activerecord 3.1.9 → 3.1.10

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/active_record/relation/predicate_builder.rb +6 -1
  4. data/lib/active_record/version.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
- metadata.gz: 233c04a0ded5af8f1e5bea83d295633bc158a319
4
- data.tar.gz: e518a212ec43003b91b183281899569c147fb15b
3
+ metadata.gz: d3c49c6038597072b4626faa2b33eeb35d999414
4
+ data.tar.gz: 3b2195c8e344d8b2473108036745233fb93686e8
5
5
  !binary "U0hBNTEy":
6
- metadata.gz: b3dd749e07fd3281f7e2e07be948385ebd72255664e315e4d975e6da5c09e4eaa198751dcfbd4dac219893831a92fbcad94a6b00fde06e07c02c63132a1d7207
7
- data.tar.gz: 4e59fa53402e27678e593e943f3b3fd91362c31ad2c6da8710c9f408375a4f6dd39a7b28b92f4ae8d425bd8213bb9d221d9302bf9956c0bc277de7ccfbc93ef8
6
+ metadata.gz: ad97f6c934b765a7f8f128c4a2c38fc2f965152feac00beaed09381cca330a21158cffdd490fe786e61fbdc0f0e627237bbc39500ebb419d7a275709e5468796
7
+ data.tar.gz: 9b29dc983b2331729c1eff4da246a54681835e8bc6744fa502049b57d672f1e2aca88256412ccb3c96c9b76508be4e7fe974e2d3f868994455a924c8547df88f
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## Rails 3.1.10
2
+
3
+ * Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
4
+
1
5
  ## Rails 3.1.9
2
6
 
3
7
  * CVE-2012-5664 ensure that options are never taken from the first parameter
data/lib/active_record/relation/predicate_builder.rb CHANGED
@@ -6,7 +6,12 @@ module ActiveRecord
6
6
 
7
7
  if allow_table_name && value.is_a?(Hash)
8
8
  table = Arel::Table.new(column, engine)
9
- build_from_hash(engine, value, table, false)
9
+
10
+ if value.empty?
11
+ '1 = 2'
12
+ else
13
+ build_from_hash(engine, value, table, false)
14
+ end
10
15
  else
11
16
  column = column.to_s
12
17
 
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 1
5
- TINY = 9
5
+ TINY = 10
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.9
4
+ version: 3.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2012-12-23 00:00:00.000000000 Z
11
+ date: 2013-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.1.9
19
+ version: 3.1.10
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.1.9
26
+ version: 3.1.10
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.1.9
33
+ version: 3.1.10
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.1.9
40
+ version: 3.1.10
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
225
225
  version: '0'
226
226
  requirements: []
227
227
  rubyforge_project:
228
- rubygems_version: 2.0.0.preview2.1
228
+ rubygems_version: 2.0.0.preview3
229
229
  signing_key:
230
230
  specification_version: 4
231
231
  summary: Object-relational mapper framework (part of Rails).