activerecord 4.1.4 → 4.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ffd445d131c912c59f2af2a6355ac882b3919279
-  data.tar.gz: 2e621c4dc003568dbb531b4cdc99454b37f6d167
+  metadata.gz: 5c2fb22442debba985a6376c3c786841597a57c4
+  data.tar.gz: 538fd25c6b66cb8c30f8a730afb9737b4718d1ce
 SHA512:
-  metadata.gz: 133c09aa3ee2adf40f253996c8167f2ffc0752430880fb4ef2de0bff98c5fbf76d1c755ce4791902309579ab271adfd0cf2a24c441d35192f0ec7ca1334d9c17
-  data.tar.gz: 1da09d56fa8e4d83a0a054237599565e365c6ff48329ae7b37bd53fb114070ab63875b7297e87f8faba2fac6c94e9c7797e9bffb76cc03e5b4bdba2156fc781f
+  metadata.gz: 1279a4c8bf786d49638d67b565995258eedb09161090380fe10eacb620810cf84eeb477129c15b9ba673c4784dbbffe28533530fecfddde5be404003b987b14d
+  data.tar.gz: f79932b94e2dad4111460f7db455cc78e05ae8f886b8bca26a4ad5d369d13a8917b4167a2091611519ae55699afff32e9de5fb775a472b379b5661a1c96d59f5

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Rails 4.1.5 (August 18, 2014) ##
+
+*   No changes.
+
+
 ## Rails 4.1.4 (July 2, 2014) ##
 
 *   Fix regression added from the latest security fix.

data/lib/active_record/gem_version.rb

@@ -7,7 +7,7 @@ module ActiveRecord
   module VERSION
     MAJOR = 4
     MINOR = 1
-    TINY  = 4
+    TINY  = 5
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/active_record/relation/query_methods.rb

@@ -1,9 +1,12 @@
 require 'active_support/core_ext/array/wrap'
+require 'active_model/forbidden_attributes_protection'
 
 module ActiveRecord
   module QueryMethods
     extend ActiveSupport::Concern
 
+    include ActiveModel::ForbiddenAttributesProtection
+
     # WhereChain objects act as placeholder for queries in which #where does not have any parameter.
     # In this case, #where must be chained with #not to return a new relation.
     class WhereChain
@@ -561,7 +564,10 @@ module ActiveRecord
       if opts == :chain
         WhereChain.new(self)
       else
-        references!(PredicateBuilder.references(opts)) if Hash === opts
+        if Hash === opts
+          opts = sanitize_forbidden_attributes(opts)
+          references!(PredicateBuilder.references(opts))
+        end
 
         self.where_values += build_where(opts, rest)
         self
@@ -711,7 +717,13 @@ module ActiveRecord
     end
 
     def create_with!(value) # :nodoc:
-      self.create_with_value = value ? create_with_value.merge(value) : {}
+      if value
+        value = sanitize_forbidden_attributes(value)
+        self.create_with_value = create_with_value.merge(value)
+      else
+        self.create_with_value = {}
+      end
+
       self
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord
 version: !ruby/object:Gem::Version
-  version: 4.1.4
+  version: 4.1.5
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-02 00:00:00.000000000 Z
+date: 2014-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.4
+        version: 4.1.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.4
+        version: 4.1.5
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.4
+        version: 4.1.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 4.1.4
+        version: 4.1.5
 - !ruby/object:Gem::Dependency
   name: arel
   requirement: !ruby/object:Gem::Requirement
@@ -252,3 +252,4 @@ signing_key:
 specification_version: 4
 summary: Object-relational mapper framework (part of Rails).
 test_files: []
+has_rdoc: