activerecord 2.3.9 → 2.3.10

data/CHANGELOG

@@ -1,3 +1,7 @@
+*2.3.10 (October 15, 2010)*
+
+* Security Release to fix CVE-2010-3933
+
 *2.3.9 (September 4, 2010)*
 *2.3.8 (May 24, 2010)*
 *2.3.7 (May 24, 2010)*

data/Rakefile

@@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
     s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
   end
 
-  s.add_dependency('activesupport', '= 2.3.9' + PKG_BUILD)
+  s.add_dependency('activesupport', '= 2.3.10' + PKG_BUILD)
 
   s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
   s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"

data/examples/performance.rb

@@ -27,7 +27,7 @@ conn[:socket] = Pathname.glob(%w[
   /tmp/mysql.sock
   /var/mysql/mysql.sock
   /var/run/mysqld/mysqld.sock
-]).find { |path| path.socket? }
+]).find { |path| path.socket? }.to_s
 
 ActiveRecord::Base.establish_connection(conn)
 
@@ -60,7 +60,7 @@ end
 sqlfile = "#{__DIR__}/performance.sql"
 
 if File.exists?(sqlfile)
-  mysql_bin = %w[mysql mysql5].select { |bin| `which #{bin}`.length > 0 }
+  mysql_bin = %w[mysql mysql5].detect { |bin| `which #{bin}`.length > 0 }
   `#{mysql_bin} -u #{conn[:username]} #{"-p#{conn[:password]}" unless conn[:password].blank?} #{conn[:database]} < #{sqlfile}`
 else
   puts 'Generating data...'
@@ -90,7 +90,7 @@ else
     )
   end
 
-  mysqldump_bin = %w[mysqldump mysqldump5].select { |bin| `which #{bin}`.length > 0 }
+  mysqldump_bin = %w[mysqldump mysqldump5].detect { |bin| `which #{bin}`.length > 0 }
   `#{mysqldump_bin} -u #{conn[:username]} #{"-p#{conn[:password]}" unless conn[:password].blank?} #{conn[:database]} exhibits users > #{sqlfile}`
 end
 
@@ -157,6 +157,40 @@ RBench.run(TIMES) do
     ar { Exhibit.transaction { Exhibit.new } }
   end
 
+  report 'Model.find(id)' do
+    id = Exhibit.first.id
+    ar { Exhibit.find(id) }
+  end
+
+  report 'Model.find_by_sql' do
+    ar { Exhibit.find_by_sql("SELECT * FROM exhibits WHERE id = #{(rand * 1000 + 1).to_i}").first }
+  end
+
+  report 'Model.log', (TIMES * 10) do
+    ar { Exhibit.connection.send(:log, "hello", "world") {} }
+  end
+
+  report 'AR.execute(query)', (TIMES / 2) do
+    ar { ActiveRecord::Base.connection.execute("Select * from exhibits where id = #{(rand * 1000 + 1).to_i}") }
+  end
+
+  report 'Model.find(id)' do
+    id = Exhibit.first.id
+    ar { Exhibit.find(id) }
+  end
+
+  report 'Model.find_by_sql' do
+    ar { Exhibit.find_by_sql("SELECT * FROM exhibits WHERE id = #{(rand * 1000 + 1).to_i}").first }
+  end
+
+  report 'Model.log', (TIMES * 10) do
+    ar { Exhibit.connection.send(:log, "hello", "world") {} }
+  end
+
+  report 'AR.execute(query)', (TIMES / 2) do
+    ar { ActiveRecord::Base.connection.execute("Select * from exhibits where id = #{(rand * 1000 + 1).to_i}") }
+  end
+
   summary 'Total'
 end
 

data/lib/active_record/association_preload.rb

@@ -283,7 +283,7 @@ module ActiveRecord
           through_records.flatten!
         else
           options = {}
-          options[:include] = reflection.options[:include] || reflection.options[:source] if reflection.options[:conditions]
+          options[:include] = reflection.options[:include] || reflection.options[:source] if reflection.options[:conditions] || reflection.options[:order]
           options[:order] = reflection.options[:order]
           options[:conditions] = reflection.options[:conditions]
           records.first.class.preload_associations(records, through_association, options)

