activesupport 3.2.10 → 3.2.11
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/active_support/core_ext/hash/conversions.rb +25 -7
- data/lib/active_support/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9f107489d40d530bb99b4b0d56e787b7455544e6
|
|
4
|
+
data.tar.gz: 44e39249e6b793dac59f702d5583c5d5634e776d
|
|
5
5
|
!binary "U0hBNTEy":
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6e56157585db548253e82a8897ce7357e86952f083e8f7da01affb52dc6117b3db1ff07b916c22d0b244b9a315a2821913c20f095e5b39a81665fc297c8f1106
|
|
7
|
+
data.tar.gz: 99c5bd237aa7881a077658c0e70960fab81b221eb1bb28c208215be19d7518e8f56a54cfba3299ec2e3fdbb185722c4c5e5821b72160ae2b1cbd8e04725fd315
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
## Rails 3.2.10 (Jan 8, 2012) ##
|
|
2
|
+
|
|
3
|
+
* Hash.from_xml raises when it encounters type="symbol" or type="yaml".
|
|
4
|
+
Use Hash.from_trusted_xml to parse this XML.
|
|
5
|
+
|
|
6
|
+
CVE-2013-0156
|
|
7
|
+
|
|
8
|
+
*Jeremy Kemper*
|
|
9
|
+
|
|
1
10
|
## Rails 3.2.9 (Nov 12, 2012) ##
|
|
2
11
|
|
|
3
12
|
* Add logger.push_tags and .pop_tags to complement logger.tagged:
|
|
@@ -85,15 +85,33 @@ class Hash
|
|
|
85
85
|
end
|
|
86
86
|
end
|
|
87
87
|
|
|
88
|
+
class DisallowedType < StandardError #:nodoc:
|
|
89
|
+
def initialize(type)
|
|
90
|
+
super "Disallowed type attribute: #{type.inspect}"
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
DISALLOWED_XML_TYPES = %w(symbol yaml)
|
|
95
|
+
|
|
88
96
|
class << self
|
|
89
|
-
def from_xml(xml)
|
|
90
|
-
typecast_xml_value(unrename_keys(ActiveSupport::XmlMini.parse(xml)))
|
|
97
|
+
def from_xml(xml, disallowed_types = nil)
|
|
98
|
+
typecast_xml_value(unrename_keys(ActiveSupport::XmlMini.parse(xml)), disallowed_types)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def from_trusted_xml(xml)
|
|
102
|
+
from_xml xml, []
|
|
91
103
|
end
|
|
92
104
|
|
|
93
105
|
private
|
|
94
|
-
def typecast_xml_value(value)
|
|
106
|
+
def typecast_xml_value(value, disallowed_types = nil)
|
|
107
|
+
disallowed_types ||= DISALLOWED_XML_TYPES
|
|
108
|
+
|
|
95
109
|
case value.class.to_s
|
|
96
110
|
when 'Hash'
|
|
111
|
+
if value.include?('type') && !value['type'].is_a?(Hash) && disallowed_types.include?(value['type'])
|
|
112
|
+
raise DisallowedType, value['type']
|
|
113
|
+
end
|
|
114
|
+
|
|
97
115
|
if value['type'] == 'array'
|
|
98
116
|
_, entries = Array.wrap(value.detect { |k,v| not v.is_a?(String) })
|
|
99
117
|
if entries.nil? || (c = value['__content__'] && c.blank?)
|
|
@@ -101,9 +119,9 @@ class Hash
|
|
|
101
119
|
else
|
|
102
120
|
case entries.class.to_s # something weird with classes not matching here. maybe singleton methods breaking is_a?
|
|
103
121
|
when "Array"
|
|
104
|
-
entries.collect { |v| typecast_xml_value(v) }
|
|
122
|
+
entries.collect { |v| typecast_xml_value(v, disallowed_types) }
|
|
105
123
|
when "Hash"
|
|
106
|
-
[typecast_xml_value(entries)]
|
|
124
|
+
[typecast_xml_value(entries, disallowed_types)]
|
|
107
125
|
else
|
|
108
126
|
raise "can't typecast #{entries.inspect}"
|
|
109
127
|
end
|
|
@@ -127,14 +145,14 @@ class Hash
|
|
|
127
145
|
elsif value['type'] && value.size == 1 && !value['type'].is_a?(::Hash)
|
|
128
146
|
nil
|
|
129
147
|
else
|
|
130
|
-
xml_value = Hash[value.map { |k,v| [k, typecast_xml_value(v)] }]
|
|
148
|
+
xml_value = Hash[value.map { |k,v| [k, typecast_xml_value(v, disallowed_types)] }]
|
|
131
149
|
|
|
132
150
|
# Turn { :files => { :file => #<StringIO> } into { :files => #<StringIO> } so it is compatible with
|
|
133
151
|
# how multipart uploaded files from HTML appear
|
|
134
152
|
xml_value["file"].is_a?(StringIO) ? xml_value["file"] : xml_value
|
|
135
153
|
end
|
|
136
154
|
when 'Array'
|
|
137
|
-
value.map! { |i| typecast_xml_value(i) }
|
|
155
|
+
value.map! { |i| typecast_xml_value(i, disallowed_types) }
|
|
138
156
|
value.length > 1 ? value : value.first
|
|
139
157
|
when 'String'
|
|
140
158
|
value
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activesupport
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2013-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: i18n
|
|
@@ -280,7 +280,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
280
280
|
version: '0'
|
|
281
281
|
requirements: []
|
|
282
282
|
rubyforge_project:
|
|
283
|
-
rubygems_version: 2.0.0.
|
|
283
|
+
rubygems_version: 2.0.0.preview3
|
|
284
284
|
signing_key:
|
|
285
285
|
specification_version: 4
|
|
286
286
|
summary: A toolkit of support libraries and Ruby core extensions extracted from the
|