.2.15.rc1
|
64
34
|
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 3.2.15.rc1
|
41
|
+
- !ruby/object:Gem::Dependency
|
65
42
|
name: rack-cache
|
66
|
-
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '1.2'
|
48
|
+
type: :runtime
|
67
49
|
prerelease: false
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '1.2'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: builder
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
79
61
|
version: 3.0.0
|
80
62
|
type: :runtime
|
81
|
-
name: builder
|
82
|
-
version_requirements: *id004
|
83
63
|
prerelease: false
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 3.0.0
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rack
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
95
75
|
version: 1.4.5
|
96
76
|
type: :runtime
|
97
|
-
name: rack
|
98
|
-
version_requirements: *id005
|
99
77
|
prerelease: false
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 1.4.5
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rack-test
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
111
89
|
version: 0.6.1
|
112
90
|
type: :runtime
|
113
|
-
name: rack-test
|
114
|
-
version_requirements: *id006
|
115
91
|
prerelease: false
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.6.1
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: journey
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
127
103
|
version: 1.0.4
|
128
104
|
type: :runtime
|
129
|
-
name: journey
|
130
|
-
version_requirements: *id007
|
131
105
|
prerelease: false
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: 1.0.4
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: sprockets
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
143
117
|
version: 2.2.1
|
144
118
|
type: :runtime
|
145
|
-
name: sprockets
|
146
|
-
version_requirements: *id008
|
147
119
|
prerelease: false
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: 2.2.1
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: erubis
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
159
131
|
version: 2.7.0
|
160
132
|
type: :runtime
|
161
|
-
name: erubis
|
162
|
-
version_requirements: *id009
|
163
133
|
prerelease: false
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 2.7.0
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: tzinfo
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - "~>"
|
144
|
+
- !ruby/object:Gem::Version
|
175
145
|
version: 0.3.29
|
176
146
|
type: :development
|
177
|
-
name: tzinfo
|
178
|
-
version_requirements: *id010
|
179
147
|
prerelease: false
|
180
|
-
|
148
|
+
version_requirements: !ruby/object:Gem::Requirement
|
149
|
+
requirements:
|
150
|
+
- - "~>"
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: 0.3.29
|
153
|
+
description: Web apps on Rails. Simple, battle-tested conventions for building and
|
154
|
+
testing MVC web applications. Works with any Rack-compatible server.
|
181
155
|
email: david@loudthinking.com
|
182
156
|
executables: []
|
183
|
-
|
184
157
|
extensions: []
|
185
|
-
|
186
158
|
extra_rdoc_files: []
|
187
|
-
|
188
|
-
files:
|
159
|
+
files:
|
189
160
|
- CHANGELOG.md
|
190
161
|
- README.rdoc
|
191
162
|
- MIT-LICENSE
|
@@ -377,41 +348,29 @@ files:
|
|
377
348
|
- lib/sprockets/helpers.rb
|
378
349
|
- lib/sprockets/railtie.rb
|
379
350
|
- lib/sprockets/static_compiler.rb
|
380
|
-
has_rdoc: true
|
381
351
|
homepage: http://www.rubyonrails.org
|
382
|
-
licenses:
|
352
|
+
licenses:
|
383
353
|
- MIT
|
354
|
+
metadata: {}
|
384
355
|
post_install_message:
|
385
356
|
rdoc_options: []
|
386
|
-
|
387
|
-
require_paths:
|
357
|
+
require_paths:
|
388
358
|
- lib
|
389
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
390
|
-
|
391
|
-
requirements:
|
359
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
360
|
+
requirements:
|
392
361
|
- - ">="
|
393
|
-
- !ruby/object:Gem::Version
|
394
|
-
hash: 57
|
395
|
-
segments:
|
396
|
-
- 1
|
397
|
-
- 8
|
398
|
-
- 7
|
362
|
+
- !ruby/object:Gem::Version
|
399
363
|
version: 1.8.7
|
400
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
406
|
-
segments:
|
407
|
-
- 0
|
408
|
-
version: "0"
|
409
|
-
requirements:
|
364
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
365
|
+
requirements:
|
366
|
+
- - ">"
|
367
|
+
- !ruby/object:Gem::Version
|
368
|
+
version: 1.3.1
|
369
|
+
requirements:
|
410
370
|
- none
|
411
371
|
rubyforge_project:
|
412
|
-
rubygems_version:
|
372
|
+
rubygems_version: 2.0.2
|
413
373
|
signing_key:
|
414
|
-
specification_version:
|
374
|
+
specification_version: 4
|
415
375
|
summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).
|
416
376
|
test_files: []
|
417
|
-
|