data/lib/active_record/associations/association_collection.rb

@@ -332,6 +332,7 @@ module ActiveRecord
 
       def include?(record)
         return false unless record.is_a?(@reflection.klass)
+        return include_in_memory?(record) if record.new_record?
         load_target if @reflection.options[:finder_sql] && !loaded?
         return @target.include?(record) if loaded?
         exists?(record)
@@ -491,8 +492,8 @@ module ActiveRecord
         def callbacks_for(callback_name)
           full_callback_name = "#{callback_name}_for_#{@reflection.name}"
           @owner.class.read_inheritable_attribute(full_callback_name.to_sym) || []
-        end   
-        
+        end
+
         def ensure_owner_is_not_new
           if @owner.new_record?
             raise ActiveRecord::RecordNotSaved, "You cannot call create unless the parent is saved"
@@ -503,6 +504,18 @@ module ActiveRecord
           args.first.kind_of?(Hash) || !(loaded? || @owner.new_record? || @reflection.options[:finder_sql] ||
                                          @target.any? { |record| record.new_record? } || args.first.kind_of?(Integer))
         end
+
+        def include_in_memory?(record)
+          if @reflection.is_a?(ActiveRecord::Reflection::ThroughReflection)
+            @owner.send(proxy_reflection.through_reflection.name.to_sym).each do |source|
+              source_reflection_target = source.send(proxy_reflection.source_reflection.name)
+              return true if source_reflection_target.respond_to?(:include?) ? source_reflection_target.include?(record) : source_reflection_target == record
+            end
+            false
+          else
+            @target.include?(record)
+          end
+        end
     end
   end
 end

data/lib/active_record/connection_adapters/abstract/schema_statements.rb

@@ -274,7 +274,7 @@ module ActiveRecord
 
         if Hash === options # legacy support, since this param was a string
           index_type = options[:unique] ? "UNIQUE" : ""
-          index_name = options[:name] || index_name
+          index_name = options[:name].to_s if options[:name]
         else
           index_type = options
         end
@@ -347,6 +347,7 @@ module ActiveRecord
       # as there's no way to determine the correct answer in that case.
       def index_exists?(table_name, index_name, default)
         return default unless respond_to?(:indexes)
+        index_name = index_name.to_s
         indexes(table_name).detect { |i| i.name == index_name }
       end
 

data/lib/active_record/named_scope.rb

@@ -120,7 +120,7 @@ module ActiveRecord
         options ||= {}
         [options[:extend]].flatten.each { |extension| extend extension } if options[:extend]
         extend Module.new(&block) if block_given?
-        unless Scope === proxy_scope
+        unless (Scope === proxy_scope || ActiveRecord::Associations::AssociationCollection === proxy_scope)
           @current_scoped_methods_when_defined = proxy_scope.send(:current_scoped_methods)
         end
         @proxy_scope, @proxy_options = proxy_scope, options.except(:extend)

data/lib/active_record/nested_attributes.rb

@@ -286,9 +286,7 @@ module ActiveRecord
         assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy])
 
       elsif attributes['id']
-        existing_record = self.class.reflect_on_association(association_name).klass.find(attributes['id'])
-        assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy])
-        self.send(association_name.to_s+'=', existing_record)
+        raise_nested_attributes_record_not_found(association_name, attributes['id'])
 
       elsif !reject_new_record?(association_name, attributes)
         method = "build_#{association_name}"
@@ -358,16 +356,11 @@ module ActiveRecord
           unless reject_new_record?(association_name, attributes)
             association.build(attributes.except(*UNASSIGNABLE_KEYS))
           end
-
-        elsif existing_records.size == 0 # Existing record but not yet associated
-          existing_record = self.class.reflect_on_association(association_name).klass.find(attributes['id'])
-          association.send(:add_record_to_target_with_callbacks, existing_record) unless association.loaded?
-          assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy])
-
         elsif existing_record = existing_records.detect { |record| record.id.to_s == attributes['id'].to_s }
           association.send(:add_record_to_target_with_callbacks, existing_record) unless association.loaded?
           assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy])
-
+        else
+          raise_nested_attributes_record_not_found(association_name, attributes['id'])
         end
       end
     end
@@ -387,7 +380,7 @@ module ActiveRecord
       ConnectionAdapters::Column.value_to_boolean(hash['_destroy'])
     end
 
-    # Determines if a new record should be built by checking for
+    # Determines if a new record should be build by checking for
     # has_destroy_flag? or if a <tt>:reject_if</tt> proc exists for this
     # association and evaluates to +true+.
     def reject_new_record?(association_name, attributes)
@@ -403,5 +396,9 @@ module ActiveRecord
       end
     end
 
+    def raise_nested_attributes_record_not_found(association_name, record_id)
+      reflection = self.class.reflect_on_association(association_name)
+      raise RecordNotFound, "Couldn't find #{reflection.klass.name} with ID=#{record_id} for #{self.class.name} with ID=#{id}"
+    end
   end
 end

data/lib/active_record/version.rb

@@ -2,7 +2,7 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 2
     MINOR = 3
-    TINY  = 9
+    TINY  = 10
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/test/cases/associations/eager_test.rb

@@ -363,7 +363,12 @@ class EagerAssociationTest < ActiveRecord::TestCase
     assert_equal post_tags, eager_post_tags
   end
 
-
+  def test_eager_with_has_many_through_association_with_order
+    author_comments = Author.find(authors(:david).id).comments_desc
+    eager_author_comments = Author.find(authors(:david).id, :include => :comments_desc).comments_desc
+    assert_equal eager_author_comments, author_comments
+  end
+  
   def test_eager_with_has_many_through_join_model_with_include
     author_comments = Author.find(authors(:david).id, :include => :comments_with_include).comments_with_include.to_a
     assert_no_queries do

data/test/cases/associations/has_and_belongs_to_many_associations_test.rb

@@ -819,4 +819,9 @@ class HasAndBelongsToManyAssociationsTest < ActiveRecord::TestCase
     assert_queries(0) { david.projects.columns; david.projects.columns }
   end
 
+  def test_include_method_in_has_and_belongs_to_many_association_should_return_true_for_instance_added_with_build
+    project = Project.new
+    developer = project.developers.build
+    assert project.developers.include?(developer)
+  end
 end

data/test/cases/associations/has_many_associations_test.rb

@@ -1221,5 +1221,10 @@ class HasManyAssociationsTest < ActiveRecord::TestCase
       end
     EOF
   end
-end
 
+  def test_include_method_in_has_many_association_should_return_true_for_instance_added_with_build
+    post = Post.new
+    comment = post.comments.build
+    assert post.comments.include?(comment)
+  end
+end

data/test/cases/associations/has_many_through_associations_test.rb

@@ -343,4 +343,18 @@ class HasManyThroughAssociationsTest < ActiveRecord::TestCase
       lambda { authors(:david).very_special_comments.delete(authors(:david).very_special_comments.first) },
     ].each {|block| assert_raise(ActiveRecord::HasManyThroughCantAssociateThroughHasOneOrManyReflection, &block) }
   end
+
+  def test_include_method_in_association_through_should_return_true_for_instance_added_with_build
+    person = Person.new
+    reference = person.references.build
+    job = reference.build_job
+    assert person.jobs.include?(job)
+  end
+
+  def test_include_method_in_association_through_should_return_true_for_instance_added_with_nested_builds
+    author = Author.new
+    post = author.posts.build
+    comment = post.comments.build
+    assert author.comments.include?(comment)
+  end
 end

data/test/cases/migration_test.rb

@@ -119,6 +119,13 @@ if ActiveRecord::Base.connection.supports_migrations?
       end
     end
 
+    def test_index_symbol_names
+      assert_nothing_raised { Person.connection.add_index :people, :primary_contact_id, :name => :symbol_index_name }
+      assert Person.connection.index_exists?(:people, :symbol_index_name, true)
+      assert_nothing_raised { Person.connection.remove_index :people, :name => :symbol_index_name }
+      assert_equal true, !Person.connection.index_exists?(:people, :symbol_index_name, false)
+    end
+
     def test_add_index_length_limit
       good_index_name = 'x' * Person.connection.index_name_length
       too_long_index_name = good_index_name + 'x'

data/test/cases/named_scope_test.rb

@@ -146,6 +146,12 @@ class NamedScopeTest < ActiveRecord::TestCase
     assert_equal authors(:david).posts & Post.containing_the_letter_a, authors(:david).posts.containing_the_letter_a
   end
 
+  def test_nested_named_scopes_doesnt_duplicate_conditions_on_child_scopes
+    comments_scope = posts(:welcome).comments.send(:construct_sql)
+    named_scope_sql_conditions = posts(:welcome).comments.containing_the_letter_e.send(:current_scoped_methods)[:find][:conditions]
+    assert_no_match /#{comments_scope}.*#{comments_scope}/i, named_scope_sql_conditions
+  end
+
   def test_has_many_through_associations_have_access_to_named_scopes
     assert_not_equal Comment.containing_the_letter_e, authors(:david).comments
     assert !Comment.containing_the_letter_e.empty?

