Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package rails This release fixes two RC bugs: - 2 security issues [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence disclosure in Action Pack) (#770934) - failure to upgrade from wheezy (#768850) I opted to go with a a new upstream release to ease the maintainance work during the jessie stable. 4.1.x is a stable maintainance series, so between 4.1.6 (in jessie) and 4.1.8 in (now in sid) there were only the fix for those 2 CVE's plus some other important bug fixes. The debdiff against testing is attached; it is larger than I would like. However, a big part of it is composed of addition of changelog entries, version name bumps and additions to the test suite. unblock rails/2:4.1.8-1 -- System Information: Debian Release: 8.0 APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Antonio Terceiro <terceiro@debian.org>
diff -Nru rails-4.1.6/actionmailer/CHANGELOG.md rails-4.1.8/actionmailer/CHANGELOG.md --- rails-4.1.6/actionmailer/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionmailer/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,9 @@ +* Attachments can be added while rendering the mail template. + + Fixes #16974. + + *Christian Felder* + ## Rails 4.1.6 (September 11, 2014) ## * Make ActionMailer::Previews methods class methods. Previously they were diff -Nru rails-4.1.6/actionmailer/lib/action_mailer/base.rb rails-4.1.8/actionmailer/lib/action_mailer/base.rb --- rails-4.1.6/actionmailer/lib/action_mailer/base.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionmailer/lib/action_mailer/base.rb 2014-11-16 17:42:07.000000000 -0200 @@ -759,7 +759,6 @@ def mail(headers = {}, &block) return @_message if @_mail_was_called && headers.blank? && !block - @_mail_was_called = true m = @_message # At the beginning, do not consider class default for content_type @@ -787,6 +786,8 @@ # Render the templates and blocks responses = collect_responses(headers, &block) + @_mail_was_called = true + create_parts_from_responses(m, responses) # Setup content type, reapply charset and handle parts order diff -Nru rails-4.1.6/actionmailer/lib/action_mailer/gem_version.rb rails-4.1.8/actionmailer/lib/action_mailer/gem_version.rb --- rails-4.1.6/actionmailer/lib/action_mailer/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionmailer/lib/action_mailer/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/actionmailer/lib/action_mailer/mail_helper.rb rails-4.1.8/actionmailer/lib/action_mailer/mail_helper.rb --- rails-4.1.6/actionmailer/lib/action_mailer/mail_helper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionmailer/lib/action_mailer/mail_helper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -29,7 +29,7 @@ # Access the message attachments list. def attachments - @_message.attachments + mailer.attachments end # Returns +text+ wrapped at +len+ columns and indented +indent+ spaces. diff -Nru rails-4.1.6/actionmailer/test/base_test.rb rails-4.1.8/actionmailer/test/base_test.rb --- rails-4.1.6/actionmailer/test/base_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionmailer/test/base_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -246,6 +246,19 @@ assert_match(/Can't add attachments after `mail` was called./, e.message) end + test "adding inline attachments while rendering mail works" do + class LateInlineAttachmentMailer < ActionMailer::Base + def on_render + mail from: "welcome@example.com", to: "to@example.com" + end + end + + mail = LateInlineAttachmentMailer.on_render + + assert_equal ["image/jpeg; filename=controller_attachments.jpg", + "image/jpeg; filename=attachments.jpg"], mail.attachments.inline.map {|a| a['Content-Type'].to_s } + end + test "accessing attachments works after mail was called" do class LateAttachmentAccessorMailer < ActionMailer::Base def welcome diff -Nru rails-4.1.6/actionmailer/test/fixtures/base_test/late_inline_attachment_mailer/on_render.erb rails-4.1.8/actionmailer/test/fixtures/base_test/late_inline_attachment_mailer/on_render.erb --- rails-4.1.6/actionmailer/test/fixtures/base_test/late_inline_attachment_mailer/on_render.erb 1969-12-31 21:00:00.000000000 -0300 +++ rails-4.1.8/actionmailer/test/fixtures/base_test/late_inline_attachment_mailer/on_render.erb 2014-11-16 17:42:07.000000000 -0200 @@ -0,0 +1,7 @@ +<h1>Adding an inline image while rendering</h1> + +<% controller.attachments.inline["controller_attachments.jpg"] = 'via controller.attachments.inline' %> +<%= image_tag attachments['controller_attachments.jpg'].url %> + +<% attachments.inline["attachments.jpg"] = 'via attachments.inline' %> +<%= image_tag attachments['attachments.jpg'].url %> diff -Nru rails-4.1.6/actionpack/CHANGELOG.md rails-4.1.8/actionpack/CHANGELOG.md --- rails-4.1.6/actionpack/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,16 @@ +* Fix regression where path was getting overwritten when route anchor was false, and X-Cascade pass + + fixes #17035. + + *arthurnn* + +* Fix a bug where malformed query strings lead to 500. + + fixes #11502. + + *Yuki Nishijima* + + ## Rails 4.1.6 (September 11, 2014) ## * Prepend a JS comment to JSONP callbacks. Addresses CVE-2014-4671 diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/http/request.rb rails-4.1.8/actionpack/lib/action_dispatch/http/request.rb --- rails-4.1.6/actionpack/lib/action_dispatch/http/request.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/http/request.rb 2014-11-16 17:42:07.000000000 -0200 @@ -315,7 +315,7 @@ private def check_method(name) - HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}") + HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS[0...