diff options
-rw-r--r-- | .codeclimate.yml | 14 | ||||
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | actionpack/CHANGELOG.md | 7 | ||||
-rw-r--r-- | actionpack/lib/action_dispatch/routing/mapper.rb | 9 | ||||
-rw-r--r-- | actionpack/test/dispatch/routing_test.rb | 18 | ||||
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | 7 | ||||
-rw-r--r-- | activerecord/lib/active_record/statement_cache.rb | 13 | ||||
-rw-r--r-- | activesupport/lib/active_support/message_encryptor.rb | 4 |
8 files changed, 49 insertions, 27 deletions
diff --git a/.codeclimate.yml b/.codeclimate.yml index 877c67873d..17fcaa4360 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -7,20 +7,6 @@ ratings: - "**.rb" exclude_paths: - - actioncable/lib/rails/generators/ - - actioncable/test/ - - actionmailer/lib/rails/generators/ - - actionmailer/test/ - - actionpack/test/ - - actionview/test/ - - activejob/lib/rails/generators/ - - activejob/test/ - - activemodel/test/ - - activerecord/lib/rails/generators/ - - activerecord/test/ - - activesupport/test/ - - railties/lib/rails/generators/ - - railties/test/ - ci/ - guides/ - tasks/ diff --git a/Gemfile.lock b/Gemfile.lock index 10bc8b1898..0a3d91ca29 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -103,7 +103,7 @@ GEM specs: addressable (2.4.0) amq-protocol (2.0.1) - arel (7.1.0) + arel (7.1.1) backburner (1.3.0) beaneater (~> 1.0) dante (> 0.1.5) @@ -401,4 +401,4 @@ DEPENDENCIES wdm (>= 0.1.0) BUNDLED WITH - 1.11.2 + 1.12.5 diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index d50cbaee38..7bb9b62468 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,10 @@ +* Fix 'defaults' option for root route. + + A regression from some refactoring for the 5.0 release, this change + fixes the use of 'defaults' (default parameters) in the 'root' routing method. + + *Chris Arcand* + * Check `request.path_parameters` encoding at the point they're set. Check for any non-UTF8 characters in path parameters at the point they're diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index 73b4864e45..12ddd0f148 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -1923,7 +1923,14 @@ to this: def match_root_route(options) name = has_named_route?(:root) ? nil : :root - match '/', { :as => name, :via => :get }.merge!(options) + defaults_option = options.delete(:defaults) + args = ['/', { as: name, via: :get }.merge!(options)] + + if defaults_option + defaults(defaults_option) { match(*args) } + else + match(*args) + end end end diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 5298e63fef..cac89417a5 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -1759,6 +1759,24 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal 1, @request.params[:page] end + def test_keyed_default_string_params_with_root + draw do + root to: 'pages#show', defaults: { id: 'home' } + end + + get '/' + assert_equal 'home', @request.params[:id] + end + + def test_default_string_params_with_root + draw do + root to: 'pages#show', id: 'home' + end + + get '/' + assert_equal 'home', @request.params[:id] + end + def test_resource_constraints draw do resources :products, :constraints => { :id => /\d{4}/ } do diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 74aae3a1e4..621f737a5e 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -18,11 +18,12 @@ module ActiveRecord # This is used in the StatementCache object. It returns an object that # can be used to query the database repeatedly. - def cacheable_query(arel) # :nodoc: + def cacheable_query(klass, arel) # :nodoc: + collected = visitor.accept(arel.ast, collector) if prepared_statements - ActiveRecord::StatementCache.query visitor, arel.ast + klass.query(collected.value) else - ActiveRecord::StatementCache.partial_query visitor, arel.ast, collector + klass.partial_query(collected.value) end end diff --git a/activerecord/lib/active_record/statement_cache.rb b/activerecord/lib/active_record/statement_cache.rb index 6c896ccea6..5607be6d12 100644 --- a/activerecord/lib/active_record/statement_cache.rb +++ b/activerecord/lib/active_record/statement_cache.rb @@ -40,7 +40,7 @@ module ActiveRecord end class PartialQuery < Query # :nodoc: - def initialize values + def initialize(values) @values = values @indexes = values.each_with_index.find_all { |thing,i| Arel::Nodes::BindParam === thing @@ -55,13 +55,12 @@ module ActiveRecord end end - def self.query(visitor, ast) - Query.new visitor.accept(ast, Arel::Collectors::SQLString.new).value + def self.query(sql) + Query.new(sql) end - def self.partial_query(visitor, ast, collector) - collected = visitor.accept(ast, collector).value - PartialQuery.new collected + def self.partial_query(values) + PartialQuery.new(values) end class Params # :nodoc: @@ -92,7 +91,7 @@ module ActiveRecord def self.create(connection, block = Proc.new) relation = block.call Params.new bind_map = BindMap.new relation.bound_attributes - query_builder = connection.cacheable_query relation.arel + query_builder = connection.cacheable_query(self, relation.arel) new query_builder, bind_map end diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb index 87efe117c5..1f2736388d 100644 --- a/activesupport/lib/active_support/message_encryptor.rb +++ b/activesupport/lib/active_support/message_encryptor.rb @@ -99,6 +99,10 @@ module ActiveSupport def _decrypt(encrypted_message) cipher = new_cipher encrypted_data, iv, auth_tag = encrypted_message.split("--".freeze).map {|v| ::Base64.strict_decode64(v)} + + # Currently the OpenSSL bindings do not raise an error if auth_tag is + # truncated, which would allow an attacker to easily forge it. See + # https://github.com/ruby/openssl/issues/63 raise InvalidMessage if aead_mode? && auth_tag.bytes.length != 16 cipher.decrypt |