actionpack 4.1.14 → 4.1.14.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/abstract_controller/rendering.rb +7 -1
  3. data/lib/action_controller/metal/http_authentication.rb +6 -1
  4. data/lib/action_dispatch/http/mime_type.rb +16 -2
  5. data/lib/action_dispatch/routing/route_set.rb +1 -3
  6. data/lib/action_pack/gem_version.rb +1 -1
  7. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1ba57c7907317e830c10f38d04e98e2e1c18e536
4
- data.tar.gz: 00314f7b336e8ff69ba0e5523ec9f1b8b6c07198
3
+ metadata.gz: 5b640d7f98307eb1b7a059c99c9dce9b7739adee
4
+ data.tar.gz: 3c9170fe7b6551a9a9754eec569e2066a38b05b4
5
5
  SHA512:
6
- metadata.gz: 0892ecf1d0428cc6f14a8d69fa1a10265d8e60de0c38a650d5928c6dba204e9a3bf62a4a645400476a4f507742df7e7085843b22c1c93b2eebabb74ad19dfdea
7
- data.tar.gz: c313a0d5ca63cda97fd66174b848c0f5d3673af0933bb616aa69f38aacbf4677baa95aef5613863072c3dade41c8792c503f2a24522f5541f9b3cae8da3cd12a
6
+ metadata.gz: e0a9862c2f96e3764c694d0eb6e09f086e0f73ec5908fd46ae01981e75247cd530adb241234eb8e73a29fd3adde949e601f27cdd8bc225ab6c9e232e21a0910b
7
+ data.tar.gz: 2cd2ba5527130b8859e6f4a349dd4993da8d6c155d82a2418fb69bf1c6fccecf55ffd49a57f52d0bc00d5a91c2be9585db4fd84e49aaa64aa60a76173456ee83
data/lib/abstract_controller/rendering.rb CHANGED
@@ -77,7 +77,13 @@ module AbstractController
77
77
  # render "foo/bar" to render :file => "foo/bar".
78
78
  # :api: plugin
79
79
  def _normalize_args(action=nil, options={})
80
- if action.is_a? Hash
80
+ case action
81
+ when ActionController::Parameters
82
+ unless action.permitted?
83
+ raise ArgumentError, "render parameters are not permitted"
84
+ end
85
+ action
86
+ when Hash
81
87
  action
82
88
  else
83
89
  options
data/lib/action_controller/metal/http_authentication.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'base64'
2
+ require 'active_support/security_utils'
2
3
 
3
4
  module ActionController
4
5
  # Makes it dead easy to do HTTP Basic, Digest and Token authentication.
@@ -70,7 +71,11 @@ module ActionController
70
71
  def http_basic_authenticate_with(options = {})
71
72
  before_action(options.except(:name, :password, :realm)) do
72
73
  authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
73
- name == options[:name] && password == options[:password]
74
+ # This comparison uses & so that it doesn't short circuit and
75
+ # uses `variable_size_secure_compare` so that length information
76
+ # isn't leaked.
77
+ ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &
78
+ ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])
74
79
  end
75
80
  end
76
81
  end
data/lib/action_dispatch/http/mime_type.rb CHANGED
@@ -23,7 +23,7 @@ module Mime
23
23
 
24
24
  SET = Mimes.new
25
25
  EXTENSION_LOOKUP = {}
26
- LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
26
+ LOOKUP = {}
27
27
 
28
28
  class << self
29
29
  def [](type)
@@ -146,7 +146,7 @@ module Mime
146
146
  end
147
147
 
148
148
  def lookup(string)
149
- LOOKUP[string]
149
+ LOOKUP[string] || Type.new(string)
150
150
  end
151
151
 
152
152
  def lookup_by_extension(extension)
@@ -225,9 +225,12 @@ module Mime
225
225
  end
226
226
  end
227
227
 
228
+ attr_reader :hash
229
+
228
230
  def initialize(string, symbol = nil, synonyms = [])
229
231
  @symbol, @synonyms = symbol, synonyms
230
232
  @string = string
233
+ @hash = [@string, @synonyms, @symbol].hash
231
234
  end
232
235
 
233
236
  def to_s
@@ -261,6 +264,13 @@ module Mime
261
264
  end
262
265
  end
263
266
 
267
+ def eql?(other)
268
+ super || (self.class == other.class &&
269
+ @string == other.string &&
270
+ @synonyms == other.synonyms &&
271
+ @symbol == other.symbol)
272
+ end
273
+
264
274
  def =~(mime_type)
265
275
  return false if mime_type.blank?
266
276
  regexp = Regexp.new(Regexp.quote(mime_type.to_s))
@@ -274,6 +284,10 @@ module Mime
274
284
  end
275
285
 
276
286
 
287
+ protected
288
+
289
+ attr_reader :string, :synonyms
290
+
277
291
  private
278
292
 
279
293
  def to_ary; end
data/lib/action_dispatch/routing/route_set.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  require 'action_dispatch/journey'
2
2
  require 'forwardable'
3
- require 'thread_safe'
4
3
  require 'active_support/concern'
5
4
  require 'active_support/core_ext/object/to_query'
6
5
  require 'active_support/core_ext/hash/slice'
@@ -24,7 +23,6 @@ module ActionDispatch
24
23
  def initialize(options={})
25
24
  @defaults = options[:defaults]
26
25
  @glob_param = options.delete(:glob)
27
- @controller_class_names = ThreadSafe::Cache.new
28
26
  end
29
27
 
30
28
  def call(env)
@@ -74,7 +72,7 @@ module ActionDispatch
74
72
  private
75
73
 
76
74
  def controller_reference(controller_param)
77
- const_name = @controller_class_names[controller_param] ||= "#{controller_param.camelize}Controller"
75
+ const_name = "#{controller_param.camelize}Controller"
78
76
  ActiveSupport::Dependencies.constantize(const_name)
79
77
  end
80
78
 
data/lib/action_pack/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module ActionPack
8
8
  MAJOR = 4
9
9
  MINOR = 1
10
10
  TINY = 14
11
- PRE = nil
11
+ PRE = "1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.14
4
+ version: 4.1.14.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-11-12 00:00:00.000000000 Z
11
+ date: 2016-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.1.14
19
+ version: 4.1.14.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.1.14
26
+ version: 4.1.14.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 4.1.14
61
+ version: 4.1.14.1
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 4.1.14
68
+ version: 4.1.14.1
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: activemodel
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
73
  - - '='
74
74
  - !ruby/object:Gem::Version
75
- version: 4.1.14
75
+ version: 4.1.14.1
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - '='
81
81
  - !ruby/object:Gem::Version
82
- version: 4.1.14
82
+ version: 4.1.14.1
83
83
  description: Web apps on Rails. Simple, battle-tested conventions for building and
84
84
  testing MVC web applications. Works with any Rack-compatible server.
85
85
  email: david@loudthinking.com
@@ -258,7 +258,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
258
258
  requirements:
259
259
  - none
260
260
  rubyforge_project:
261
- rubygems_version: 2.4.5.1
261
+ rubygems_version: 2.5.1
262
262
  signing_key:
263
263
  specification_version: 4
264
264
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).