-1].join(', ')}, and #{HTTP_METHODS[-1]}") name end end diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/journey/formatter.rb rails-4.1.8/actionpack/lib/action_dispatch/journey/formatter.rb --- rails-4.1.6/actionpack/lib/action_dispatch/journey/formatter.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/journey/formatter.rb 2014-11-16 17:42:07.000000000 -0200 @@ -34,7 +34,7 @@ end message = "No route matches #{Hash[constraints.sort].inspect}" - message << " missing required keys: #{missing_keys.sort.inspect}" if name + message << " missing required keys: #{missing_keys.sort.inspect}" unless missing_keys.empty? raise ActionController::UrlGenerationError, message end diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/journey/router.rb rails-4.1.8/actionpack/lib/action_dispatch/journey/router.rb --- rails-4.1.6/actionpack/lib/action_dispatch/journey/router.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/journey/router.rb 2014-11-16 17:42:07.000000000 -0200 @@ -63,9 +63,9 @@ unless route.path.anchored env['SCRIPT_NAME'] = (script_name.to_s + match.to_s).chomp('/') - path_info = match.post_match - env['PATH_INFO'] = path_info - env['PATH_INFO'] = "/" + path_info unless path_info.start_with? "/" + matched_path = match.post_match + env['PATH_INFO'] = matched_path + env['PATH_INFO'] = "/" + matched_path unless matched_path.start_with? "/" end env[@params_key] = (set_params || {}).merge parameters diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb rails-4.1.8/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb --- rails-4.1.6/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -6,16 +6,17 @@ cattr_accessor :rescue_responses @@rescue_responses = Hash.new(:internal_server_error) @@rescue_responses.merge!( - 'ActionController::RoutingError' => :not_found, - 'AbstractController::ActionNotFound' => :not_found, - 'ActionController::MethodNotAllowed' => :method_not_allowed, - 'ActionController::UnknownHttpMethod' => :method_not_allowed, - 'ActionController::NotImplemented' => :not_implemented, - 'ActionController::UnknownFormat' => :not_acceptable, - 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity, - 'ActionDispatch::ParamsParser::ParseError' => :bad_request, - 'ActionController::BadRequest' => :bad_request, - 'ActionController::ParameterMissing' => :bad_request + 'ActionController::RoutingError' => :not_found, + 'AbstractController::ActionNotFound' => :not_found, + 'ActionController::MethodNotAllowed' => :method_not_allowed, + 'ActionController::UnknownHttpMethod' => :method_not_allowed, + 'ActionController::NotImplemented' => :not_implemented, + 'ActionController::UnknownFormat' => :not_acceptable, + 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity, + 'ActionController::InvalidCrossOriginRequest' => :unprocessable_entity, + 'ActionDispatch::ParamsParser::ParseError' => :bad_request, + 'ActionController::BadRequest' => :bad_request, + 'ActionController::ParameterMissing' => :bad_request ) cattr_accessor :rescue_templates diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/middleware/public_exceptions.rb rails-4.1.8/actionpack/lib/action_dispatch/middleware/public_exceptions.rb --- rails-4.1.6/actionpack/lib/action_dispatch/middleware/public_exceptions.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/middleware/public_exceptions.rb 2014-11-16 17:42:07.000000000 -0200 @@ -9,8 +9,12 @@ def call(env) status = env["PATH_INFO"][1..-1] request = ActionDispatch::Request.new(env) - content_type = request.formats.first body = { :status => status, :error => Rack::Utils::HTTP_STATUS_CODES.fetch(status.to_i, Rack::Utils::HTTP_STATUS_CODES[500]) } + content_type = begin + request.formats.first + rescue ActionController::BadRequest + Mime::HTML + end render(status, content_type, body) end diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/middleware/static.rb rails-4.1.8/actionpack/lib/action_dispatch/middleware/static.rb --- rails-4.1.6/actionpack/lib/action_dispatch/middleware/static.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/middleware/static.rb 2014-11-16 17:42:07.000000000 -0200 @@ -14,11 +14,12 @@ path = unescape_path(path) return false unless path.valid_encoding? - full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(path)) + full_path = path.empty? ? @root : File.join(@root, + clean_path_info(escape_glob_chars(path))) paths = "#{full_path}#{ext}" matches = Dir[paths] - match = matches.detect { |m| File.file?(m) } + match = matches.detect { |m| File.file?(m) && File.readable?(m) } if match match.sub!(@compiled_root, '') ::Rack::Utils.escape(match) @@ -41,7 +42,26 @@ end def escape_glob_chars(path) - path.gsub(/[*?{}\[\]]/, "\\\\\\&") + path.gsub(/[*?{}\[\]\\]/, "\\\\\\&") + end + + private + + PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact) + + def clean_path_info(path_info) + parts = path_info.split PATH_SEPS + + clean = [] + + parts.each do |part| + next if part.empty? || part == '.' + part == '..' ? clean.pop : clean << part + end + + clean.unshift '/' if parts.empty? || parts.first.empty? + + ::File.join(*clean) end end diff -Nru rails-4.1.6/actionpack/lib/action_dispatch/testing/assertions/routing.rb rails-4.1.8/actionpack/lib/action_dispatch/testing/assertions/routing.rb --- rails-4.1.6/actionpack/lib/action_dispatch/testing/assertions/routing.