From acc2aa4c60ea8ebbe8c1a8db17ff52493943867c Mon Sep 17 00:00:00 2001 From: claudiob Date: Mon, 12 Nov 2012 16:07:36 -0800 Subject: Add release date of Rails 3.2.9 to documentation Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md activesupport/CHANGELOG.md --- actionmailer/CHANGELOG.md | 2 +- actionpack/CHANGELOG.md | 2 +- activemodel/CHANGELOG.md | 2 +- activerecord/CHANGELOG.md | 2 +- activeresource/CHANGELOG.md | 2 +- activesupport/CHANGELOG.md | 2 +- railties/CHANGELOG.md | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md index 74aede2cb7..fd3eca106e 100644 --- a/actionmailer/CHANGELOG.md +++ b/actionmailer/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) ## +## Rails 3.2.9 (Nov 12, 2012) ## * Do not render views when mail() isn't called. Fix #7761 diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 2bf3801b7d..9056074c03 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) ## +## Rails 3.2.9 (Nov 12, 2012) ## * Clear url helpers when reloading routes. diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index d3056e73a2..4882421014 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) +## Rails 3.2.9 (Nov 12, 2012) ## * Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this: diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 3e071cfa01..5757b48f99 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) +## Rails 3.2.9 (Nov 12, 2012) ## * Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when `:inverse_of` was used. Fixes #8087. diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md index c1a51aeac6..bdd50ab8b2 100644 --- a/activeresource/CHANGELOG.md +++ b/activeresource/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) ## +## Rails 3.2.9 (Nov 12, 2012) ## * No changes. diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 76a232665f..7faf55bf52 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) +## Rails 3.2.9 (Nov 12, 2012) ## * Add logger.push_tags and .pop_tags to complement logger.tagged: diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 27f4fd6de7..32a3cf3129 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.9 (unreleased) +## Rails 3.2.9 (Nov 12, 2012) ## * Update supported ruby versions error message in ruby_version_check.rb *Lihan Li* -- cgit v1.2.3 From 784a38698467dbc576e2c33319ef25c39d0bd104 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Sat, 22 Dec 2012 21:34:17 -0800 Subject: updating the changelog for the CVE --- activerecord/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 5757b48f99..91df89ad9a 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,7 @@ +## Rails 3.2.10 ## + +* CVE-2012-5664 options hashes should never be the first parameter. + ## Rails 3.2.9 (Nov 12, 2012) ## * Fix issue with collection associations calling first(n)/last(n) and attempting -- cgit v1.2.3 From 6727ac6a6b7ee8b2cd4e173a9cff40b112c8285d Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Sat, 22 Dec 2012 21:34:47 -0800 Subject: updating the changelogs --- actionmailer/CHANGELOG.md | 2 ++ actionpack/CHANGELOG.md | 2 ++ activemodel/CHANGELOG.md | 2 ++ activeresource/CHANGELOG.md | 2 ++ railties/CHANGELOG.md | 2 ++ 5 files changed, 10 insertions(+) diff --git a/actionmailer/CHANGELOG.md b/actionmailer/CHANGELOG.md index fd3eca106e..fffadd18a0 100644 --- a/actionmailer/CHANGELOG.md +++ b/actionmailer/CHANGELOG.md @@ -1,3 +1,5 @@ +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Do not render views when mail() isn't called. diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 9056074c03..4d7035e63f 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,5 @@ +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Clear url helpers when reloading routes. diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index 4882421014..6f09c1cb43 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,3 +1,5 @@ +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Due to a change in builder, nil values and empty strings now generates diff --git a/activeresource/CHANGELOG.md b/activeresource/CHANGELOG.md index bdd50ab8b2..8d251bdce2 100644 --- a/activeresource/CHANGELOG.md +++ b/activeresource/CHANGELOG.md @@ -1,3 +1,5 @@ +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * No changes. diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 32a3cf3129..adca0839d9 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,5 @@ +## Rails 3.2.10 ## + ## Rails 3.2.9 (Nov 12, 2012) ## * Update supported ruby versions error message in ruby_version_check.rb *Lihan Li* -- cgit v1.2.3 From 7d592ba3974321934db5d693273002bdd9668863 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Sun, 23 Dec 2012 11:04:02 -0800 Subject: updating changelog --- activerecord/CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 91df89ad9a..bd8a0bc039 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,6 +1,7 @@ ## Rails 3.2.10 ## -* CVE-2012-5664 options hashes should never be the first parameter. +* CVE-2012-5664 options hashes should only be extracted if there are extra + parameters ## Rails 3.2.9 (Nov 12, 2012) ## -- cgit v1.2.3 From 325669f0795a9148fd31f7f496a40dc8e114ef52 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Sun, 23 Dec 2012 11:07:07 -0800 Subject: CVE-2012-5664 options hashes should only be extracted if there are extra parameters --- activerecord/lib/active_record/dynamic_matchers.rb | 7 ++++++- activerecord/test/cases/finder_test.rb | 12 ++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/activerecord/lib/active_record/dynamic_matchers.rb b/activerecord/lib/active_record/dynamic_matchers.rb index b6b8e24436..f15d0b7611 100644 --- a/activerecord/lib/active_record/dynamic_matchers.rb +++ b/activerecord/lib/active_record/dynamic_matchers.rb @@ -40,7 +40,12 @@ module ActiveRecord METHOD send(method_id, *arguments) elsif match.finder? - options = arguments.extract_options! + options = if arguments.length > attribute_names.size + arguments.extract_options! + else + {} + end + relation = options.any? ? scoped(options) : scoped relation.send :find_by_attributes, match, attribute_names, *arguments, &block elsif match.instantiator? diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb index 5d72e35c60..77ca3b574d 100644 --- a/activerecord/test/cases/finder_test.rb +++ b/activerecord/test/cases/finder_test.rb @@ -15,6 +15,18 @@ require 'models/toy' class FinderTest < ActiveRecord::TestCase fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations + def test_find_by_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_id(:limit => 1) + end + end + + def test_find_by_title_and_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_title_and_id('foo', :limit => 1) + end + end + def test_find assert_equal(topics(:first).title, Topic.find(1).title) end -- cgit v1.2.3