actionview 4.2.11.1 → 4.2.11.3
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/template.rb +5 -1
- metadata +9 -9
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35fcfe997dc7203fb3f98d02246095f8dc4a6f04dcc55202b0e7c46103f5ea6f
|
|
4
|
+
data.tar.gz: d847aabe2601aabc3d08859d1c50dd05b3d9e6948308d7021de3e76826667beb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d4b7cc1695c4ae8fa02deac117be9b6d174859d2f197e91f78ffacc9ed0be7aa80900ebd1634a9c34393e42b95249da20c82b63fb3c55e93e3ba69c41c4f0efd
|
|
7
|
+
data.tar.gz: aee0806ac9e39e97d731f002c117686099436cf3b7c119c52ff33c08a3fa71fbca9e2c5461dbb3129be537f0ed9ac03fcb7dcd5bc804fd3f0066fc09ae740eaa
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
## Rails 4.2.11.3 (May 15, 2020) ##
|
|
2
|
+
|
|
3
|
+
* Backport a missing commit for [CVE-2020-8163]
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
## Rails 4.2.11.2 (May 15, 2020) ##
|
|
7
|
+
|
|
8
|
+
* Restrict local variable names in templates [CVE-2020-8163]
|
|
9
|
+
|
|
10
|
+
|
|
1
11
|
## Rails 4.2.11.1 (March 11, 2019) ##
|
|
2
12
|
|
|
3
13
|
* No changes.
|
data/lib/action_view/template.rb
CHANGED
|
@@ -312,8 +312,12 @@ module ActionView
|
|
|
312
312
|
end
|
|
313
313
|
|
|
314
314
|
def locals_code #:nodoc:
|
|
315
|
+
# Only locals with valid variable names get set directly. Others will
|
|
316
|
+
# still be available in local_assigns.
|
|
317
|
+
locals = @locals.to_set - Module::DELEGATION_RESERVED_METHOD_NAMES
|
|
318
|
+
locals = locals.grep(/\A(?![A-Z0-9])(?:[[:alnum:]_]|[^\0-\177])+\z/)
|
|
315
319
|
# Double assign to suppress the dreaded 'assigned but unused variable' warning
|
|
316
|
-
|
|
320
|
+
locals.each_with_object('') { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" }
|
|
317
321
|
end
|
|
318
322
|
|
|
319
323
|
def method_name #:nodoc:
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionview
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.2.11.
|
|
4
|
+
version: 4.2.11.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-05-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 4.2.11.
|
|
19
|
+
version: 4.2.11.3
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 4.2.11.
|
|
26
|
+
version: 4.2.11.3
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: builder
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,28 +98,28 @@ dependencies:
|
|
|
98
98
|
requirements:
|
|
99
99
|
- - '='
|
|
100
100
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: 4.2.11.
|
|
101
|
+
version: 4.2.11.3
|
|
102
102
|
type: :development
|
|
103
103
|
prerelease: false
|
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
105
|
requirements:
|
|
106
106
|
- - '='
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
|
-
version: 4.2.11.
|
|
108
|
+
version: 4.2.11.3
|
|
109
109
|
- !ruby/object:Gem::Dependency
|
|
110
110
|
name: activemodel
|
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
|
112
112
|
requirements:
|
|
113
113
|
- - '='
|
|
114
114
|
- !ruby/object:Gem::Version
|
|
115
|
-
version: 4.2.11.
|
|
115
|
+
version: 4.2.11.3
|
|
116
116
|
type: :development
|
|
117
117
|
prerelease: false
|
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
|
119
119
|
requirements:
|
|
120
120
|
- - '='
|
|
121
121
|
- !ruby/object:Gem::Version
|
|
122
|
-
version: 4.2.11.
|
|
122
|
+
version: 4.2.11.3
|
|
123
123
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
|
124
124
|
email: david@loudthinking.com
|
|
125
125
|
executables: []
|
|
@@ -247,7 +247,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
247
247
|
version: '0'
|
|
248
248
|
requirements:
|
|
249
249
|
- none
|
|
250
|
-
rubygems_version: 3.0.
|
|
250
|
+
rubygems_version: 3.0.3
|
|
251
251
|
signing_key:
|
|
252
252
|
specification_version: 4
|
|
253
253
|
summary: Rendering framework putting the V in MVC (part of Rails).
|