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_dispatch/testing/assertions/routing.rb 2014-11-16 17:42:07.000000000 -0200 @@ -38,7 +38,7 @@ # # Test a custom route # assert_recognizes({controller: 'items', action: 'show', id: '1'}, 'view/item1') def assert_recognizes(expected_options, path, extras={}, msg=nil) - request = recognized_request_for(path, extras) + request = recognized_request_for(path, extras, msg) expected_options = expected_options.clone @@ -69,9 +69,9 @@ # # # Asserts that the generated route gives us our custom route # assert_generates "changesets/12", { controller: 'scm', action: 'show_diff', revision: "12" } - def assert_generates(expected_path, options, defaults={}, extras = {}, message=nil) + def assert_generates(expected_path, options, defaults={}, extras={}, message=nil) if expected_path =~ %r{://} - fail_on(URI::InvalidURIError) do + fail_on(URI::InvalidURIError, message) do uri = URI.parse(expected_path) expected_path = uri.path.to_s.empty? ? "/" : uri.path end @@ -174,7 +174,7 @@ private # Recognizes the route for a given path. - def recognized_request_for(path, extras = {}) + def recognized_request_for(path, extras = {}, msg) if path.is_a?(Hash) method = path[:method] path = path[:path] @@ -186,7 +186,7 @@ request = ActionController::TestRequest.new if path =~ %r{://} - fail_on(URI::InvalidURIError) do + fail_on(URI::InvalidURIError, msg) do uri = URI.parse(path) request.env["rack.url_scheme"] = uri.scheme || "http" request.host = uri.host if uri.host @@ -200,7 +200,7 @@ request.request_method = method if method - params = fail_on(ActionController::RoutingError) do + params = fail_on(ActionController::RoutingError, msg) do @routes.recognize_path(path, { :method => method, :extras => extras }) end request.path_parameters = params.with_indifferent_access @@ -208,10 +208,10 @@ request end - def fail_on(exception_class) + def fail_on(exception_class, message) yield rescue exception_class => e - raise Minitest::Assertion, e.message + raise Minitest::Assertion, message || e.message end end end diff -Nru rails-4.1.6/actionpack/lib/action_pack/gem_version.rb rails-4.1.8/actionpack/lib/action_pack/gem_version.rb --- rails-4.1.6/actionpack/lib/action_pack/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/lib/action_pack/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/actionpack/test/controller/integration_test.rb rails-4.1.8/actionpack/test/controller/integration_test.rb --- rails-4.1.6/actionpack/test/controller/integration_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/controller/integration_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -615,6 +615,8 @@ get 'bar', :to => 'application_integration_test/test#index', :as => :bar mount MountedApp => '/mounted', :as => "mounted" + get 'fooz' => proc { |env| [ 200, {'X-Cascade' => 'pass'}, [ "omg" ] ] }, anchor: false + get 'fooz', :to => 'application_integration_test/test#index' end def app @@ -631,6 +633,12 @@ assert_equal '/mounted/baz', mounted.baz_path end + test "path after cascade pass" do + get '/fooz' + assert_equal 'index', response.body + assert_equal '/fooz', path + end + test "route helpers after controller access" do get '/' assert_equal '/', empty_string_path diff -Nru rails-4.1.6/actionpack/test/dispatch/request_test.rb rails-4.1.8/actionpack/test/dispatch/request_test.rb --- rails-4.1.6/actionpack/test/dispatch/request_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/dispatch/request_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -459,6 +459,22 @@ end end + test "exception on invalid HTTP method unaffected by I18n settings" do + old_locales = I18n.available_locales + old_enforce = I18n.config.enforce_available_locales + + begin + I18n.available_locales = [:nl] + I18n.config.enforce_available_locales = true + assert_raise(ActionController::UnknownHttpMethod) do + stub_request('REQUEST_METHOD' => '_RANDOM_METHOD').method + end + ensure + I18n.available_locales = old_locales + I18n.config.enforce_available_locales = old_enforce + end + end + test "post masquerading as patch" do request = stub_request 'REQUEST_METHOD' => 'PATCH', "rack.methodoverride.original_method" => "POST" assert_equal "POST", request.method diff -Nru rails-4.1.6/actionpack/test/dispatch/routing_assertions_test.rb rails-4.1.8/actionpack/test/dispatch/routing_assertions_test.rb --- rails-4.1.6/actionpack/test/dispatch/routing_assertions_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/dispatch/routing_assertions_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -74,10 +74,26 @@ assert_recognizes({ :controller => 'query_articles', :action => 'index', :use_query => 'true' }, '/query/articles', { :use_query => 'true' }) end + def test_assert_recognizes_raises_message + err = assert_raise(Assertion) do + assert_recognizes({ :controller => 'secure_articles', :action => 'index' }, 'http://test.host/secure/articles', {}, "This is a really bad msg") + end + + assert_match err.message, "This is a really bad msg" + end + def test_assert_routing assert_routing('/articles', :controller => 'articles', :action => 'index') end + def test_assert_routing_raises_message + err = assert_raise(Assertion) do + assert_routing('/thisIsNotARoute', { :controller => 'articles', :action => 'edit', :id => '1' }, { :id => '1' }, {}, "This is a really bad msg") + end + + assert_match err.message, "This is a really bad msg" + end + def test_assert_routing_with_defaults assert_routing('/articles/1/edit', { :controller => 'articles', :action => 'edit', :id => '1' }, { :id => '1' }) end diff -Nru rails-4.1.6/actionpack/test/dispatch/show_exceptions_test.rb rails-4.1.8/actionpack/test/dispatch/show_exceptions_test.rb --- rails-4.1.6/actionpack/test/dispatch/show_exceptions_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/dispatch/show_exceptions_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -8,7 +8,7 @@ case req.path when "/not_found" raise AbstractController::ActionNotFound - when "/bad_params" + when "/bad_params", "/bad_params?x[y]=1&x[y][][w]=2" raise ActionDispatch::ParamsParser::ParseError.new("", StandardError.new) when "/method_not_allowed" raise ActionController::MethodNotAllowed @@ -53,6 +53,12 @@ get "/unknown_http_method", {}, {'action_dispatch.show_exceptions' => true} assert_response 405 assert_equal "", body + + # Use #post instead of #get as Rack::Test::Session parses + # a query string before ActionDispatch::Request does it. + post "/bad_params?x[y]=1&x[y][][w]=2", {}, {'action_dispatch.show_exceptions' => true} + assert_response 400 + assert_equal "400 error fixture\n", body end test "localize rescue error page" do diff -Nru rails-4.1.6/actionpack/test/dispatch/static_test.rb rails-4.1.8/actionpack/test/dispatch/static_test.rb --- rails-4.1.6/actionpack/test/dispatch/static_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/dispatch/static_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -1,5 +1,6 @@ # encoding: utf-8 require 'abstract_unit' +require 'fileutils' require 'rbconfig' module StaticTests @@ -154,7 +155,8 @@ } def setup - @app = ActionDispatch::Static.new(DummyApp, "#{FIXTURE_LOAD_PATH}/public", "public, max-age=60") + @root = "#{FIXTURE_LOAD_PATH}/public" + @app = ActionDispatch::Static.new(DummyApp, @root, "public, max-age=60") end def public_path @@ -162,11 +164,68 @@ end include StaticTests + + def test_custom_handler_called_when_file_is_not_readable + filename = 'unreadable.html.erb' + target = File.join(@root, filename) + FileUtils.touch target + File.chmod 0200, target + assert File.exist? target + assert !File.readable?(target) + path = "/#{filename}" + env = { + "REQUEST_METHOD"=>"GET", + "REQUEST_PATH"=> path, + "PATH_INFO"=> path, + "REQUEST_URI"=> path, + "HTTP_VERSION"=>"HTTP/1.1", + "SERVER_NAME"=>"localhost", + "SERVER_PORT"=>"8080", + "QUERY_STRING"=>"" + } + assert_equal(DummyApp.call(nil), @app.call(env)) + ensure + File.unlink target + end + + def test_custom_handler_called_when_file_is_outside_root_backslash + filename = 'shared.html.erb' + assert File.exist?(File.join(@root, '..', filename)) + path = "/%5C..%2F#{filename}" + env = { + "REQUEST_METHOD"=>"GET", + "REQUEST_PATH"=> path, + "PATH_INFO"=> path, + "REQUEST_URI"=> path, + "HTTP_VERSION"=>"HTTP/1.1", + "SERVER_NAME"=>"localhost", + "SERVER_PORT"=>"8080", + "QUERY_STRING"=>"" + } + assert_equal(DummyApp.call(nil), @app.call(env)) + end + + def test_custom_handler_called_when_file_is_outside_root + filename = 'shared.html.erb' + assert File.exist?(File.join(@root, '..', filename)) + env = { + "REQUEST_METHOD"=>"GET", + "REQUEST_PATH"=>"/..%2F#{filename}", + "PATH_INFO"=>"/..%2F#{filename}", + "REQUEST_URI"=>"/..%2F#{filename}", + "HTTP_VERSION"=>"HTTP/1.1", + "SERVER_NAME"=>"localhost", + "SERVER_PORT"=>"8080", + "QUERY_STRING"=>"" + } + assert_equal(DummyApp.call(nil), @app.call(env)) + end end class StaticEncodingTest < StaticTest def setup - @app = ActionDispatch::Static.new(DummyApp, "#{FIXTURE_LOAD_PATH}/公共", "public, max-age=60") + @root = "#{FIXTURE_LOAD_PATH}/公共" + @app = ActionDispatch::Static.new(DummyApp, @root, "public, max-age=60") end def public_path diff -Nru rails-4.1.6/actionpack/test/journey/router_test.rb rails-4.1.8/actionpack/test/journey/router_test.rb --- rails-4.1.6/actionpack/test/journey/router_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionpack/test/journey/router_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -205,6 +205,16 @@ assert_match(/missing required keys: \[:id\]/, error.message) end + def test_does_not_include_missing_keys_message + route_name = "gorby_thunderhorse" + + error = assert_raises(ActionController::UrlGenerationError) do + @formatter.generate(route_name, { }, { }) + end + + assert_no_match(/missing required keys: \[\]/, error.message) + end + def test_X_Cascade add_routes @router, [ "/messages(.:format)" ] resp = @router.call({ 'REQUEST_METHOD' => 'GET', 'PATH_INFO' => '/lol' }) diff -Nru rails-4.1.6/actionview/CHANGELOG.md rails-4.1.8/actionview/CHANGELOG.md --- rails-4.1.6/actionview/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,10 @@ +* Update `select_tag` to work correctly with `:include_blank` option passing a string. + + Fixes #16483. + + *Frank Groeneveld* + + ## Rails 4.1.6 (September 11, 2014) ## * Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree. diff -Nru rails-4.1.6/actionview/lib/action_view/gem_version.rb rails-4.1.8/actionview/lib/action_view/gem_version.rb --- rails-4.1.6/actionview/lib/action_view/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/lib/action_view/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/actionview/lib/action_view/helpers/form_tag_helper.rb rails-4.1.8/actionview/lib/action_view/helpers/form_tag_helper.rb --- rails-4.1.6/actionview/lib/action_view/helpers/form_tag_helper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/lib/action_view/helpers/form_tag_helper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -35,10 +35,10 @@ # This is helpful when you're fragment-caching the form. Remote forms get the # authenticity token from the <tt>meta</tt> tag, so embedding is unnecessary unless you # support browsers without JavaScript. - # * A list of parameters to feed to the URL the form will be posted to. # * <tt>:remote</tt> - If set to true, will allow the Unobtrusive JavaScript drivers to control the # submit behavior. By default this behavior is an ajax submit. # * <tt>:enforce_utf8</tt> - If set to false, a hidden input with name utf8 is not output. + # * Any other key creates standard HTML attributes for the tag. # # ==== Examples # form_tag('/posts') @@ -126,12 +126,18 @@ option_tags ||= "" html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name - if options.delete(:include_blank) - option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags) + if options.include?