activerecord 3.0.13 → 3.0.14

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show
  1. data/CHANGELOG +8 -0
  2. data/lib/active_record/connection_adapters/mysql_adapter.rb +5 -3
  3. data/lib/active_record/relation/predicate_builder.rb +3 -3
  4. data/lib/active_record/version.rb +1 -1
  5. metadata +10 -10
data/CHANGELOG CHANGED
@@ -1,3 +1,11 @@
1
+ ## Rails 3.0.14 (Jun 12, 2012)
2
+
3
+ * protect against the nesting of hashes changing the
4
+ table context in the next call to build_from_hash. This fix
5
+ covers this case as well.
6
+
7
+ CVE-2012-2695
8
+
1
9
  * Rails 3.0.13 (May 31, 2012)
2
10
 
3
11
  * Bugfix circular reference while saving has_one relationship
data/lib/active_record/connection_adapters/mysql_adapter.rb CHANGED
@@ -403,9 +403,11 @@ module ActiveRecord
403
403
  end
404
404
 
405
405
  def tables(name = nil, database = nil) #:nodoc:
406
- tables = []
407
- result = execute(["SHOW TABLES", database].compact.join(' IN '), name)
408
- result.each { |field| tables << field[0] }
406
+ sql = "SHOW TABLES "
407
+ sql << "IN #{quote_table_name(database)} " if database
408
+
409
+ result = execute(sql, 'SCHEMA')
410
+ tables = result.collect { |field| field[0] }
409
411
  result.free
410
412
  tables
411
413
  end
data/lib/active_record/relation/predicate_builder.rb CHANGED
@@ -5,17 +5,17 @@ module ActiveRecord
5
5
  @engine = engine
6
6
  end
7
7
 
8
- def build_from_hash(attributes, default_table, check_column = true)
8
+ def build_from_hash(attributes, default_table, allow_table_name = true)
9
9
  predicates = attributes.map do |column, value|
10
10
  table = default_table
11
11
 
12
- if value.is_a?(Hash)
12
+ if allow_table_name && value.is_a?(Hash)
13
13
  table = Arel::Table.new(column, :engine => @engine)
14
14
  build_from_hash(value, table, false)
15
15
  else
16
16
  column = column.to_s
17
17
 
18
- if check_column && column.include?('.')
18
+ if allow_table_name && column.include?('.')
19
19
  table_name, column = column.split('.', 2)
20
20
  table = Arel::Table.new(table_name, :engine => @engine)
21
21
  end
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
- TINY = 13
5
+ TINY = 14
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 27
5
5
  prerelease:
6
6
  segments:
7
7
  - 3
8
8
  - 0
9
- - 13
10
- version: 3.0.13
9
+ - 14
10
+ version: 3.0.14
11
11
  platform: ruby
12
12
  authors:
13
13
  - David Heinemeier Hansson
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2012-05-31 00:00:00 Z
18
+ date: 2012-06-12 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: activesupport
@@ -25,12 +25,12 @@ dependencies:
25
25
  requirements:
26
26
  - - "="
27
27
  - !ruby/object:Gem::Version
28
- hash: 29
28
+ hash: 27
29
29
  segments:
30
30
  - 3
31
31
  - 0
32
- - 13
33
- version: 3.0.13
32
+ - 14
33
+ version: 3.0.14
34
34
  type: :runtime
35
35
  version_requirements: *id001
36
36
  - !ruby/object:Gem::Dependency
@@ -41,12 +41,12 @@ dependencies:
41
41
  requirements:
42
42
  - - "="
43
43
  - !ruby/object:Gem::Version
44
- hash: 29
44
+ hash: 27
45
45
  segments:
46
46
  - 3
47
47
  - 0
48
- - 13
49
- version: 3.0.13
48
+ - 14
49
+ version: 3.0.14
50
50
  type: :runtime
51
51
  version_requirements: *id002
52
52
  - !ruby/object:Gem::Dependency