data/test/cases/nested_attributes_test.rb

@@ -175,6 +175,12 @@ class TestNestedAttributesOnAHasOneAssociation < ActiveRecord::TestCase
     assert_equal 'Davy Jones Gold Dagger', @pirate.ship.name
   end
 
+  def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record
+    assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find Ship with ID=1234567890 for Pirate with ID=#{@pirate.id}" do
+      @pirate.ship_attributes = { :id => 1234567890 }
+    end
+  end
+
   def test_should_take_a_hash_with_string_keys_and_update_the_associated_model
     @pirate.reload.ship_attributes = { 'id' => @ship.id, 'name' => 'Davy Jones Gold Dagger' }
 
@@ -324,13 +330,10 @@ class TestNestedAttributesOnABelongsToAssociation < ActiveRecord::TestCase
     assert_equal 'Arr', @ship.pirate.catchphrase
   end
 
-  def test_should_associate_with_record_if_parent_record_is_not_saved
-    @ship.destroy
-    @pirate = Pirate.create(:catchphrase => 'Arr')
-    @ship = Ship.new(:name => 'Nights Dirty Lightning', :pirate_attributes => { :id => @pirate.id, :catchphrase => @pirate.catchphrase})
-
-    assert_equal @ship.name, 'Nights Dirty Lightning'
-    assert_equal @pirate, @ship.pirate
+  def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record
+    assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find Pirate with ID=1234567890 for Ship with ID=#{@ship.id}" do
+      @ship.pirate_attributes = { :id => 1234567890 }
+    end
   end
 
   def test_should_take_a_hash_with_string_keys_and_update_the_associated_model
@@ -434,11 +437,6 @@ module NestedAttributesOnACollectionAssociationTests
     assert_equal ['Grace OMalley', 'Privateers Greed'], [@child_1.reload.name, @child_2.reload.name]
   end
 
-  def test_should_assign_existing_children_if_parent_is_new
-    @pirate = Pirate.new({:catchphrase => "Don' botharr talkin' like one, savvy?"}.merge(@alternate_params))
-    assert_equal ['Grace OMalley', 'Privateers Greed'], [@pirate.send(@association_name)[0].name, @pirate.send(@association_name)[1].name]
-  end
-
   def test_should_take_an_array_and_assign_the_attributes_to_the_associated_models
     @pirate.send(association_setter, @alternate_params[association_getter].values)
     @pirate.save
@@ -508,8 +506,8 @@ module NestedAttributesOnACollectionAssociationTests
     assert_equal ['Grace OMalley', 'Privateers Greed'], [@child_1.name, @child_2.name]
   end
 
-  def test_should_not_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record
-    assert_nothing_raised ActiveRecord::RecordNotFound do
+  def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record
+    assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find #{@child_1.class.name} with ID=1234567890 for Pirate with ID=#{@pirate.id}" do
       @pirate.attributes = { association_getter => [{ :id => 1234567890 }] }
     end
   end

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: activerecord
 version: !ruby/object:Gem::Version 
+  hash: 23
   prerelease: false
   segments: 
   - 2
   - 3
-  - 9
-  version: 2.3.9
+  - 10
+  version: 2.3.10
 platform: ruby
 authors: 
 - David Heinemeier Hansson
@@ -14,21 +15,23 @@ autorequire: active_record
 bindir: bin
 cert_chain: []
 
-date: 2010-09-04 00:00:00 -07:00
+date: 2010-10-15 00:00:00 +13:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: activesupport
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
+        hash: 23
         segments: 
         - 2
         - 3
-        - 9
-        version: 2.3.9
+        - 10
+        version: 2.3.10
   type: :runtime
   version_requirements: *id001
 description: Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.
@@ -236,7 +239,9 @@ files:
 - test/fixtures/edges.yml
 - test/fixtures/entrants.yml
 - test/fixtures/faces.yml
+- test/fixtures/fixture_database.sqlite
 - test/fixtures/fixture_database.sqlite3
+- test/fixtures/fixture_database_2.sqlite
 - test/fixtures/fixture_database_2.sqlite3
 - test/fixtures/fk_test_has_fk.yml
 - test/fixtures/fk_test_has_pk.yml
@@ -407,23 +412,27 @@ rdoc_options:
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: []
 
 rubyforge_project: activerecord
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Implements the ActiveRecord pattern for ORM.