(:include_blank) + include_blank = options.delete(:include_blank) + + if include_blank == true + include_blank = '' + end + + option_tags = content_tag(:option, include_blank, value: '').safe_concat(option_tags) end if prompt = options.delete(:prompt) - option_tags = content_tag(:option, prompt, :value => '').safe_concat(option_tags) + option_tags = content_tag(:option, prompt, value: '').safe_concat(option_tags) end content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys) diff -Nru rails-4.1.6/actionview/lib/action_view/helpers/sanitize_helper.rb rails-4.1.8/actionview/lib/action_view/helpers/sanitize_helper.rb --- rails-4.1.6/actionview/lib/action_view/helpers/sanitize_helper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/lib/action_view/helpers/sanitize_helper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -34,7 +34,7 @@ # Add table tags to the default allowed tags # # class Application < Rails::Application - # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' + # config.action_view.sanitized_allowed_tags = ['table', 'tr', 'td'] # end # # Remove tags to the default allowed tags @@ -174,7 +174,7 @@ # Adds valid HTML attributes that the +sanitize+ helper checks for URIs. # # class Application < Rails::Application - # config.action_view.sanitized_uri_attributes = 'lowsrc', 'target' + # config.action_view.sanitized_uri_attributes = ['lowsrc', 'target'] # end # def sanitized_uri_attributes=(attributes) @@ -184,7 +184,7 @@ # Adds to the Set of 'bad' tags for the +sanitize+ helper. # # class Application < Rails::Application - # config.action_view.sanitized_bad_tags = 'embed', 'object' + # config.action_view.sanitized_bad_tags = ['embed', 'object'] # end # def sanitized_bad_tags=(attributes) @@ -194,7 +194,7 @@ # Adds to the Set of allowed tags for the +sanitize+ helper. # # class Application < Rails::Application - # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' + # config.action_view.sanitized_allowed_tags = ['table', 'tr', 'td'] # end # def sanitized_allowed_tags=(attributes) @@ -214,7 +214,7 @@ # Adds to the Set of allowed CSS properties for the #sanitize and +sanitize_css+ helpers. # # class Application < Rails::Application - # config.action_view.sanitized_allowed_css_properties = 'expression' + # config.action_view.sanitized_allowed_css_properties = ['expression'] # end # def sanitized_allowed_css_properties=(attributes) @@ -224,7 +224,7 @@ # Adds to the Set of allowed CSS keywords for the +sanitize+ and +sanitize_css+ helpers. # # class Application < Rails::Application - # config.action_view.sanitized_allowed_css_keywords = 'expression' + # config.action_view.sanitized_allowed_css_keywords = ['expression'] # end # def sanitized_allowed_css_keywords=(attributes) @@ -234,7 +234,7 @@ # Adds to the Set of allowed shorthand CSS properties for the +sanitize+ and +sanitize_css+ helpers. # # class Application < Rails::Application - # config.action_view.sanitized_shorthand_css_properties = 'expression' + # config.action_view.sanitized_shorthand_css_properties = ['expression'] # end # def sanitized_shorthand_css_properties=(attributes) @@ -244,7 +244,7 @@ # Adds to the Set of allowed protocols for the +sanitize+ helper. # # class Application < Rails::Application - # config.action_view.sanitized_allowed_protocols = 'ssh', 'feed' + # config.action_view.sanitized_allowed_protocols = ['ssh', 'feed'] # end # def sanitized_allowed_protocols=(attributes) diff -Nru rails-4.1.6/actionview/lib/action_view/helpers/tags/base.rb rails-4.1.8/actionview/lib/action_view/helpers/tags/base.rb --- rails-4.1.6/actionview/lib/action_view/helpers/tags/base.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/lib/action_view/helpers/tags/base.rb 2014-11-16 17:42:07.000000000 -0200 @@ -25,7 +25,7 @@ private def value(object) - object.send @method_name if object + object.public_send @method_name if object end def value_before_type_cast(object) diff -Nru rails-4.1.6/actionview/lib/action_view/helpers/translation_helper.rb rails-4.1.8/actionview/lib/action_view/helpers/translation_helper.rb --- rails-4.1.6/actionview/lib/action_view/helpers/translation_helper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/lib/action_view/helpers/translation_helper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -5,6 +5,7 @@ # = Action View Translation Helpers module Helpers module TranslationHelper + include TagHelper # Delegates to <tt>I18n#translate</tt> but also performs three additional functions. # # First, it will ensure that any thrown +MissingTranslation+ messages will be turned diff -Nru rails-4.1.6/actionview/test/template/form_helper_test.rb rails-4.1.8/actionview/test/template/form_helper_test.rb --- rails-4.1.6/actionview/test/template/form_helper_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/test/template/form_helper_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -1512,6 +1512,20 @@ assert_dom_equal expected, output_buffer end + def test_form_tags_do_not_call_private_properties_on_form_object + obj = Class.new do + private + + def private_property + raise "This method should not be called." + end + end.new + + form_for(obj, as: "other_name", url: '/', html: { id: "edit-other-name" }) do |f| + assert_raise(NoMethodError) { f.hidden_field(:private_property) } + end + end + def test_form_for_with_method_as_part_of_html_options form_for(@post, url: '/', html: { id: 'create-post', method: :delete }) do |f| concat f.text_field(:title) diff -Nru rails-4.1.6/actionview/test/template/form_tag_helper_test.rb rails-4.1.8/actionview/test/template/form_tag_helper_test.rb --- rails-4.1.6/actionview/test/template/form_tag_helper_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/test/template/form_tag_helper_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -222,6 +222,12 @@ assert_dom_equal expected, actual end + def test_select_tag_with_include_blank_string + actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, include_blank: 'Choose' + expected = %(<select id="places" name="places"><option value="">Choose</option><option>Home</option><option>Work</option><option>Pub</option></select>) + assert_dom_equal expected, actual + end + def test_select_tag_with_prompt actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :prompt => "string" expected = %(<select id="places" name="places"><option value="">string</option><option>Home</option><option>Work</option><option>Pub</option></select>) diff -Nru rails-4.1.6/actionview/test/template/translation_helper_test.rb rails-4.1.8/actionview/test/template/translation_helper_test.rb --- rails-4.1.6/actionview/test/template/translation_helper_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/actionview/test/template/translation_helper_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -1,7 +1,6 @@ require 'abstract_unit' class TranslationHelperTest < ActiveSupport::TestCase - include ActionView::Helpers::TagHelper include ActionView::Helpers::TranslationHelper attr_reader :request, :view diff -Nru rails-4.1.6/activemodel/lib/active_model/gem_version.rb rails-4.1.8/activemodel/lib/active_model/gem_version.rb --- rails-4.1.6/activemodel/lib/active_model/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activemodel/lib/active_model/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/activerecord/CHANGELOG.md rails-4.1.8/activerecord/CHANGELOG.md --- rails-4.1.6/activerecord/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,41 @@ +* Do not use `RENAME INDEX` syntax for MariaDB 10.0. + + Fixes #15931. + + *Jeff Browning* + +* Allow included modules to override association methods. + + Fixes #16684. + + *Yves Senn* + +* Schema loading rake tasks (like `db:schema:load` and `db:setup`) maintain + the database connection to the current environment. + + Fixes #16757. + + *Joshua Cody*, *Yves Senn* + +* `db:purge` with MySQL respects `Rails.env`. + + *Yves Senn* + +* Fixed automatic maintaining test schema to properly handle sql structure + schema format. + + Fixes #15394. + + *Wojciech Wnętrzak* + +* Fix has_many :through relation merging failing when dynamic conditions are + passed as a lambda with an arity of one. + + Fixes #16128. + + *Agis Anastasopoulos* + + ## Rails 4.1.6 (September 11, 2014) ## * Fixed a regression where whitespaces were stripped from DISTINCT queries in diff -Nru rails-4.1.6/activerecord/lib/active_record/associations/through_association.rb rails-4.1.8/activerecord/lib/active_record/associations/through_association.rb --- rails-4.1.6/activerecord/lib/active_record/associations/through_association.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/associations/through_association.rb 2014-11-16 17:42:07.000000000 -0200 @@ -15,7 +15,11 @@ scope = super chain.drop(1).each do |reflection| relation = reflection.klass.all - relation.merge!(reflection.scope) if reflection.scope + + reflection_scope = reflection.scope + if reflection_scope && reflection_scope.arity.zero? + relation.merge!(reflection_scope) + end scope.merge!( relation.except(:select, :create_with, :includes, :preload, :joins, :eager_load) diff -Nru rails-4.1.6/activerecord/lib/active_record/attribute_methods.rb rails-4.1.8/activerecord/lib/active_record/attribute_methods.rb --- rails-4.1.6/activerecord/lib/active_record/attribute_methods.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/attribute_methods.rb 2014-11-16 17:42:07.000000000 -0200 @@ -29,7 +29,7 @@ end } - BLACKLISTED_CLASS_METHODS = %w(private public protected) + BLACKLISTED_CLASS_METHODS = %w(private public protected allocate new name parent superclass) class AttributeMethodCache def initialize @@ -63,6 +63,8 @@ @generated_attribute_methods = GeneratedAttributeMethods.new { extend Mutex_m } @attribute_methods_generated = false include @generated_attribute_methods + + super end # Generates all the attribute related methods for columns in the database @@ -103,7 +105,7 @@ # # => false def instance_method_already_implemented?(method_name) if dangerous_attribute_method?