activerecord 3.0.17 → 3.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/CHANGELOG +4 -0
  2. data/lib/active_record/base.rb +5 -1
  3. data/lib/active_record/version.rb +1 -1
  4. metadata +7 -7
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ ## Rails 3.0.18
2
+
3
+ * CVE-2012-5664 ensure that options are never taken from the first parameter
4
+
1
5
  ## Rails 3.0.17 (Aug 9, 2012)
2
6
 
3
7
  * Fix type_to_sql with text and limit on mysql/mysql2 (GH #7252)
data/lib/active_record/base.rb CHANGED
@@ -988,7 +988,11 @@ module ActiveRecord #:nodoc:
988
988
  attribute_names = match.attribute_names
989
989
  super unless all_attributes_exists?(attribute_names)
990
990
  if match.finder?
991
- options = arguments.extract_options!
991
+ options = if arguments.length > attribute_names.size
992
+ arguments.extract_options!
993
+ else
994
+ {}
995
+ end
992
996
  relation = options.any? ? construct_finder_arel(options, current_scoped_methods) : scoped
993
997
  relation.send :find_by_attributes, match, attribute_names, *arguments
994
998
  elsif match.instantiator?
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
- TINY = 17
5
+ TINY = 18
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.17
4
+ version: 3.0.18
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-09 00:00:00.000000000 Z
12
+ date: 2012-12-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
@@ -18,7 +18,7 @@ dependencies:
18
18
  requirements:
19
19
  - - '='
20
20
  - !ruby/object:Gem::Version
21
- version: 3.0.17
21
+ version: 3.0.18
22
22
  type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
@@ -26,7 +26,7 @@ dependencies:
26
26
  requirements:
27
27
  - - '='
28
28
  - !ruby/object:Gem::Version
29
- version: 3.0.17
29
+ version: 3.0.18
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: activemodel
32
32
  requirement: !ruby/object:Gem::Requirement
@@ -34,7 +34,7 @@ dependencies:
34
34
  requirements:
35
35
  - - '='
36
36
  - !ruby/object:Gem::Version
37
- version: 3.0.17
37
+ version: 3.0.18
38
38
  type: :runtime
39
39
  prerelease: false
40
40
  version_requirements: !ruby/object:Gem::Requirement
@@ -42,7 +42,7 @@ dependencies:
42
42
  requirements:
43
43
  - - '='
44
44
  - !ruby/object:Gem::Version
45
- version: 3.0.17
45
+ version: 3.0.18
46
46
  - !ruby/object:Gem::Dependency
47
47
  name: arel
48
48
  requirement: !ruby/object:Gem::Requirement
@@ -200,7 +200,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
200
200
  version: '0'
201
201
  segments:
202
202
  - 0
203
- hash: 3801872645414951314
203
+ hash: 3056249423653791357
204
204
  requirements: []
205
205
  rubyforge_project: activerecord
206
206
  rubygems_version: 1.8.24