actionpack 4.2.5 → 4.2.5.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/abstract_controller/rendering.rb +7 -1
  3. data/lib/action_controller/metal/http_authentication.rb +6 -1
  4. data/lib/action_dispatch/http/mime_type.rb +16 -2
  5. data/lib/action_dispatch/routing/route_set.rb +1 -3
  6. data/lib/action_pack/gem_version.rb +1 -1
  7. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 78c248276d4ad520e704762a3d993ab9952c7d0d
4
- data.tar.gz: 4666bc83ad5465fd9f759888e3dfa5bd324b3d0a
3
+ metadata.gz: 1aec2016214c6c4775581a163240a66c63a0bea7
4
+ data.tar.gz: 5c2b19e2b035b0043cae2d128fdbaa534d262a1f
5
5
  SHA512:
6
- metadata.gz: 9599c768364cffbb6d5df4548a77e622c2033162579e6181abe0b09474a2ab620caaa196782b18da4d6812dd693cb3c1cddc61458294d4223309bd83dd426f23
7
- data.tar.gz: 37057c94d34f84b30726e7b269239fe1e6d1084814ff2e530b4b7826bc35790701c79c8556d1d96d1958ce9f102af60a6112a311510126392837fd978487f29e
6
+ metadata.gz: 9cddee477c014c4fc932c9c5e6ace3def12fcc4a7405b62c1c32345499f53376589e4bcf36977ea669fbd2e51dad489934ba5c83876314f5a21f1a699c8f4cf7
7
+ data.tar.gz: 47bb161d384b6030a6b9b32c2b137bae4319e84ecbab6167390d19facb5312d41d6f2e90a4d621aaa896a4794c5c722e56fbf1a654d417e88373bfba1276a62d
data/lib/abstract_controller/rendering.rb CHANGED
@@ -77,7 +77,13 @@ module AbstractController
77
77
  # render "foo/bar" to render :file => "foo/bar".
78
78
  # :api: plugin
79
79
  def _normalize_args(action=nil, options={})
80
- if action.is_a? Hash
80
+ case action
81
+ when ActionController::Parameters
82
+ unless action.permitted?
83
+ raise ArgumentError, "render parameters are not permitted"
84
+ end
85
+ action
86
+ when Hash
81
87
  action
82
88
  else
83
89
  options
data/lib/action_controller/metal/http_authentication.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'base64'
2
+ require 'active_support/security_utils'
2
3
 
3
4
  module ActionController
4
5
  # Makes it dead easy to do HTTP Basic, Digest and Token authentication.
@@ -68,7 +69,11 @@ module ActionController
68
69
  def http_basic_authenticate_with(options = {})
69
70
  before_action(options.except(:name, :password, :realm)) do
70
71
  authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
71
- name == options[:name] && password == options[:password]
72
+ # This comparison uses & so that it doesn't short circuit and
73
+ # uses `variable_size_secure_compare` so that length information
74
+ # isn't leaked.
75
+ ActiveSupport::SecurityUtils.variable_size_secure_compare(name, options[:name]) &
76
+ ActiveSupport::SecurityUtils.variable_size_secure_compare(password, options[:password])
72
77
  end
73
78
  end
74
79
  end
data/lib/action_dispatch/http/mime_type.rb CHANGED
@@ -23,7 +23,7 @@ module Mime
23
23
 
24
24
  SET = Mimes.new
25
25
  EXTENSION_LOOKUP = {}
26
- LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
26
+ LOOKUP = {}
27
27
 
28
28
  class << self
29
29
  def [](type)
@@ -146,7 +146,7 @@ module Mime
146
146
  end
147
147
 
148
148
  def lookup(string)
149
- LOOKUP[string]
149
+ LOOKUP[string] || Type.new(string)
150
150
  end
151
151
 
152
152
  def lookup_by_extension(extension)
@@ -225,9 +225,12 @@ module Mime
225
225
  end
226
226
  end
227
227
 
