diff --git a/actionmailer/Rakefile b/actionmailer/Rakefile index c53b979f58482b2cf2cb13430c80a52d137fd344..528e31a25d8d2bd1b155b32e6282e05fd2ff0877 100644 --- a/actionmailer/Rakefile +++ b/actionmailer/Rakefile @@ -54,7 +54,7 @@ spec = Gem::Specification.new do |s| s.rubyforge_project = "actionmailer" s.homepage = "http://www.rubyonrails.org" - s.add_dependency('actionpack', '= 2.3.16' + PKG_BUILD) + s.add_dependency('actionpack', '= 2.3.17' + PKG_BUILD) s.requirements << 'none' s.require_path = 'lib' diff --git a/actionmailer/actionmailer.gemspec b/actionmailer/actionmailer.gemspec index 1bd79126e7f7da11289215b495a2b261da3e327a..126bca1cafe241a3692bb5bffcdfc172239f9cd6 100644 --- a/actionmailer/actionmailer.gemspec +++ b/actionmailer/actionmailer.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'actionmailer' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Service layer for easy email delivery and testing.' s.description = 'Makes it trivial to test and deliver emails sent from a single service layer.' @@ -10,5 +10,5 @@ s.require_path = 'lib' - s.add_dependency 'actionpack', '= 2.3.16' + s.add_dependency 'actionpack', '= 2.3.17' end diff --git a/actionmailer/lib/action_mailer/version.rb b/actionmailer/lib/action_mailer/version.rb index 60de274dc08a3c2c0ccf35086e6b8ee6ce670695..669f051a2d1739e0681b4323c5935910c5be328e 100644 --- a/actionmailer/lib/action_mailer/version.rb +++ b/actionmailer/lib/action_mailer/version.rb @@ -2,7 +2,7 @@ module ActionMailer module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/actionpack/Rakefile b/actionpack/Rakefile index e6e285a875ed3633989a0d7c40881dc2d6db7318..9d261d8c90d6b10b84528f6baa0b91c118b204fd 100644 --- a/actionpack/Rakefile +++ b/actionpack/Rakefile @@ -78,7 +78,7 @@ spec = Gem::Specification.new do |s| s.requirements << 'none' - s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD) s.add_dependency('rack', '~> 1.1.0') s.require_path = 'lib' diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec index 67ce426b1de28c55e34ad9f5317e8ddb627431e7..51788ec455bea5da432aa99c45da2c8c546a184e 100644 --- a/actionpack/actionpack.gemspec +++ b/actionpack/actionpack.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'actionpack' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Web-flow and rendering framework putting the VC in MVC.' s.description = 'Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn\'t require a browser.' @@ -10,6 +10,6 @@ s.require_path = 'lib' - s.add_dependency 'activesupport', '= 2.3.16' + s.add_dependency 'activesupport', '= 2.3.17' s.add_dependency 'rack', '~> 1.1.0' end diff --git a/actionpack/lib/action_pack/version.rb b/actionpack/lib/action_pack/version.rb index 0519eb0c9c59c640a5ada5b99d7dc22637b58c22..85be0bed89c1498ccead6bc1231d76f5298ee460 100644 --- a/actionpack/lib/action_pack/version.rb +++ b/actionpack/lib/action_pack/version.rb @@ -2,7 +2,7 @@ module ActionPack #:nodoc: module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/activerecord/Rakefile b/activerecord/Rakefile index 47570bda3a095bf67617ce2d2a510c5b8d8dd433..6ebc6557878cad8a6ec566e7bacef391e6774f44 100644 --- a/activerecord/Rakefile +++ b/activerecord/Rakefile @@ -192,7 +192,7 @@ spec = Gem::Specification.new do |s| s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) } end - s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD) s.files.delete FIXTURES_ROOT + "/fixture_database.sqlite" s.files.delete FIXTURES_ROOT + "/fixture_database_2.sqlite" diff --git a/activerecord/activerecord.gemspec b/activerecord/activerecord.gemspec index 41f1f50c239faa494cb190c0b6178b3bee38c4c3..8754472f2628f5d7c580b0fce434a20e1c4e87e6 100644 --- a/activerecord/activerecord.gemspec +++ b/activerecord/activerecord.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'activerecord' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Implements the ActiveRecord pattern for ORM.' s.description = 'Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.' @@ -13,5 +13,5 @@ s.rdoc_options = ['--main', 'README'] s.extra_rdoc_files = ['README'] - s.add_dependency 'activesupport', '= 2.3.16' + s.add_dependency 'activesupport', '= 2.3.17' end diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb index 22630b3e80215e300fb293f501873e982c48b9f3..54fe1f25cccc01676dc71ff40d152acbffcea28b 100644 --- a/activerecord/lib/active_record/attribute_methods.rb +++ b/activerecord/lib/active_record/attribute_methods.rb @@ -80,7 +80,9 @@ def define_attribute_methods end unless instance_method_already_implemented?