From fe4dfdd64450662d882b47bf519d885edee453df Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Mon, 28 May 2012 11:58:15 -0700 Subject: bumping to 3.2.4.rc1 --- RAILS_VERSION | 2 +- actionmailer/lib/action_mailer/version.rb | 4 ++-- actionpack/lib/action_pack/version.rb | 4 ++-- activemodel/lib/active_model/version.rb | 4 ++-- activerecord/lib/active_record/version.rb | 4 ++-- activeresource/lib/active_resource/version.rb | 4 ++-- activesupport/lib/active_support/version.rb | 4 ++-- railties/lib/rails/version.rb | 4 ++-- version.rb | 4 ++-- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/RAILS_VERSION b/RAILS_VERSION index b347b11eac..6f9557bc14 100644 --- a/RAILS_VERSION +++ b/RAILS_VERSION @@ -1 +1 @@ -3.2.3 +3.2.4.rc1 diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb index 3149298635..f03bb5f169 100644 --- a/actionmailer/lib/action_mailer/version.rb +++ b/actionmailer/lib/action_mailer/version.rb @@ -2,8 +2,8 @@ module ActionMailer module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 4d1f19ed13..d36411ab3a 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,8 +2,8 @@ module ActionPack module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/activemodel/lib/active_model/version.rb b/activemodel/lib/active_model/version.rb index 29ae01c9a0..1362a7336e 100644 --- a/activemodel/lib/active_model/version.rb +++ b/activemodel/lib/active_model/version.rb @@ -2,8 +2,8 @@ module ActiveModel module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb index cf82eea47a..d48c7a70e8 100644 --- a/activerecord/lib/active_record/version.rb +++ b/activerecord/lib/active_record/version.rb @@ -2,8 +2,8 @@ module ActiveRecord module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb index d2d7253b78..6e00747b75 100644 --- a/activeresource/lib/active_resource/version.rb +++ b/activeresource/lib/active_resource/version.rb @@ -2,8 +2,8 @@ module ActiveResource module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb index 871af46e3e..f4cbcb7dff 100644 --- a/activesupport/lib/active_support/version.rb +++ b/activesupport/lib/active_support/version.rb @@ -2,8 +2,8 @@ module ActiveSupport module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb index 4f960c58f6..698c8b8e4b 100644 --- a/railties/lib/rails/version.rb +++ b/railties/lib/rails/version.rb @@ -2,8 +2,8 @@ module Rails module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end diff --git a/version.rb b/version.rb index 4f960c58f6..698c8b8e4b 100644 --- a/version.rb +++ b/version.rb @@ -2,8 +2,8 @@ module Rails module VERSION #:nodoc: MAJOR = 3 MINOR = 2 - TINY = 3 - PRE = nil + TINY = 4 + PRE = "rc1" STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.') end -- cgit v1.2.3 From 71f7917c553cdc9a0ee49e87af0efb7429759718 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Wed, 30 May 2012 15:04:11 -0700 Subject: predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this CVE-2012-2661 --- .../active_record/associations/association_scope.rb | 17 ++++++++++++++++- .../lib/active_record/relation/predicate_builder.rb | 6 +++--- activerecord/test/cases/relation/where_test.rb | 19 +++++++++++++++++++ 3 files changed, 38 insertions(+), 4 deletions(-) create mode 100644 activerecord/test/cases/relation/where_test.rb diff --git a/activerecord/lib/active_record/associations/association_scope.rb b/activerecord/lib/active_record/associations/association_scope.rb index b3819e3661..f9cffa40c8 100644 --- a/activerecord/lib/active_record/associations/association_scope.rb +++ b/activerecord/lib/active_record/associations/association_scope.rb @@ -75,7 +75,7 @@ module ActiveRecord conditions.each do |condition| if options[:through] && condition.is_a?(Hash) - condition = { table.name => condition } + condition = disambiguate_condition(table, condition) end scope = scope.where(interpolate(condition)) @@ -114,6 +114,21 @@ module ActiveRecord end end + def disambiguate_condition(table, condition) + if condition.is_a?(Hash) + Hash[ + condition.map do |k, v| + if v.is_a?(Hash) + [k, v] + else + [table.table_alias || table.name, { k => v }] + end + end + ] + else + condition + end + end end end end diff --git a/activerecord/lib/active_record/relation/predicate_builder.rb b/activerecord/lib/active_record/relation/predicate_builder.rb index a789f48725..9c84d8a6d5 100644 --- a/activerecord/lib/active_record/relation/predicate_builder.rb +++ b/activerecord/lib/active_record/relation/predicate_builder.rb @@ -1,16 +1,16 @@ module ActiveRecord class PredicateBuilder # :nodoc: - def self.build_from_hash(engine, attributes, default_table) + def self.build_from_hash(engine, attributes, default_table, check_column = true) predicates = attributes.map do |column, value| table = default_table if value.is_a?(Hash) table = Arel::Table.new(column, engine) - build_from_hash(engine, value, table) + build_from_hash(engine, value, table, false) else column = column.to_s - if column.include?('.') + if check_column && column.include?('.') table_name, column = column.split('.', 2) table = Arel::Table.new(table_name, engine) end diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb new file mode 100644 index 0000000000..90c690e266 --- /dev/null +++ b/activerecord/test/cases/relation/where_test.rb @@ -0,0 +1,19 @@ +require "cases/helper" +require 'models/post' + +module ActiveRecord + class WhereTest < ActiveRecord::TestCase + fixtures :posts + + def test_where_error + assert_raises(ActiveRecord::StatementInvalid) do + Post.where(:id => { 'posts.author_id' => 10 }).first + end + end + + def test_where_with_table_name + post = Post.first + assert_equal post, Post.where(:posts => { 'id' => post.id }).first + end + end +end -- cgit v1.2.3 From dff6db18840e2fd1dd3f3e4ef0ae7a9a3986d01d Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Wed, 30 May 2012 15:13:03 -0700 Subject: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! CVE-2012-2660 --- actionpack/lib/action_dispatch/http/request.rb | 22 ++++++++++++++++++++++ .../dispatch/request/query_string_parsing_test.rb | 7 ++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 820921252d..adbb5d1346 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -247,6 +247,28 @@ module ActionDispatch LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip } end + protected + + # Remove nils from the params hash + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + def parse_query(qs) + deep_munge(super) + end + private def check_method(name) diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb index f6a1475d04..181f51add5 100644 --- a/actionpack/test/dispatch/request/query_string_parsing_test.rb +++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb @@ -81,7 +81,12 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest end test "query string without equal" do - assert_parses({ "action" => nil }, "action") + assert_parses({"action" => nil}, "action") + assert_parses({"action" => {"foo" => nil}}, "action[foo]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar][]") + assert_parses({"action" => {"foo" => nil}}, "action[foo][]") + assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]") end test "query string with empty key" do -- cgit v1.2.3