(method_name) - raise DangerousAttributeError, "#{method_name} is defined by Active Record" + raise DangerousAttributeError, "#{method_name} is defined by Active Record. Check to make sure that you don't have an attribute or method with the same name." end if superclass == Base diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb rails-4.1.8/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb --- rails-4.1.6/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb 2014-11-16 17:42:07.000000000 -0200 @@ -30,7 +30,12 @@ # BigDecimals need to be put in a non-normalized form and quoted. when nil then "NULL" when BigDecimal then value.to_s('F') - when Numeric, ActiveSupport::Duration then value.to_s + when Numeric, ActiveSupport::Duration + if column.try(:type) == :string + quote(value.to_s, column) + else + value.to_s + end when Date, Time then "'#{quoted_date(value)}'" when Symbol then "'#{quote_string(value.to_s)}'" when Class then "'#{value.to_s}'" diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb rails-4.1.8/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb --- rails-4.1.6/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb 2014-11-16 17:42:07.000000000 -0200 @@ -489,7 +489,7 @@ end def rename_index(table_name, old_name, new_name) - if (version[0] == 5 && version[1] >= 7) || version[0] >= 6 + if supports_rename_index? execute "ALTER TABLE #{quote_table_name(table_name)} RENAME INDEX #{quote_table_name(old_name)} TO #{quote_table_name(new_name)}" else super @@ -727,10 +727,22 @@ private + def version + @version ||= full_version.scan(/^(\d+)\.(\d+)\.(\d+)/).flatten.map { |v| v.to_i } + end + + def mariadb? + full_version =~ /mariadb/i + end + def supports_views? version[0] >= 5 end + def supports_rename_index? + mariadb? ? false : (version[0] == 5 && version[1] >= 7) || version[0] >= 6 + end + def column_for(table_name, column_name) unless column = columns(table_name).find { |c| c.name == column_name.to_s } raise "No such column: #{table_name}.#{column_name}" diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb rails-4.1.8/activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb --- rails-4.1.6/activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_adapters/mysql2_adapter.rb 2014-11-16 17:42:07.000000000 -0200 @@ -272,8 +272,8 @@ super end - def version - @version ||= @connection.info[:version].scan(/^(\d+)\.(\d+)\.(\d+)/).flatten.map { |v| v.to_i } + def full_version + @full_version ||= @connection.info[:version] end def set_field_encoding field_name diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb rails-4.1.8/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb --- rails-4.1.6/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_adapters/mysql_adapter.rb 2014-11-16 17:42:07.000000000 -0200 @@ -558,9 +558,9 @@ rows end - # Returns the version of the connected MySQL server. - def version - @version ||= @connection.server_info.scan(/^(\d+)\.(\d+)\.(\d+)/).flatten.map { |v| v.to_i } + # Returns the full version of the connected MySQL server. + def full_version + @full_version ||= @connection.server_info end def set_field_encoding field_name diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb rails-4.1.8/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb --- rails-4.1.6/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_adapters/postgresql/schema_statements.rb 2014-11-16 17:42:07.000000000 -0200 @@ -56,8 +56,8 @@ def create_database(name, options = {}) options = { encoding: 'utf8' }.merge!(options.symbolize_keys) - option_string = options.sum do |key, value| - case key + option_string = options.inject("") do |memo, (key, value)| + memo += case key when :owner " OWNER = \"#{value}\"" when :template diff -Nru rails-4.1.6/activerecord/lib/active_record/connection_handling.rb rails-4.1.8/activerecord/lib/active_record/connection_handling.rb --- rails-4.1.6/activerecord/lib/active_record/connection_handling.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/connection_handling.rb 2014-11-16 17:42:07.000000000 -0200 @@ -1,6 +1,6 @@ module ActiveRecord module ConnectionHandling - RAILS_ENV = -> { Rails.env if defined?(Rails) } + RAILS_ENV = -> { (Rails.env if defined?(Rails)) || ENV["RAILS_ENV"] || ENV["RACK_ENV"] } DEFAULT_ENV = -> { RAILS_ENV.call || "default_env" } # Establishes the connection to the database. Accepts a hash as input where diff -Nru rails-4.1.6/activerecord/lib/active_record/core.rb rails-4.1.8/activerecord/lib/active_record/core.rb --- rails-4.1.6/activerecord/lib/active_record/core.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/core.rb 2014-11-16 17:42:07.000000000 -0200 @@ -108,8 +108,6 @@ module ClassMethods def initialize_generated_modules - super - generated_association_methods end diff -Nru rails-4.1.6/activerecord/lib/active_record/fixtures.rb rails-4.1.8/activerecord/lib/active_record/fixtures.rb --- rails-4.1.6/activerecord/lib/active_record/fixtures.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/fixtures.rb 2014-11-16 17:42:07.000000000 -0200 @@ -124,7 +124,7 @@ # that is included in <tt>ActiveRecord::FixtureSet.context_class</tt>. # # - define a helper method in `test_helper.rb` - # class FixtureFileHelpers + # module FixtureFileHelpers # def file_sha(path) # Digest::SHA2.hexdigest(File.read(Rails.root.join('test/fixtures', path))) # end @@ -861,11 +861,11 @@ def try_to_load_dependency(file_name) require_dependency file_name rescue LoadError => e - # Let's hope the developer has included it - # Let's warn in case this is a subdependency, otherwise - # subdependency error messages are totally cryptic - if ActiveRecord::Base.logger - ActiveRecord::Base.logger.warn("Unable to load #{file_name}, underlying cause #{e.message} \n\n #{e.backtrace.join("\n")}") + unless fixture_class_names.key?