activerecord 3.2.10 → 3.2.11

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/active_record/relation/predicate_builder.rb +6 -1
  4. data/lib/active_record/version.rb +1 -1
  5. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
- metadata.gz: 6f496f2b4c79bb7122075511437560b2aeb43658
4
- data.tar.gz: c435aa2ec2e7c6d5c03f0e56c98ffbf080a2c413
3
+ metadata.gz: 15dff0d8e4b58a0f40ac3a7d2ca4fe47f4cffcc5
4
+ data.tar.gz: 4d7f2c2ce872a0a9c257842866d987eb137a2289
5
5
  !binary "U0hBNTEy":
6
- metadata.gz: f38cf551ebe442b62900c7063654c1f8e8637c591a37a0dac5fa98b1aeb6218a65fdef5da60032e1d6533e4041c33597d6dc441492969d435a004d8ea4cb79b9
7
- data.tar.gz: 433c11cfc586f69e691a908c5887f9353a87b6f9db1bb7dab31b3dfd2d1b1410fca2ed320f65a9cabbbd606d567fac8c59229e9d9470542e742a083364ba4589
6
+ metadata.gz: f22193ea0cc6f227067da8e9dea39ed7bcbe07a02a83c44ef5b7b2bb2dd344081fc9f3f4daa0b062aabf39c4190795b94bafde1aa72c4d43e54ce74a467d5377
7
+ data.tar.gz: f41409bf293b77322e45d4e554c670cc69d40233a484caad31b4523cf6f3029528a76302d9ae7ad8233059615fab42618b1d02a24667f76270602ffd175d27c7
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ ## Rails 3.2.11 ##
2
+
3
+ * Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
4
+
1
5
  ## Rails 3.2.10 ##
2
6
 
3
7
  * CVE-2012-5664 options hashes should only be extracted if there are extra
data/lib/active_record/relation/predicate_builder.rb CHANGED
@@ -6,7 +6,12 @@ module ActiveRecord
6
6
 
7
7
  if allow_table_name && value.is_a?(Hash)
8
8
  table = Arel::Table.new(column, engine)
9
- build_from_hash(engine, value, table, false)
9
+
10
+ if value.empty?
11
+ '1 = 2'
12
+ else
13
+ build_from_hash(engine, value, table, false)
14
+ end
10
15
  else
11
16
  column = column.to_s
12
17
 
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 2
5
- TINY = 10
5
+ TINY = 11
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.10
4
+ version: 3.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2012-12-23 00:00:00.000000000 Z
11
+ date: 2013-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.2.10
19
+ version: 3.2.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.2.10
26
+ version: 3.2.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.2.10
33
+ version: 3.2.11
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.2.10
40
+ version: 3.2.11
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
245
245
  version: '0'
246
246
  requirements: []
247
247
  rubyforge_project:
248
- rubygems_version: 2.0.0.preview2.1
248
+ rubygems_version: 2.0.0.preview3
249
249
  signing_key:
250
250
  specification_version: 4
251
251
  summary: Object-relational mapper framework (part of Rails).