activesupport 4.2.1 → 4.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 34309be029cb1c5691c007e017e1885972eb8471
|
4
|
+
data.tar.gz: af61a044fa53999d9182cd5e048a29734c0cf20f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92415b4900a8e3ca73756db0308c1ae74339f376f36b0561fe775a37358fc2142b77ad80e06de6aafb61a79bb36ce02834a189c12f8f13d22a173f90949b5824
|
7
|
+
data.tar.gz: 84965a10900fbba7b1c30cf762a3b0382a8bfcfca0db6d4b83a94428f130961087cd3f1a373f90c61d9b20dbeb58a67ded812bfd76c4a98641469121247dbac7
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
## Rails 4.2.2 (June 16, 2015) ##
|
2
|
+
|
3
|
+
* Fix XSS vulnerability in `ActiveSupport::JSON.encode` method.
|
4
|
+
|
5
|
+
CVE-2015-3226.
|
6
|
+
|
7
|
+
*Rafael Mendonça França*
|
8
|
+
|
9
|
+
* Fix denial of service vulnerability in the XML processing.
|
10
|
+
|
11
|
+
CVE-2015-3227.
|
12
|
+
|
13
|
+
*Aaron Patterson*
|
14
|
+
|
15
|
+
|
1
16
|
## Rails 4.2.1 (March 19, 2014) ##
|
2
17
|
|
3
18
|
* Fixed a problem where String#truncate_words would get stuck with a complex
|
@@ -46,7 +46,7 @@ module ActiveSupport
|
|
46
46
|
xml_string_reader = StringReader.new(data)
|
47
47
|
xml_input_source = InputSource.new(xml_string_reader)
|
48
48
|
doc = @dbf.new_document_builder.parse(xml_input_source)
|
49
|
-
merge_element!({CONTENT_KEY => ''}, doc.document_element)
|
49
|
+
merge_element!({CONTENT_KEY => ''}, doc.document_element, XmlMini.depth)
|
50
50
|
end
|
51
51
|
end
|
52
52
|
|
@@ -58,9 +58,10 @@ module ActiveSupport
|
|
58
58
|
# Hash to merge the converted element into.
|
59
59
|
# element::
|
60
60
|
# XML element to merge into hash
|
61
|
-
def merge_element!(hash, element)
|
61
|
+
def merge_element!(hash, element, depth)
|
62
|
+
raise 'Document too deep!' if depth == 0
|
62
63
|
delete_empty(hash)
|
63
|
-
merge!(hash, element.tag_name, collapse(element))
|
64
|
+
merge!(hash, element.tag_name, collapse(element, depth))
|
64
65
|
end
|
65
66
|
|
66
67
|
def delete_empty(hash)
|
@@ -71,14 +72,14 @@ module ActiveSupport
|
|
71
72
|
#
|
72
73
|
# element::
|
73
74
|
# The document element to be collapsed.
|
74
|
-
def collapse(element)
|
75
|
+
def collapse(element, depth)
|
75
76
|
hash = get_attributes(element)
|
76
77
|
|
77
78
|
child_nodes = element.child_nodes
|
78
79
|
if child_nodes.length > 0
|
79
80
|
(0...child_nodes.length).each do |i|
|
80
81
|
child = child_nodes.item(i)
|
81
|
-
merge_element!(hash, child) unless child.node_type == Node.TEXT_NODE
|
82
|
+
merge_element!(hash, child, depth - 1) unless child.node_type == Node.TEXT_NODE
|
82
83
|
end
|
83
84
|
merge_texts!(hash, element) unless empty_content?(element)
|
84
85
|
hash
|
@@ -29,7 +29,7 @@ module ActiveSupport
|
|
29
29
|
doc = REXML::Document.new(data)
|
30
30
|
|
31
31
|
if doc.root
|
32
|
-
merge_element!({}, doc.root)
|
32
|
+
merge_element!({}, doc.root, XmlMini.depth)
|
33
33
|
else
|
34
34
|
raise REXML::ParseException,
|
35
35
|
"The document #{doc.to_s.inspect} does not have a valid root"
|
@@ -44,19 +44,20 @@ module ActiveSupport
|
|
44
44
|
# Hash to merge the converted element into.
|
45
45
|
# element::
|
46
46
|
# XML element to merge into hash
|
47
|
-
def merge_element!(hash, element)
|
48
|
-
|
47
|
+
def merge_element!(hash, element, depth)
|
48
|
+
raise REXML::ParseException, "The document is too deep" if depth == 0
|
49
|
+
merge!(hash, element.name, collapse(element, depth))
|
49
50
|
end
|
50
51
|
|
51
52
|
# Actually converts an XML document element into a data structure.
|
52
53
|
#
|
53
54
|
# element::
|
54
55
|
# The document element to be collapsed.
|
55
|
-
def collapse(element)
|
56
|
+
def collapse(element, depth)
|
56
57
|
hash = get_attributes(element)
|
57
58
|
|
58
59
|
if element.has_elements?
|
59
|
-
element.each_element {|child| merge_element!(hash, child) }
|
60
|
+
element.each_element {|child| merge_element!(hash, child, depth - 1) }
|
60
61
|
merge_texts!(hash, element) unless empty_content?(element)
|
61
62
|
hash
|
62
63
|
else
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activesupport
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.2.
|
4
|
+
version: 4.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-06-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: i18n
|