activerecord 3.1.9 → 3.1.10

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
- metadata.gz: 233c04a0ded5af8f1e5bea83d295633bc158a319
4
- data.tar.gz: e518a212ec43003b91b183281899569c147fb15b
3
+ metadata.gz: d3c49c6038597072b4626faa2b33eeb35d999414
4
+ data.tar.gz: 3b2195c8e344d8b2473108036745233fb93686e8
5
5
  !binary "U0hBNTEy":
6
- metadata.gz: b3dd749e07fd3281f7e2e07be948385ebd72255664e315e4d975e6da5c09e4eaa198751dcfbd4dac219893831a92fbcad94a6b00fde06e07c02c63132a1d7207
7
- data.tar.gz: 4e59fa53402e27678e593e943f3b3fd91362c31ad2c6da8710c9f408375a4f6dd39a7b28b92f4ae8d425bd8213bb9d221d9302bf9956c0bc277de7ccfbc93ef8
6
+ metadata.gz: ad97f6c934b765a7f8f128c4a2c38fc2f965152feac00beaed09381cca330a21158cffdd490fe786e61fbdc0f0e627237bbc39500ebb419d7a275709e5468796
7
+ data.tar.gz: 9b29dc983b2331729c1eff4da246a54681835e8bc6744fa502049b57d672f1e2aca88256412ccb3c96c9b76508be4e7fe974e2d3f868994455a924c8547df88f
@@ -1,3 +1,7 @@
1
+ ## Rails 3.1.10
2
+
3
+ * Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
4
+
1
5
  ## Rails 3.1.9
2
6
 
3
7
  * CVE-2012-5664 ensure that options are never taken from the first parameter
@@ -6,7 +6,12 @@ module ActiveRecord
6
6
 
7
7
  if allow_table_name && value.is_a?(Hash)
8
8
  table = Arel::Table.new(column, engine)
9
- build_from_hash(engine, value, table, false)
9
+
10
+ if value.empty?
11
+ '1 = 2'
12
+ else
13
+ build_from_hash(engine, value, table, false)
14
+ end
10
15
  else
11
16
  column = column.to_s
12
17
 
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 1
5
- TINY = 9
5
+ TINY = 10
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.9
4
+ version: 3.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2012-12-23 00:00:00.000000000 Z
11
+ date: 2013-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.1.9
19
+ version: 3.1.10
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.1.9
26
+ version: 3.1.10
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.1.9
33
+ version: 3.1.10
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.1.9
40
+ version: 3.1.10
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
225
225
  version: '0'
226
226
  requirements: []
227
227
  rubyforge_project:
228
- rubygems_version: 2.0.0.preview2.1
228
+ rubygems_version: 2.0.0.preview3
229
229
  signing_key:
230
230
  specification_version: 4
231
231
  summary: Object-relational mapper framework (part of Rails).