diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-07-26 15:07:19 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-07-26 15:07:19 -0700 |
| commit | 133754ef172706c10d6d1f9393d4fb1a1b19e2d7 (patch) | |
| tree | c1f96570993ead95bfb8615e42bdc155e17c895e /actionpack | |
| parent | 3dae4400989174c12730285397c58caf1a2685af (diff) | |
| parent | d1b9cf2d48b4e58da2da563107dd2783e326e287 (diff) | |
| download | rails-133754ef172706c10d6d1f9393d4fb1a1b19e2d7.tar.gz rails-133754ef172706c10d6d1f9393d4fb1a1b19e2d7.tar.bz2 rails-133754ef172706c10d6d1f9393d4fb1a1b19e2d7.zip | |
Merge branch '3-2-rel' into 3-2-stable
* 3-2-rel:
updating release date
bumping to 3.2.7
updating the changelog
* Do not convert digest auth strings to symbols. CVE-2012-3424
updating the version
updating changelogs
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 18 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/http_authentication.rb | 4 | ||||
| -rw-r--r-- | actionpack/lib/action_pack/version.rb | 2 |
3 files changed, 21 insertions, 3 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 4b483b200f..0aaaaf92ea 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,21 @@ +## Rails 3.2.7 (Jul 26, 2012) ## + +* Do not convert digest auth strings to symbols. CVE-2012-3424 + +* Bump Journey requirements to 1.0.4 + +* Add support for optional root segments containing slashes + +* Fixed bug creating invalid HTML in select options + +* Show in log correct wrapped keys + +* Fix NumberHelper options wrapping to prevent verbatim blocks being rendered instead of line continuations. + +* ActionController::Metal doesn't have logger method, check it and then delegate + +* ActionController::Caching depends on RackDelegation and AbstractController::Callbacks + ## Rails 3.2.6 (Jun 12, 2012) ## * nil is removed from array parameter values diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index 9f2f5476fa..fe4ab65bba 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -227,9 +227,9 @@ module ActionController end def decode_credentials(header) - Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair| + HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair| key, value = pair.split('=', 2) - [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')] + [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')] end] end diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 58ccf8ebc2..eccfd415fb 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 6 + TINY = 7 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') |