actionview 5.2.3 → 5.2.4.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: afb542680a6bdea85297d58343a24da1754f7893189439ead02c8b566de24d27
-  data.tar.gz: 53438d080b42df0f88a29b45f9f2a4dfb2afa1129dbe366a612bf47c25645fea
+  metadata.gz: bee2854f221042bd39d08a9aa41c871f6029abb0f5b19143051fda4e432ca773
+  data.tar.gz: 53a3c5699665ff4ea1bd71a0a750f399dd36d61464a52a99edcc3a90fd399693
 SHA512:
-  metadata.gz: 985967fad7c02691fca261d82a25bf1b409071c5ee422127bec7bde426b03a8bac3024736861149c8aa4a80de0240e393c4e98b18f52c2041bbe16223d409f59
-  data.tar.gz: b5965f912d6ef4a64764370c17adc1f24bdc960fb8a4e549930d54f2d708dde433a1e9495f35d5fbbc66c3e5bee57d66a3b42107fada1bd708d1201cb657d04e
+  metadata.gz: f041a35b39a2505bcaff2eec99fea13e39df28eca2b1155afdec458c24e4d814595aa2246dbdfb9e528ce89c60c135ddb188e7a5c1eb963d03d91525529e78f6
+  data.tar.gz: c5d8b7f212b06ebc6325fc4695b8af33a1c5f4196a9e7ed820b2f8a9a53ec6fb4ab91cf503ac819b02660a88218759c83df12c8336bb6ad9d99f3d8619916148

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## Rails 5.2.4.rc1 (November 22, 2019) ##
+
+*   Allow programmatic click events to trigger Rails UJS click handlers.
+    Programmatic click events (eg. ones generated by `Rails.fire(link, "click")`) don't specify a button. These events were being incorrectly stopped by code meant to ignore scroll wheel and right clicks introduced in #34573.
+
+    *Sudara Williams*
+
+
 ## Rails 5.2.3 (March 27, 2019) ##
 
 *   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
@@ -15,7 +23,16 @@
 
 ## Rails 5.2.2.1 (March 11, 2019) ##
 
-*   No changes.
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
 ## Rails 5.2.2 (December 04, 2018) ##

data/lib/action_view/gem_version.rb

@@ -9,8 +9,8 @@ module ActionView
   module VERSION
     MAJOR = 5
     MINOR = 2
-    TINY  = 3
-    PRE   = nil
+    TINY  = 4
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
   end

data/lib/action_view/helpers/form_helper.rb

@@ -736,7 +736,7 @@ module ActionView
       #   def labelled_form_with(**options, &block)
       #     form_with(**options.merge(builder: LabellingFormBuilder), &block)
       #   end
-      def form_with(model: nil, scope: nil, url: nil, format: nil, **options)
+      def form_with(model: nil, scope: nil, url: nil, format: nil, **options, &block)
         options[:allow_method_names_outside_object] = true
         options[:skip_default_ids] = !form_with_generates_ids
 
@@ -749,7 +749,7 @@ module ActionView
 
         if block_given?
           builder = instantiate_builder(scope, model, options)
-          output  = capture(builder, &Proc.new)
+          output  = capture(builder, &block)
           options[:multipart] ||= builder.multipart?
 
           html_options = html_options_for_form_with(url, model, options)

data/lib/action_view/helpers/form_tag_helper.rb

@@ -163,6 +163,8 @@ module ActionView
       # * <tt>:size</tt> - The number of visible characters that will fit in the input.
       # * <tt>:maxlength</tt> - The maximum number of characters that the browser will allow the user to enter.
       # * <tt>:placeholder</tt> - The text contained in the field by default which is removed when the field receives focus.
+      #   If set to true, use a translation is found in the current I18n locale
+      #   (through helpers.placeholders.<modelname>.<attribute>).
       # * Any other key creates standard HTML attributes for the tag.
       #
       # ==== Examples

data/lib/action_view/helpers/url_helper.rb

@@ -253,7 +253,7 @@ module ActionView
       #   #      <input value="New" type="submit" />
       #   #    </form>"
       #
-      #   <%= button_to "New", new_articles_path %>
+      #   <%= button_to "New", new_article_path %>
       #   # => "<form method="post" action="/articles/new" class="button_to">
       #   #      <input value="New" type="submit" />
       #   #    </form>"

data/lib/assets/compiled/rails-ujs.js

@@ -2,7 +2,7 @@
 Unobtrusive JavaScript
 https://github.com/rails/rails/blob/master/actionview/app/assets/javascripts
 Released under the MIT license
- */
+ */;
 
 (function() {
   var context = this;
@@ -622,14 +622,14 @@ Released under the MIT license
       };
 
       Rails.preventInsignificantClick = function(e) {
-        var data, insignificantMetaClick, link, metaClick, method, primaryMouseKey;
+        var data, insignificantMetaClick, link, metaClick, method, nonPrimaryMouseClick;
         link = this;
         method = (link.getAttribute('data-method') || 'GET').toUpperCase();
         data = link.getAttribute('data-params');
         metaClick = e.metaKey || e.ctrlKey;
         insignificantMetaClick = metaClick && method === 'GET' && !data;
-        primaryMouseKey = e.button === 0;
-        if (!primaryMouseKey || insignificantMetaClick) {
+        nonPrimaryMouseClick = (e.button != null) && e.button !== 0;
+        if (nonPrimaryMouseClick || insignificantMetaClick) {
           return e.stopImmediatePropagation();
         }
       };

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: actionview
 version: !ruby/object:Gem::Version
-  version: 5.2.3
+  version: 5.2.4.rc1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-28 00:00:00.000000000 Z
+date: 2019-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
@@ -92,28 +92,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: 5.2.4.rc1
 description: Simple, battle-tested conventions and helpers for building web pages.
 email: david@loudthinking.com
 executables: []
@@ -230,8 +230,8 @@ homepage: http://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.3/actionview
-  changelog_uri: https://github.com/rails/rails/blob/v5.2.3/actionview/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v5.2.4.rc1/actionview
+  changelog_uri: https://github.com/rails/rails/blob/v5.2.4.rc1/actionview/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -243,12 +243,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.2.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements:
 - none
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rendering framework putting the V in MVC (part of Rails).