activerecord 3.1.5 → 3.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## Rails 3.1.6 (Jun 12, 2012)
|
|
2
|
+
|
|
3
|
+
* protect against the nesting of hashes changing the
|
|
4
|
+
table context in the next call to build_from_hash. This fix
|
|
5
|
+
covers this case as well.
|
|
6
|
+
|
|
7
|
+
CVE-2012-2695
|
|
8
|
+
|
|
1
9
|
## Rails 3.1.5 (May 31, 2012) ##
|
|
2
10
|
|
|
3
11
|
* Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931.
|
|
@@ -423,7 +423,9 @@ module ActiveRecord
|
|
|
423
423
|
end
|
|
424
424
|
|
|
425
425
|
def tables(name = nil, database = nil) #:nodoc:
|
|
426
|
-
sql =
|
|
426
|
+
sql = "SHOW TABLES "
|
|
427
|
+
sql << "IN #{quote_table_name(database)} " if database
|
|
428
|
+
|
|
427
429
|
execute(sql, 'SCHEMA').collect do |field|
|
|
428
430
|
field.first
|
|
429
431
|
end
|
|
@@ -630,7 +630,10 @@ module ActiveRecord
|
|
|
630
630
|
end
|
|
631
631
|
|
|
632
632
|
def tables(name = nil, database = nil) #:nodoc:
|
|
633
|
-
|
|
633
|
+
sql = "SHOW TABLES "
|
|
634
|
+
sql << "IN #{quote_table_name(database)} " if database
|
|
635
|
+
|
|
636
|
+
result = execute(sql, 'SCHEMA')
|
|
634
637
|
tables = result.collect { |field| field[0] }
|
|
635
638
|
result.free
|
|
636
639
|
tables
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
module ActiveRecord
|
|
2
2
|
class PredicateBuilder # :nodoc:
|
|
3
|
-
def self.build_from_hash(engine, attributes, default_table,
|
|
3
|
+
def self.build_from_hash(engine, attributes, default_table, allow_table_name = true)
|
|
4
4
|
predicates = attributes.map do |column, value|
|
|
5
5
|
table = default_table
|
|
6
6
|
|
|
7
|
-
if value.is_a?(Hash)
|
|
7
|
+
if allow_table_name && value.is_a?(Hash)
|
|
8
8
|
table = Arel::Table.new(column, engine)
|
|
9
9
|
build_from_hash(engine, value, table, false)
|
|
10
10
|
else
|
|
11
11
|
column = column.to_s
|
|
12
12
|
|
|
13
|
-
if
|
|
13
|
+
if allow_table_name && column.include?('.')
|
|
14
14
|
table_name, column = column.split('.', 2)
|
|
15
15
|
table = Arel::Table.new(table_name, engine)
|
|
16
16
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 15
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 3
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 3.1.
|
|
9
|
+
- 6
|
|
10
|
+
version: 3.1.6
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- David Heinemeier Hansson
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2012-
|
|
18
|
+
date: 2012-06-12 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: activesupport
|
|
@@ -25,12 +25,12 @@ dependencies:
|
|
|
25
25
|
requirements:
|
|
26
26
|
- - "="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
|
-
hash:
|
|
28
|
+
hash: 15
|
|
29
29
|
segments:
|
|
30
30
|
- 3
|
|
31
31
|
- 1
|
|
32
|
-
-
|
|
33
|
-
version: 3.1.
|
|
32
|
+
- 6
|
|
33
|
+
version: 3.1.6
|
|
34
34
|
type: :runtime
|
|
35
35
|
version_requirements: *id001
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
@@ -41,12 +41,12 @@ dependencies:
|
|
|
41
41
|
requirements:
|
|
42
42
|
- - "="
|
|
43
43
|
- !ruby/object:Gem::Version
|
|
44
|
-
hash:
|
|
44
|
+
hash: 15
|
|
45
45
|
segments:
|
|
46
46
|
- 3
|
|
47
47
|
- 1
|
|
48
|
-
-
|
|
49
|
-
version: 3.1.
|
|
48
|
+
- 6
|
|
49
|
+
version: 3.1.6
|
|
50
50
|
type: :runtime
|
|
51
51
|
version_requirements: *id002
|
|
52
52
|
- !ruby/object:Gem::Dependency
|