actionview 4.2.5.1 → 4.2.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of actionview might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/lib/action_view/gem_version.rb +1 -1
- data/lib/action_view/renderer/renderer.rb +4 -0
- data/lib/action_view/template/resolver.rb +2 -2
- metadata +8 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c1c1ffcc325396c04316a0d309fcb858f9eec5b1
|
|
4
|
+
data.tar.gz: 3030d020724c256777659f2c9a7dfa445cb84360
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9012619bedc05a4ba84268291dabd997dc238c9a629820b5d5cdd14906851c9c02b34b117e49efdf7d92389b4824a26f3c5c05c91f173f819ded1518325eb7d6
|
|
7
|
+
data.tar.gz: 6c02cdae8743cfec0ef44d7e27fac8d182e934406094e90cde3dc245d605f59a3202e154486c2782cf28b9d7433ceb1375a9e85757d77b9162484f395f1ef35c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,20 @@
|
|
|
1
|
+
## Rails 4.2.5.2 (February 26, 2016) ##
|
|
2
|
+
|
|
3
|
+
* Do not allow render with unpermitted parameter.
|
|
4
|
+
|
|
5
|
+
Fixes CVE-2016-2098.
|
|
6
|
+
|
|
7
|
+
*Arthur Neves*
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
## Rails 4.2.5.1 (January 25, 2015) ##
|
|
11
|
+
|
|
12
|
+
* Adds boolean argument outside_app_allowed to `ActionView::Resolver#find_templates`
|
|
13
|
+
method.
|
|
14
|
+
|
|
15
|
+
*Aaron Patterson*
|
|
16
|
+
|
|
17
|
+
|
|
1
18
|
## Rails 4.2.5 (November 12, 2015) ##
|
|
2
19
|
|
|
3
20
|
* Fix `mail_to` when called with `nil` as argument.
|
|
@@ -17,6 +17,10 @@ module ActionView
|
|
|
17
17
|
|
|
18
18
|
# Main render entry point shared by AV and AC.
|
|
19
19
|
def render(context, options)
|
|
20
|
+
if options.respond_to?(:permitted?) && !options.permitted?
|
|
21
|
+
raise ArgumentError, "render parameters are not permitted"
|
|
22
|
+
end
|
|
23
|
+
|
|
20
24
|
if options.key?(:partial)
|
|
21
25
|
render_partial(context, options)
|
|
22
26
|
else
|
|
@@ -130,8 +130,8 @@ module ActionView
|
|
|
130
130
|
# This is what child classes implement. No defaults are needed
|
|
131
131
|
# because Resolver guarantees that the arguments are present and
|
|
132
132
|
# normalized.
|
|
133
|
-
def find_templates(name, prefix, partial, details)
|
|
134
|
-
raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details) method"
|
|
133
|
+
def find_templates(name, prefix, partial, details, outside_app_allowed)
|
|
134
|
+
raise NotImplementedError, "Subclasses must implement a find_templates(name, prefix, partial, details, outside_app_allowed) method"
|
|
135
135
|
end
|
|
136
136
|
|
|
137
137
|
# Helpers that builds a path. Useful for building virtual paths.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: actionview
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.2.5.
|
|
4
|
+
version: 4.2.5.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-02-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 4.2.5.
|
|
19
|
+
version: 4.2.5.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 4.2.5.
|
|
26
|
+
version: 4.2.5.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: builder
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -98,28 +98,28 @@ dependencies:
|
|
|
98
98
|
requirements:
|
|
99
99
|
- - '='
|
|
100
100
|
- !ruby/object:Gem::Version
|
|
101
|
-
version: 4.2.5.
|
|
101
|
+
version: 4.2.5.2
|
|
102
102
|
type: :development
|
|
103
103
|
prerelease: false
|
|
104
104
|
version_requirements: !ruby/object:Gem::Requirement
|
|
105
105
|
requirements:
|
|
106
106
|
- - '='
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
|
-
version: 4.2.5.
|
|
108
|
+
version: 4.2.5.2
|
|
109
109
|
- !ruby/object:Gem::Dependency
|
|
110
110
|
name: activemodel
|
|
111
111
|
requirement: !ruby/object:Gem::Requirement
|
|
112
112
|
requirements:
|
|
113
113
|
- - '='
|
|
114
114
|
- !ruby/object:Gem::Version
|
|
115
|
-
version: 4.2.5.
|
|
115
|
+
version: 4.2.5.2
|
|
116
116
|
type: :development
|
|
117
117
|
prerelease: false
|
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
|
119
119
|
requirements:
|
|
120
120
|
- - '='
|
|
121
121
|
- !ruby/object:Gem::Version
|
|
122
|
-
version: 4.2.5.
|
|
122
|
+
version: 4.2.5.2
|
|
123
123
|
description: Simple, battle-tested conventions and helpers for building web pages.
|
|
124
124
|
email: david@loudthinking.com
|
|
125
125
|
executables: []
|