diff options
| -rw-r--r-- | actionmailer/CHANGELOG.md | 6 | ||||
| -rw-r--r-- | actionpack/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | activemodel/CHANGELOG.md | 3 | ||||
| -rw-r--r-- | activerecord/CHANGELOG.md | 9 | ||||
| -rw-r--r-- | activerecord/lib/active_record/dynamic_matchers.rb | 7 | ||||
| -rw-r--r-- | activerecord/test/cases/finder_test.rb | 12 | ||||
| -rw-r--r-- | activeresource/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | activesupport/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | railties/CHANGELOG.md | 4 |
9 files changed, 47 insertions, 6 deletions
diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md index d4d592a964..e8257fd63c 100644 --- a/actionmailer/CHANGELOG.md +++ b/actionmailer/CHANGELOG.md @@ -1,4 +1,8 @@ -## Rails 3.2.10 (unreleased) ## +## Rails 3.2.11 (unreleased) ## + +## Rails 3.2.10 ## + +## Rails 3.2.9 (Nov 12, 2012) ## * The return value from mailer methods is no longer relevant. This fixes a bug, which was introduced with 3.2.9. diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index a681a2dc79..6917d0e06c 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.10 (unreleased) ## +## Rails 3.2.11 (unreleased) ## * Clear url helper methods when routes are reloaded by removing the methods explicitly rather than just clearing the module because it didn't work @@ -72,6 +72,8 @@ *Daniel Fox, Grant Hutchins & Trace Wax* +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Clear url helpers when reloading routes. diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index d98df4cb91..2cb51945fd 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,7 +1,8 @@ -## Rails 3.2.10 (unreleased) ## +## Rails 3.2.11 (unreleased) ## * Specify type of singular association during serialization *Steve Klabnik* +## Rails 3.2.10 ## ## Rails 3.2.9 (Nov 12, 2012) ## diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 083474eed0..1d682e03bf 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.10 (unreleased) +## Rails 3.2.11 (unreleased) * Serialized attributes can be serialized in integer columns. Fix #8575. @@ -180,6 +180,13 @@ *Alexis Bernard* +## Rails 3.2.10 ## + +* CVE-2012-5664 options hashes should only be extracted if there are extra + parameters + +## Rails 3.2.9 (Nov 12, 2012) ## + * Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when `:inverse_of` was used. Fixes #8087. diff --git a/activerecord/lib/active_record/dynamic_matchers.rb b/activerecord/lib/active_record/dynamic_matchers.rb index b6b8e24436..f15d0b7611 100644 --- a/activerecord/lib/active_record/dynamic_matchers.rb +++ b/activerecord/lib/active_record/dynamic_matchers.rb @@ -40,7 +40,12 @@ module ActiveRecord METHOD send(method_id, *arguments) elsif match.finder? - options = arguments.extract_options! + options = if arguments.length > attribute_names.size + arguments.extract_options! + else + {} + end + relation = options.any? ? scoped(options) : scoped relation.send :find_by_attributes, match, attribute_names, *arguments, &block elsif match.instantiator? diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb index e50a334958..7d63d76c34 100644 --- a/activerecord/test/cases/finder_test.rb +++ b/activerecord/test/cases/finder_test.rb @@ -15,6 +15,18 @@ require 'models/toy' class FinderTest < ActiveRecord::TestCase fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations + def test_find_by_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_id(:limit => 1) + end + end + + def test_find_by_title_and_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_title_and_id('foo', :limit => 1) + end + end + def test_find assert_equal(topics(:first).title, Topic.find(1).title) end diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md index bdd50ab8b2..e77980f3b5 100644 --- a/activeresource/CHANGELOG.md +++ b/activeresource/CHANGELOG.md @@ -1,3 +1,7 @@ +## Rails 3.2.11 ## + +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * No changes. diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 88707d7edb..834dff60c9 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.10 (unreleased) +## Rails 3.2.11 (unreleased) * Remove surrogate unicode character encoding from ActiveSupport::JSON.encode The encoding scheme was broken for unicode characters outside the basic @@ -19,6 +19,8 @@ *Daniele Sluijters* +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Add logger.push_tags and .pop_tags to complement logger.tagged: diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 9110fdc673..33ba020e0a 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,7 @@ +## Rails 3.2.11 ## + +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Engines with a dummy app include the rake tasks of dependencies in the app namespace. [Backport: #8262] |