activerecord 3.1.5 → 3.1.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activerecord might be problematic. Click here for more details.
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## Rails 3.1.6 (Jun 12, 2012)
|
|
2
|
+
|
|
3
|
+
* protect against the nesting of hashes changing the
|
|
4
|
+
table context in the next call to build_from_hash. This fix
|
|
5
|
+
covers this case as well.
|
|
6
|
+
|
|
7
|
+
CVE-2012-2695
|
|
8
|
+
|
|
1
9
|
## Rails 3.1.5 (May 31, 2012) ##
|
|
2
10
|
|
|
3
11
|
* Fix type_to_sql with text and limit on mysql/mysql2. Fix GH #3931.
|
|
@@ -423,7 +423,9 @@ module ActiveRecord
|
|
|
423
423
|
end
|
|
424
424
|
|
|
425
425
|
def tables(name = nil, database = nil) #:nodoc:
|
|
426
|
-
sql =
|
|
426
|
+
sql = "SHOW TABLES "
|
|
427
|
+
sql << "IN #{quote_table_name(database)} " if database
|
|
428
|
+
|
|
427
429
|
execute(sql, 'SCHEMA').collect do |field|
|
|
428
430
|
field.first
|
|
429
431
|
end
|
|
@@ -630,7 +630,10 @@ module ActiveRecord
|
|
|
630
630
|
end
|
|
631
631
|
|
|
632
632
|
def tables(name = nil, database = nil) #:nodoc:
|
|
633
|
-
|
|
633
|
+
sql = "SHOW TABLES "
|
|
634
|
+
sql << "IN #{quote_table_name(database)} " if database
|
|
635
|
+
|
|
636
|
+
result = execute(sql, 'SCHEMA')
|
|
634
637
|
tables = result.collect { |field| field[0] }
|
|
635
638
|
result.free
|
|
636
639
|
tables
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
module ActiveRecord
|
|
2
2
|
class PredicateBuilder # :nodoc:
|
|
3
|
-
def self.build_from_hash(engine, attributes, default_table,
|
|
3
|
+
def self.build_from_hash(engine, attributes, default_table, allow_table_name = true)
|
|
4
4
|
predicates = attributes.map do |column, value|
|
|
5
5
|
table = default_table
|
|
6
6
|
|
|
7
|
-
if value.is_a?(Hash)
|
|
7
|
+
if allow_table_name && value.is_a?(Hash)
|
|
8
8
|
table = Arel::Table.new(column, engine)
|
|
9
9
|
build_from_hash(engine, value, table, false)
|
|
10
10
|
else
|
|
11
11
|
column = column.to_s
|
|
12
12
|
|
|
13
|
-
if
|
|
13
|
+
if allow_table_name && column.include?('.')
|
|
14
14
|
table_name, column = column.split('.', 2)
|
|
15
15
|
table = Arel::Table.new(table_name, engine)
|
|
16
16
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 15
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 3
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 3.1.
|
|
9
|
+
- 6
|
|
10
|
+
version: 3.1.6
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- David Heinemeier Hansson
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2012-
|
|
18
|
+
date: 2012-06-12 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: activesupport
|
|
@@ -25,12 +25,12 @@ dependencies:
|
|
|
25
25
|
requirements:
|
|
26
26
|
- - "="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
|
-
hash:
|
|
28
|
+
hash: 15
|
|
29
29
|
segments:
|
|
30
30
|
- 3
|
|
31
31
|
- 1
|
|
32
|
-
-
|
|
33
|
-
version: 3.1.
|
|
32
|
+
- 6
|
|
33
|
+
version: 3.1.6
|
|
34
34
|
type: :runtime
|
|
35
35
|
version_requirements: *id001
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
@@ -41,12 +41,12 @@ dependencies:
|
|
|
41
41
|
requirements:
|
|
42
42
|
- - "="
|
|
43
43
|
- !ruby/object:Gem::Version
|
|
44
|
-
hash:
|
|
44
|
+
hash: 15
|
|
45
45
|
segments:
|
|
46
46
|
- 3
|
|
47
47
|
- 1
|
|
48
|
-
-
|
|
49
|
-
version: 3.1.
|
|
48
|
+
- 6
|
|
49
|
+
version: 3.1.6
|
|
50
50
|
type: :runtime
|
|
51
51
|
version_requirements: *id002
|
|
52
52
|
- !ruby/object:Gem::Dependency
|