actionview 4.2.11.1 → 4.2.11.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of actionview might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/action_view/gem_version.rb +1 -1
  4. data/lib/action_view/template.rb +5 -1
  5. metadata +9 -9
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 71fb7b73001ccc9220ba0da089fc3336a3a18620ca13a18730fa91d4799fbf58
4
- data.tar.gz: a87ef6a72900a81c7cff2d00f3fac65006c0f95935b7bf366c1f4bfa1210b6d1
3
+ metadata.gz: 102c60f71456f1813234974dc2314b6ad213157dec389c99cb60abeee7e375aa
4
+ data.tar.gz: f863ee943c826b57aa89a8a1174ba703a87446d69082b12e3e8a907f35978d90
5
5
  SHA512:
6
- metadata.gz: ea93cb6a5de3af579900cf1534b50842c6d197062ee7a01a9f499287dbbb8f6f3d9c32abfadba3c2d1868b8deddc70594c3e5767744031e47961d5da15cb5e54
7
- data.tar.gz: e59b44cf756ed5bf55ef96709055a04413dfba03fa083c32ef709eb266267ac774bc7d83c08c696a16c98e5dd93a412a531372eee7546bcc8e856e1304dcf618
6
+ metadata.gz: 3b540747d3ccd01a69cb25e9298e2cc032b3eedc81ced87693d908220ebc1f767c264681236a13a0ea0fc6d848f9aa1f6f97162cc3d00321383461895d951136
7
+ data.tar.gz: 06d27fc9d0e14c24e77ee2daafe17a808b549f37feab627f067fdcf746477e506396e208b84c079f2781658ca025ae932e49d6e841b061ee4502cbca9d950a13
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## Rails 4.2.11.2 (May 15, 2020) ##
2
+
3
+ * Restrict local variable names in templates [CVE-2020-8163]
4
+
5
+
1
6
  ## Rails 4.2.11.1 (March 11, 2019) ##
2
7
 
3
8
  * No changes.
data/lib/action_view/gem_version.rb CHANGED
@@ -8,7 +8,7 @@ module ActionView
8
8
  MAJOR = 4
9
9
  MINOR = 2
10
10
  TINY = 11
11
- PRE = "1"
11
+ PRE = "2"
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
14
14
  end
data/lib/action_view/template.rb CHANGED
@@ -312,8 +312,12 @@ module ActionView
312
312
  end
313
313
 
314
314
  def locals_code #:nodoc:
315
+ # Only locals with valid variable names get set directly. Others will
316
+ # still be available in local_assigns.
317
+ locals = @locals.to_set - Module::DELEGATION_RESERVED_METHOD_NAMES
318
+ locals = locals.grep(/\A(?![A-Z0-9])(?:[[:alnum:]_]|[^\0-\177])+\z/)
315
319
  # Double assign to suppress the dreaded 'assigned but unused variable' warning
316
- @locals.each_with_object('') { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" }
320
+ locals.each_with_object('') { |key, code| code << "#{key} = #{key} = local_assigns[:#{key}];" }
317
321
  end
318
322
 
319
323
  def method_name #:nodoc:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: actionview
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.11.1
4
+ version: 4.2.11.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-03-11 00:00:00.000000000 Z
11
+ date: 2020-05-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.2.11.1
19
+ version: 4.2.11.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.2.11.1
26
+ version: 4.2.11.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: builder
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -98,28 +98,28 @@ dependencies:
98
98
  requirements:
99
99
  - - '='
100
100
  - !ruby/object:Gem::Version
101
- version: 4.2.11.1
101
+ version: 4.2.11.2
102
102
  type: :development
103
103
  prerelease: false
104
104
  version_requirements: !ruby/object:Gem::Requirement
105
105
  requirements:
106
106
  - - '='
107
107
  - !ruby/object:Gem::Version
108
- version: 4.2.11.1
108
+ version: 4.2.11.2
109
109
  - !ruby/object:Gem::Dependency
110
110
  name: activemodel
111
111
  requirement: !ruby/object:Gem::Requirement
112
112
  requirements:
113
113
  - - '='
114
114
  - !ruby/object:Gem::Version
115
- version: 4.2.11.1
115
+ version: 4.2.11.2
116
116
  type: :development
117
117
  prerelease: false
118
118
  version_requirements: !ruby/object:Gem::Requirement
119
119
  requirements:
120
120
  - - '='
121
121
  - !ruby/object:Gem::Version
122
- version: 4.2.11.1
122
+ version: 4.2.11.2
123
123
  description: Simple, battle-tested conventions and helpers for building web pages.
124
124
  email: david@loudthinking.com
125
125
  executables: []
@@ -247,7 +247,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
247
247
  version: '0'
248
248
  requirements:
249
249
  - none
250
- rubygems_version: 3.0.1
250
+ rubygems_version: 3.0.3
251
251
  signing_key:
252
252
  specification_version: 4
253
253
  summary: Rendering framework putting the V in MVC (part of Rails).