activerecord 3.0.13 → 3.0.14
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
data/CHANGELOG
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
## Rails 3.0.14 (Jun 12, 2012)
|
2
|
+
|
3
|
+
* protect against the nesting of hashes changing the
|
4
|
+
table context in the next call to build_from_hash. This fix
|
5
|
+
covers this case as well.
|
6
|
+
|
7
|
+
CVE-2012-2695
|
8
|
+
|
1
9
|
* Rails 3.0.13 (May 31, 2012)
|
2
10
|
|
3
11
|
* Bugfix circular reference while saving has_one relationship
|
@@ -403,9 +403,11 @@ module ActiveRecord
|
|
403
403
|
end
|
404
404
|
|
405
405
|
def tables(name = nil, database = nil) #:nodoc:
|
406
|
-
|
407
|
-
|
408
|
-
|
406
|
+
sql = "SHOW TABLES "
|
407
|
+
sql << "IN #{quote_table_name(database)} " if database
|
408
|
+
|
409
|
+
result = execute(sql, 'SCHEMA')
|
410
|
+
tables = result.collect { |field| field[0] }
|
409
411
|
result.free
|
410
412
|
tables
|
411
413
|
end
|
@@ -5,17 +5,17 @@ module ActiveRecord
|
|
5
5
|
@engine = engine
|
6
6
|
end
|
7
7
|
|
8
|
-
def build_from_hash(attributes, default_table,
|
8
|
+
def build_from_hash(attributes, default_table, allow_table_name = true)
|
9
9
|
predicates = attributes.map do |column, value|
|
10
10
|
table = default_table
|
11
11
|
|
12
|
-
if value.is_a?(Hash)
|
12
|
+
if allow_table_name && value.is_a?(Hash)
|
13
13
|
table = Arel::Table.new(column, :engine => @engine)
|
14
14
|
build_from_hash(value, table, false)
|
15
15
|
else
|
16
16
|
column = column.to_s
|
17
17
|
|
18
|
-
if
|
18
|
+
if allow_table_name && column.include?('.')
|
19
19
|
table_name, column = column.split('.', 2)
|
20
20
|
table = Arel::Table.new(table_name, :engine => @engine)
|
21
21
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 27
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 3
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 3.0.
|
9
|
+
- 14
|
10
|
+
version: 3.0.14
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- David Heinemeier Hansson
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-
|
18
|
+
date: 2012-06-12 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: activesupport
|
@@ -25,12 +25,12 @@ dependencies:
|
|
25
25
|
requirements:
|
26
26
|
- - "="
|
27
27
|
- !ruby/object:Gem::Version
|
28
|
-
hash:
|
28
|
+
hash: 27
|
29
29
|
segments:
|
30
30
|
- 3
|
31
31
|
- 0
|
32
|
-
-
|
33
|
-
version: 3.0.
|
32
|
+
- 14
|
33
|
+
version: 3.0.14
|
34
34
|
type: :runtime
|
35
35
|
version_requirements: *id001
|
36
36
|
- !ruby/object:Gem::Dependency
|
@@ -41,12 +41,12 @@ dependencies:
|
|
41
41
|
requirements:
|
42
42
|
- - "="
|
43
43
|
- !ruby/object:Gem::Version
|
44
|
-
hash:
|
44
|
+
hash: 27
|
45
45
|
segments:
|
46
46
|
- 3
|
47
47
|
- 0
|
48
|
-
-
|
49
|
-
version: 3.0.
|
48
|
+
- 14
|
49
|
+
version: 3.0.14
|
50
50
|
type: :runtime
|
51
51
|
version_requirements: *id002
|
52
52
|
- !ruby/object:Gem::Dependency
|