228
+ attr_reader :hash
229
+
228
230
  def initialize(string, symbol = nil, synonyms = [])
229
231
  @symbol, @synonyms = symbol, synonyms
230
232
  @string = string
233
+ @hash = [@string, @synonyms, @symbol].hash
231
234
  end
232
235
 
233
236
  def to_s
@@ -261,6 +264,13 @@ module Mime
261
264
  end
262
265
  end
263
266
 
267
+ def eql?(other)
268
+ super || (self.class == other.class &&
269
+ @string == other.string &&
270
+ @synonyms == other.synonyms &&
271
+ @symbol == other.symbol)
272
+ end
273
+
264
274
  def =~(mime_type)
265
275
  return false if mime_type.blank?
266
276
  regexp = Regexp.new(Regexp.quote(mime_type.to_s))
@@ -274,6 +284,10 @@ module Mime
274
284
  end
275
285
 
276
286
 
287
+ protected
288
+
289
+ attr_reader :string, :synonyms
290
+
277
291
  private
278
292
 
279
293
  def to_ary; end
data/lib/action_dispatch/routing/route_set.rb CHANGED
@@ -1,6 +1,5 @@
1
1
  require 'action_dispatch/journey'
2
2
  require 'forwardable'
3
- require 'thread_safe'
4
3
  require 'active_support/concern'
5
4
  require 'active_support/core_ext/object/to_query'
6
5
  require 'active_support/core_ext/hash/slice'
@@ -26,7 +25,6 @@ module ActionDispatch
26
25
  class Dispatcher < Routing::Endpoint
27
26
  def initialize(defaults)
28
27
  @defaults = defaults
29
- @controller_class_names = ThreadSafe::Cache.new
30
28
  end
31
29
 
32
30
  def dispatcher?; true; end
@@ -68,7 +66,7 @@ module ActionDispatch
68
66
  private
69
67
 
70
68
  def controller_reference(controller_param)
71
- const_name = @controller_class_names[controller_param] ||= "#{controller_param.camelize}Controller"
69
+ const_name = "#{controller_param.camelize}Controller"
72
70
  ActiveSupport::Dependencies.constantize(const_name)
73
71
  end
74
72
 
data/lib/action_pack/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module ActionPack
8
8
  MAJOR = 4
9
9
  MINOR = 2
10
10
  TINY = 5
11
- PRE = nil
11
+ PRE = "1"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionpack
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.5
4
+ version: 4.2.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-11-12 00:00:00.000000000 Z
11
+ date: 2016-01-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.2.5
19
+ version: 4.2.5.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.2.5
26
+ version: 4.2.5.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rack
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
98
98
  requirements:
99
99
  - - '='
100
100
  - !ruby/object:Gem::Version
101
- version: 4.2.5
101
+ version: 4.2.5.1
102
102
  type: :runtime
103
103
  prerelease: false
104
104
  version_requirements: !ruby/object:Gem::Requirement
105
105
  requirements:
106
106
  - - '='
107
107
  - !ruby/object:Gem::Version
108
- version: 4.2.5
108
+ version: 4.2.5.1
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: activemodel
111
111
  requirement: !ruby/object:Gem::Requirement
112
112
  requirements:
113
113
  - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: 4.2.5
115
+ version: 4.2.5.1
116
116
  type: :development
117
117
  prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: 4.2.5
122
+ version: 4.2.5.1
123
123
  description: Web apps on Rails. Simple, battle-tested conventions for building and
124
124
  testing MVC web applications. Works with any Rack-compatible server.
125
125
  email: david@loudthinking.com
@@ -300,7 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
300
300
  requirements:
301
301
  - none
302
302
  rubyforge_project:
303
- rubygems_version: 2.4.5.1
303
+ rubygems_version: 2.5.1
304
304
  signing_key:
305
305
  specification_version: 4
306
306
  summary: Web-flow and rendering framework putting the VC in MVC (part of Rails).