activerecord 4.1.4 → 4.1.5

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ffd445d131c912c59f2af2a6355ac882b3919279
4
- data.tar.gz: 2e621c4dc003568dbb531b4cdc99454b37f6d167
3
+ metadata.gz: 5c2fb22442debba985a6376c3c786841597a57c4
4
+ data.tar.gz: 538fd25c6b66cb8c30f8a730afb9737b4718d1ce
5
5
  SHA512:
6
- metadata.gz: 133c09aa3ee2adf40f253996c8167f2ffc0752430880fb4ef2de0bff98c5fbf76d1c755ce4791902309579ab271adfd0cf2a24c441d35192f0ec7ca1334d9c17
7
- data.tar.gz: 1da09d56fa8e4d83a0a054237599565e365c6ff48329ae7b37bd53fb114070ab63875b7297e87f8faba2fac6c94e9c7797e9bffb76cc03e5b4bdba2156fc781f
6
+ metadata.gz: 1279a4c8bf786d49638d67b565995258eedb09161090380fe10eacb620810cf84eeb477129c15b9ba673c4784dbbffe28533530fecfddde5be404003b987b14d
7
+ data.tar.gz: f79932b94e2dad4111460f7db455cc78e05ae8f886b8bca26a4ad5d369d13a8917b4167a2091611519ae55699afff32e9de5fb775a472b379b5661a1c96d59f5
@@ -1,3 +1,8 @@
1
+ ## Rails 4.1.5 (August 18, 2014) ##
2
+
3
+ * No changes.
4
+
5
+
1
6
  ## Rails 4.1.4 (July 2, 2014) ##
2
7
 
3
8
  * Fix regression added from the latest security fix.
@@ -7,7 +7,7 @@ module ActiveRecord
7
7
  module VERSION
8
8
  MAJOR = 4
9
9
  MINOR = 1
10
- TINY = 4
10
+ TINY = 5
11
11
  PRE = nil
12
12
 
13
13
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
@@ -1,9 +1,12 @@
1
1
  require 'active_support/core_ext/array/wrap'
2
+ require 'active_model/forbidden_attributes_protection'
2
3
 
3
4
  module ActiveRecord
4
5
  module QueryMethods
5
6
  extend ActiveSupport::Concern
6
7
 
8
+ include ActiveModel::ForbiddenAttributesProtection
9
+
7
10
  # WhereChain objects act as placeholder for queries in which #where does not have any parameter.
8
11
  # In this case, #where must be chained with #not to return a new relation.
9
12
  class WhereChain
@@ -561,7 +564,10 @@ module ActiveRecord
561
564
  if opts == :chain
562
565
  WhereChain.new(self)
563
566
  else
564
- references!(PredicateBuilder.references(opts)) if Hash === opts
567
+ if Hash === opts
568
+ opts = sanitize_forbidden_attributes(opts)
569
+ references!(PredicateBuilder.references(opts))
570
+ end
565
571
 
566
572
  self.where_values += build_where(opts, rest)
567
573
  self
@@ -711,7 +717,13 @@ module ActiveRecord
711
717
  end
712
718
 
713
719
  def create_with!(value) # :nodoc:
714
- self.create_with_value = value ? create_with_value.merge(value) : {}
720
+ if value
721
+ value = sanitize_forbidden_attributes(value)
722
+ self.create_with_value = create_with_value.merge(value)
723
+ else
724
+ self.create_with_value = {}
725
+ end
726
+
715
727
  self
716
728
  end
717
729
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.4
4
+ version: 4.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-07-02 00:00:00.000000000 Z
11
+ date: 2014-08-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 4.1.4
19
+ version: 4.1.5
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 4.1.4
26
+ version: 4.1.5
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 4.1.4
33
+ version: 4.1.5
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 4.1.4
40
+ version: 4.1.5
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -252,3 +252,4 @@ signing_key:
252
252
  specification_version: 4
253
253
  summary: Object-relational mapper framework (part of Rails).
254
254
  test_files: []
255
+ has_rdoc: