Merge branch '3-2-stable-rel' into 3-2-stable

* 3-2-stable-rel:
  updating changelogs
  bumping version numbers
  updating changelogs with security fixes
  updating changelogs
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661

20 files changed, 58 insertions, 16 deletions

diff --git a/RAILS_VERSION b/RAILS_VERSION
index 5ae69bd5f0..34cde5690e 100644
--- a/RAILS_VERSION
+++ b/RAILS_VERSION
@@ -1 +1 @@
-3.2.5
+3.2.6
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md
index 4fd8190ee5..f19f281e71 100644
--- a/actionmailer/CHANGELOG.md
+++ b/actionmailer/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.6 (Jun 12, 2012)
+
+*   No changes.
+
 ## Rails 3.2.5 (Jun 1, 2012) ##
 
 *   No changes.
diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb
index 3d85d4dd27..ef132514b6 100644
--- a/actionmailer/lib/action_mailer/version.rb
+++ b/actionmailer/lib/action_mailer/version.rb
@@ -2,7 +2,7 @@ module ActionMailer
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 75fb902196..4b483b200f 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,4 +1,8 @@
-## Rails 3.2.6 (unreleased) ##
+## Rails 3.2.6 (Jun 12, 2012) ##
+
+*   nil is removed from array parameter values
+
+    CVE-2012-2694
 
 *   Deprecate `:confirm` in favor of `':data => { :confirm => "Text" }'` option for `button_to`, `button_tag`, `image_submit_tag`, `link_to` and `submit_tag` helpers.
 
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index adbb5d1346..afc0496ef9 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -251,17 +251,19 @@ module ActionDispatch
 
     # Remove nils from the params hash
     def deep_munge(hash)
+      keys = hash.keys.find_all { |k| hash[k] == [nil] }
+      keys.each { |k| hash[k] = nil }
+
       hash.each_value do |v|
         case v
         when Array
           v.grep(Hash) { |x| deep_munge(x) }
+          v.compact!
         when Hash
           deep_munge(v)
         end
       end
 
-      keys = hash.keys.find_all { |k| hash[k] == [nil] }
-      keys.each { |k| hash[k] = nil }
       hash
     end
 
diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb
index 8df68441c3..58ccf8ebc2 100644
--- a/actionpack/lib/action_pack/version.rb
+++ b/actionpack/lib/action_pack/version.rb
@@ -2,7 +2,7 @@ module ActionPack
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb
index 181f51add5..bc0641e3a0 100644
--- a/actionpack/test/dispatch/request/query_string_parsing_test.rb
+++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb
@@ -89,6 +89,10 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest
     assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]")
   end
 
+  def test_array_parses_without_nil
+    assert_parses({"action" => ['1']}, "action[]=1&action[]")
+  end
+
   test "query string with empty key" do
     assert_parses(
       { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md
index f553b84fc8..1ea6784042 100644
--- a/activemodel/CHANGELOG.md
+++ b/activemodel/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.6 (Jun 12, 2012)
+
+*   No changes.
+
 ## Rails 3.2.4 (May 31, 2012) ##
 
 *   No changes.
diff --git a/activemodel/lib/active_model/version.rb b/activemodel/lib/active_model/version.rb
index 474db6b867..73d666262a 100644
--- a/activemodel/lib/active_model/version.rb
+++ b/activemodel/lib/active_model/version.rb
@@ -2,7 +2,7 @@ module ActiveModel
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 71050efbc5..aa6634517e 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,4 +1,10 @@
-## Rails 3.2.6 (unreleased) ##
+## Rails 3.2.6 (Jun 12, 2012) ##
+
+*   protect against the nesting of hashes changing the
+    table context in the next call to build_from_hash. This fix
+    covers this case as well.
+
+    CVE-2012-2695
 
 *   Revert earlier 'perf fix' (see 3.2.4 changelog / GH #6289). This
     change introduced a regression (GH #6609). assoc.clear and
diff --git a/activerecord/lib/active_record/relation/predicate_builder.rb b/activerecord/lib/active_record/relation/predicate_builder.rb
index 9c84d8a6d5..6b118b4912 100644
--- a/activerecord/lib/active_record/relation/predicate_builder.rb
+++ b/activerecord/lib/active_record/relation/predicate_builder.rb
@@ -1,16 +1,16 @@
 module ActiveRecord
   class PredicateBuilder # :nodoc:
-    def self.build_from_hash(engine, attributes, default_table, check_column = true)
+    def self.build_from_hash(engine, attributes, default_table, allow_table_name = true)
       predicates = attributes.map do |column, value|
         table = default_table
 
-        if value.is_a?(Hash)
+        if allow_table_name && value.is_a?(Hash)
           table = Arel::Table.new(column, engine)
           build_from_hash(engine, value, table, false)
         else
           column = column.to_s
 
-          if check_column && column.include?('.')
+          if allow_table_name && column.include?('.')
             table_name, column = column.split('.', 2)
             table = Arel::Table.new(table_name, engine)
           end
diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb
index d2bfa51a8a..43fc292302 100644
--- a/activerecord/lib/active_record/version.rb
+++ b/activerecord/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb
index 90c690e266..b9eef1d32f 100644
--- a/activerecord/test/cases/relation/where_test.rb
+++ b/activerecord/test/cases/relation/where_test.rb
@@ -11,6 +11,12 @@ module ActiveRecord
       end
     end
 
+    def test_where_error_with_hash
+      assert_raises(ActiveRecord::StatementInvalid) do
+        Post.where(:id => { :posts => {:author_id => 10} }).first
+      end
+    end
+
     def test_where_with_table_name
       post = Post.first
       assert_equal post, Post.where(:posts => { 'id' => post.id }).first
diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md
index bf2a284284..37dcece116 100644
--- a/activeresource/CHANGELOG.md
+++ b/activeresource/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.6 (Jun 12, 2012)
+
+*   No changes.
+
 ## Rails 3.2.5 (Jun 1, 2012) ##
 
 *   No changes.
diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb
index fd1af90c56..76117593a2 100644
--- a/activeresource/lib/active_resource/version.rb
+++ b/activeresource/lib/active_resource/version.rb
@@ -2,7 +2,7 @@ module ActiveResource
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index e1ed948ede..d20e011f0a 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.6 (Jun 12, 2012)
+
+*   No changes.
+
 ## Rails 3.2.5 (Jun 1, 2012) ##
 
 *   ActiveSupport::JSON::Variable is deprecated. Define your own #as_json and #encode_json methods
diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb
index e5498dae65..a54ce0b6cb 100644
--- a/activesupport/lib/active_support/version.rb
+++ b/activesupport/lib/active_support/version.rb
@@ -2,7 +2,7 @@ module ActiveSupport
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md
index c2a4962ded..1fbfd092e1 100644
--- a/railties/CHANGELOG.md
+++ b/railties/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Rails 3.2.6 (Jun 12, 2012)
+
+*   No changes.
+
 ## Rails 3.2.4 (May 31, 2012) ##
 
 *   Add hook for resource route's generator. *Santiago Pastorino*
diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb
index 2bd7c1c020..421c6e687a 100644
--- a/railties/lib/rails/version.rb
+++ b/railties/lib/rails/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/version.rb b/version.rb
index 2bd7c1c020..421c6e687a 100644
--- a/version.rb
+++ b/version.rb
@@ -2,7 +2,7 @@ module Rails
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 2
-    TINY  = 5
+    TINY  = 6
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')