activerecord 2.3.16 → 2.3.17

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c6ed2159d7a28549435297c8380fbd449afc8c4d
4
- data.tar.gz: 284c1c67270c50ca8dd56dc82e8392fb8ed15941
3
+ metadata.gz: 218f0ee925039809c1caa780d1acb30a84f62a47
4
+ data.tar.gz: cc8227ac899f9ff2ec85077f8873a71ce1c67908
5
5
  SHA512:
6
- metadata.gz: 26a10e8dbd905d3c16a15fe1fe6ad5bf48f6b3585dae1c9c36a63ad9214cc30da81cc369c9560cfa9a35fc13c99355a35cd5948402bada6db4a80c8c24181729
7
- data.tar.gz: 5cfb132dd8f8dd4001b930a6afed1424cf15b7125458724d98d1d4c5b412a385192fa2eedb9dc9e0ee385d6b811cc3f0d28efba8825699aef51a3041a0b35b6d
6
+ metadata.gz: ba910bc95b425f25927ac801fbed29df77b783f7f94967db6c1eddc49a69a14c74b27ab960efbbbcb31cdb639de8b3f3f30978532ab03aefeb10ad0a6f7016bf
7
+ data.tar.gz: 2a48ad562911d4e4cb37aed8b3a14dcaaae8790f8ea90d759e82a237645ddc687c1f686e620cc0f7d3207c94d2bc5f27228b946e55acee0f9e8070afbfdf845b
data/Rakefile CHANGED
@@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s|
192
192
  s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) }
193
193
  end
194
194
 
195
- s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD)
195
+ s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD)
196
196
 
197
197
  s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite"
198
198
  s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite"
@@ -80,7 +80,9 @@ module ActiveRecord
80
80
  end
81
81
 
82
82
  unless instance_method_already_implemented?("#{name}=")
83
- if create_time_zone_conversion_attribute?(name, column)
83
+ if self.serialized_attributes[name]
84
+ define_write_method_for_serialized_attribute(name)
85
+ elsif create_time_zone_conversion_attribute?(name, column)
84
86
  define_write_method_for_time_zone_conversion(name)
85
87
  else
86
88
  define_write_method(name.to_sym)
@@ -130,7 +132,7 @@ module ActiveRecord
130
132
  # Suffixes a, ?, c become regexp /(a|\?|c)$/
131
133
  def rebuild_attribute_method_regexp
132
134
  suffixes = attribute_method_suffixes.map { |s| Regexp.escape(s) }
133
- @@attribute_method_regexp = /(#{suffixes.join('|')})$/.freeze
135
+ @@attribute_method_regexp = /(#{suffixes.join('|')})\z/.freeze
134
136
  end
135
137
 
136
138
  # Default to =, ?, _before_type_cast
@@ -184,6 +186,19 @@ module ActiveRecord
184
186
  def define_write_method(attr_name)
185
187
  evaluate_attribute_method attr_name, "def #{attr_name}=(new_value);write_attribute('#{attr_name}', new_value);end", "#{attr_name}="
186
188
  end
189
+
190
+ # Defined for all serialized attributes. Disallows assigning already serialized YAML.
191
+ def define_write_method_for_serialized_attribute(attr_name)
192
+ method_body = <<-EOV
193
+ def #{attr_name}=(value)
194
+ if value.is_a?(String) and value =~ /^---/
195
+ raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
196
+ end
197
+ write_attribute(:#{attr_name}, value)
198
+ end
199
+ EOV
200
+ evaluate_attribute_method attr_name, method_body, "#{attr_name}="
201
+ end
187
202
 
188
203
  # Defined for all +datetime+ and +timestamp+ attributes when +time_zone_aware_attributes+ are enabled.
189
204
  # This enhanced write method will automatically convert the time passed to it to the zone stored in Time.zone.
@@ -2998,11 +2998,11 @@ module ActiveRecord #:nodoc:
2998
2998
  def remove_attributes_protected_from_mass_assignment(attributes)
2999
2999
  safe_attributes =
3000
3000
  if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
3001
- attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
3001
+ attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
3002
3002
  elsif self.class.protected_attributes.nil?
3003
- attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
3003
+ attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
3004
3004
  elsif self.class.accessible_attributes.nil?
3005
- attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
3005
+ attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
3006
3006
  else
3007
3007
  raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both."
3008
3008
  end
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 2
4
4
  MINOR = 3
5
- TINY = 16
5
+ TINY = 17
6
6
 
7
7
  STRING = [MAJOR, MINOR, TINY].join('.')
8
8
  end
@@ -1499,6 +1499,12 @@ class BasicsTest < ActiveRecord::TestCase
1499
1499
  assert_nil topic.content
1500
1500
  end
1501
1501
 
1502
+ def test_should_raise_exception_on_assigning_already_serialized_content
1503
+ topic = Topic.new
1504
+ serialized_content = %w[foo bar].to_yaml
1505
+ assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content }
1506
+ end
1507
+
1502
1508
  def test_should_raise_exception_on_serialized_attribute_with_type_mismatch
1503
1509
  myobj = MyObject.new('value1', 'value2')
1504
1510
  topic = Topic.new(:content => myobj)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.16
4
+ version: 2.3.17
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-01-28 00:00:00.000000000 Z
11
+ date: 2013-02-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 2.3.16
19
+ version: 2.3.17
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 2.3.16
26
+ version: 2.3.17
27
27
  description: Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties
28
28
  database tables and classes together for business objects, like Customer or Subscription,
29
29
  that can find, save, and destroy themselves without resorting to manual SQL.
@@ -408,7 +408,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
408
408
  version: '0'
409
409
  requirements: []
410
410
  rubyforge_project: activerecord
411
- rubygems_version: 2.0.0.preview3.1
411
+ rubygems_version: 2.0.0.rc.2
412
412
  signing_key:
413
413
  specification_version: 4
414
414
  summary: Implements the ActiveRecord pattern for ORM.