("#{name}=") - if create_time_zone_conversion_attribute?(name, column) + if self.serialized_attributes[name] + define_write_method_for_serialized_attribute(name) + elsif create_time_zone_conversion_attribute?(name, column) define_write_method_for_time_zone_conversion(name) else define_write_method(name.to_sym) @@ -130,7 +132,7 @@ def cache_attribute?(attr_name) # Suffixes a, ?, c become regexp /(a|\?|c)$/ def rebuild_attribute_method_regexp suffixes = attribute_method_suffixes.map { |s| Regexp.escape(s) } - @@attribute_method_regexp = /(#{suffixes.join('|')})$/.freeze + @@attribute_method_regexp = /(#{suffixes.join('|')})\z/.freeze end # Default to =, ?, _before_type_cast @@ -184,6 +186,19 @@ def define_question_method(attr_name) def define_write_method(attr_name) evaluate_attribute_method attr_name, "def #{attr_name}=(new_value);write_attribute('#{attr_name}', new_value);end", "#{attr_name}=" end + + # Defined for all serialized attributes. Disallows assigning already serialized YAML. + def define_write_method_for_serialized_attribute(attr_name) + method_body = <<-EOV + def #{attr_name}=(value) + if value.is_a?(String) and value =~ /^---/ + raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues." + end + write_attribute(:#{attr_name}, value) + end + EOV + evaluate_attribute_method attr_name, method_body, "#{attr_name}=" + end # Defined for all +datetime+ and +timestamp+ attributes when +time_zone_aware_attributes+ are enabled. # This enhanced write method will automatically convert the time passed to it to the zone stored in Time.zone. diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index cfc6e86b910a347d66f65003a1da82e384fbb114..c11b702af1576bd8d78551162fb10adcae4a8a95 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -2998,11 +2998,11 @@ def convert_number_column_value(value) def remove_attributes_protected_from_mass_assignment(attributes) safe_attributes = if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil? - attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } elsif self.class.protected_attributes.nil? - attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } elsif self.class.accessible_attributes.nil? - attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } else raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both." end diff --git a/activerecord/lib/active_record/version.rb b/activerecord/lib/active_record/version.rb index 8aaf96e8b448cf105ca705bf937a10336fa704b1..ee51ca8714a59dca6dac90aa24c53489b077828a 100644 --- a/activerecord/lib/active_record/version.rb +++ b/activerecord/lib/active_record/version.rb @@ -2,7 +2,7 @@ module ActiveRecord module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index 242be2afceb584dd3810b8fd0d2295c2767f2631..f23894e8bc0041e6e8f077a76c35e7bb72e4c810 100755 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -1499,6 +1499,12 @@ def test_nil_serialized_attribute_with_class_constraint assert_nil topic.content end + def test_should_raise_exception_on_assigning_already_serialized_content + topic = Topic.new + serialized_content = %w[foo bar].to_yaml + assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content } + end + def test_should_raise_exception_on_serialized_attribute_with_type_mismatch myobj = MyObject.new('value1', 'value2') topic = Topic.new(:content => myobj) diff --git a/activeresource/Rakefile b/activeresource/Rakefile index 89f765d7c87467389945731a36afde73914703a9..0400dbe18276233719f1a054bce06919fc61d404 100644 --- a/activeresource/Rakefile +++ b/activeresource/Rakefile @@ -66,7 +66,7 @@ spec = Gem::Specification.new do |s| s.files = s.files + Dir.glob( "#{dir}/**/*" ).delete_if { |item| item.include?( "\.svn" ) } end - s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD) s.require_path = 'lib' diff --git a/activeresource/activeresource.gemspec b/activeresource/activeresource.gemspec index cc85863971f6fc3cded3e990daa8444669f0d344..7dcc6a3c9cfaf14de7ce0469fd1614010e991b5f 100644 --- a/activeresource/activeresource.gemspec +++ b/activeresource/activeresource.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'activeresource' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Think Active Record for web resources.' s.description = 'Wraps web resources in model classes that can be manipulated through XML over REST.' @@ -13,5 +13,5 @@ s.rdoc_options = ['--main', 'README'] s.extra_rdoc_files = ['README'] - s.add_dependency 'activesupport', '= 2.3.16' + s.add_dependency 'activesupport', '= 2.3.17' end diff --git a/activeresource/lib/active_resource/version.rb b/activeresource/lib/active_resource/version.rb index 9625b974bedb9dd85ac853b0ddb541d626b5eeec..9a26a789bc99cbf4122105277b8a7297dac7551d 100644 --- a/activeresource/lib/active_resource/version.rb +++ b/activeresource/lib/active_resource/version.rb @@ -2,7 +2,7 @@ module ActiveResource module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/activesupport/activesupport.gemspec b/activesupport/activesupport.gemspec index f8c99b54607874d283d8ec679e3fac70502d4f01..7e49d68e70b89f7f6183f9de5e2b7c251b16b8ce 100644 --- a/activesupport/activesupport.gemspec +++ b/activesupport/activesupport.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'activesupport' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Support and utility classes used by the Rails framework.' s.description = 'Utility library which carries commonly used classes and goodies from the Rails framework' diff --git a/activesupport/lib/active_support/version.rb b/activesupport/lib/active_support/version.rb index 7f8e7d2ba6bc5b99f4f70e1bc18f734bedfb7dce..da33a8a7c13ae751db87fa301f7abc7e9d4c5918 100644 --- a/activesupport/lib/active_support/version.rb +++ b/activesupport/lib/active_support/version.rb @@ -2,7 +2,7 @@ module ActiveSupport module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/railties/Rakefile b/railties/Rakefile index 25fe0319f34f86d557f6bc188ef062466e6943c5..9f6545b60a9ca2643d4e57bec4c43a224d20dd8e 100644 --- a/railties/Rakefile +++ b/railties/Rakefile @@ -313,11 +313,11 @@ spec = Gem::Specification.new do |s| EOF s.add_dependency('rake', '>= 0.8.3') - s.add_dependency('activesupport', '= 2.3.16' + PKG_BUILD) - s.add_dependency('activerecord', '= 2.3.16' + PKG_BUILD) - s.add_dependency('actionpack', '= 2.3.16' + PKG_BUILD) - s.add_dependency('actionmailer', '= 2.3.16' + PKG_BUILD) - s.add_dependency('activeresource', '= 2.3.16' + PKG_BUILD) + s.add_dependency('activesupport', '= 2.3.17' + PKG_BUILD) + s.add_dependency('activerecord', '= 2.3.17' + PKG_BUILD) + s.add_dependency('actionpack', '= 2.3.17' + PKG_BUILD) + s.add_dependency('actionmailer', '= 2.3.17' + PKG_BUILD) + s.add_dependency('activeresource', '= 2.3.17' + PKG_BUILD) s.rdoc_options << '--exclude' << '.' diff --git a/railties/lib/rails/version.rb b/railties/lib/rails/version.rb index 9a36600115202e69b6d15815c255a1aa4999590f..157fec690980735fbd6b68873570e7b7a0887969 100644 --- a/railties/lib/rails/version.rb +++ b/railties/lib/rails/version.rb @@ -2,7 +2,7 @@ module Rails module VERSION #:nodoc: MAJOR = 2 MINOR = 3 - TINY = 16 + TINY = 17 STRING = [MAJOR, MINOR, TINY].join('.') end diff --git a/railties/railties.gemspec b/railties/railties.gemspec index 6f82d3ed3162f3bef445403cfcb608110c71e4cd..e89c36f25dc1a09c198fed809801ab88689359e0 100644 --- a/railties/railties.gemspec +++ b/railties/railties.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = 'rails' - s.version = '2.3.16' + s.version = '2.3.17' s.summary = 'Web-application framework with template engine, control-flow layer, and ORM.' s.description = "Rails is a framework for building web-application using CGI, FCGI, mod_ruby, or WEBrick\non top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates." @@ -14,9 +14,9 @@ s.rdoc_options = ['--exclude', '.'] s.add_dependency 'rake', '>= 0.8.3' - s.add_dependency 'activesupport', '= 2.3.16' - s.add_dependency 'activerecord', '= 2.3.16' - s.add_dependency 'actionpack', '= 2.3.16' - s.add_dependency 'actionmailer', '= 2.3.16' - s.add_dependency 'activeresource', '= 2.3.16' + s.add_dependency 'activesupport', '= 2.3.17' + s.add_dependency 'activerecord', '= 2.3.17' + s.add_dependency 'actionpack', '= 2.3.17' + s.add_dependency 'actionmailer', '= 2.3.17' + s.add_dependency 'activeresource', '= 2.3.17' end