(file_name.pluralize) + if ActiveRecord::Base.logger + ActiveRecord::Base.logger.warn("Unable to load #{file_name}, make sure you added it to ActiveSupport::TestCase.set_fixture_class") + ActiveRecord::Base.logger.warn("underlying cause #{e.message} \n\n #{e.backtrace.join("\n")}") + end end end diff -Nru rails-4.1.6/activerecord/lib/active_record/gem_version.rb rails-4.1.8/activerecord/lib/active_record/gem_version.rb --- rails-4.1.6/activerecord/lib/active_record/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/activerecord/lib/active_record/migration.rb rails-4.1.8/activerecord/lib/active_record/migration.rb --- rails-4.1.6/activerecord/lib/active_record/migration.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/migration.rb 2014-11-16 17:42:07.000000000 -0200 @@ -391,7 +391,7 @@ def load_schema_if_pending! if ActiveRecord::Migrator.needs_migration? - ActiveRecord::Tasks::DatabaseTasks.load_schema + ActiveRecord::Tasks::DatabaseTasks.load_schema_current check_pending! end end diff -Nru rails-4.1.6/activerecord/lib/active_record/persistence.rb rails-4.1.8/activerecord/lib/active_record/persistence.rb --- rails-4.1.6/activerecord/lib/active_record/persistence.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/persistence.rb 2014-11-16 17:42:07.000000000 -0200 @@ -404,8 +404,8 @@ end # Saves the record with the updated_at/on attributes set to the current time. - # Please note that no validation is performed and only the +after_touch+ - # callback is executed. + # Please note that no validation is performed and only the +after_touch+, + # +after_commit+ and +after_rollback+ callbacks are executed. # If an attribute name is passed, that attribute is updated along with # updated_at/on attributes. # diff -Nru rails-4.1.6/activerecord/lib/active_record/railties/databases.rake rails-4.1.8/activerecord/lib/active_record/railties/databases.rake --- rails-4.1.6/activerecord/lib/active_record/railties/databases.rake 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/railties/databases.rake 2014-11-16 17:42:07.000000000 -0200 @@ -235,7 +235,7 @@ desc 'Load a schema.rb file into the database' task :load => [:environment, :load_config] do - ActiveRecord::Tasks::DatabaseTasks.load_schema(:ruby, ENV['SCHEMA']) + ActiveRecord::Tasks::DatabaseTasks.load_schema_current(:ruby, ENV['SCHEMA']) end task :load_if_ruby => ['db:create', :environment] do @@ -281,7 +281,7 @@ # desc "Recreate the databases from the structure.sql file" task :load => [:environment, :load_config] do - ActiveRecord::Tasks::DatabaseTasks.load_schema(:sql, ENV['DB_STRUCTURE']) + ActiveRecord::Tasks::DatabaseTasks.load_schema_current(:sql, ENV['DB_STRUCTURE']) end task :load_if_sql => ['db:create', :environment] do @@ -312,9 +312,8 @@ task :load_schema => %w(db:test:deprecated db:test:purge) do begin should_reconnect = ActiveRecord::Base.connection_pool.active_connection? - ActiveRecord::Base.establish_connection(ActiveRecord::Base.configurations['test']) ActiveRecord::Schema.verbose = false - db_namespace["schema:load"].invoke + ActiveRecord::Tasks::DatabaseTasks.load_schema_for ActiveRecord::Base.configurations['test'], :ruby, ENV['SCHEMA'] ensure if should_reconnect ActiveRecord::Base.establish_connection(ActiveRecord::Base.configurations[ActiveRecord::Tasks::DatabaseTasks.env]) @@ -324,12 +323,7 @@ # desc "Recreate the test database from an existent structure.sql file" task :load_structure => %w(db:test:deprecated db:test:purge) do - begin - ActiveRecord::Tasks::DatabaseTasks.current_config(:config => ActiveRecord::Base.configurations['test']) - db_namespace["structure:load"].invoke - ensure - ActiveRecord::Tasks::DatabaseTasks.current_config(:config => nil) - end + ActiveRecord::Tasks::DatabaseTasks.load_schema_for ActiveRecord::Base.configurations['test'], :sql, ENV['SCHEMA'] end # desc "Recreate the test database from a fresh schema" diff -Nru rails-4.1.6/activerecord/lib/active_record/relation/query_methods.rb rails-4.1.8/activerecord/lib/active_record/relation/query_methods.rb --- rails-4.1.6/activerecord/lib/active_record/relation/query_methods.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/relation/query_methods.rb 2014-11-16 17:42:07.000000000 -0200 @@ -866,6 +866,13 @@ arel.from(build_from) if from_value arel.lock(lock_value) if lock_value + # Reorder bind indexes if joins produced bind values + bvs = arel.bind_values + bind_values + arel.ast.grep(Arel::Nodes::BindParam).each_with_index do |bp, i| + column = bvs[i].first + bp.replace connection.substitute_at(column, i) + end + arel end diff -Nru rails-4.1.6/activerecord/lib/active_record/tasks/database_tasks.rb rails-4.1.8/activerecord/lib/active_record/tasks/database_tasks.rb --- rails-4.1.6/activerecord/lib/active_record/tasks/database_tasks.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/tasks/database_tasks.rb 2014-11-16 17:42:07.000000000 -0200 @@ -157,20 +157,36 @@ end def load_schema(format = ActiveRecord::Base.schema_format, file = nil) + load_schema_current(format, file) + end + + # This method is the successor of +load_schema+. We should rename it + # after +load_schema+ went through a deprecation cycle. (Rails > 4.2) + def load_schema_for(configuration, format = ActiveRecord::Base.schema_format, file = nil) # :nodoc: case format when :ruby file ||= File.join(db_dir, "schema.rb") check_schema_file(file) + purge(configuration) + ActiveRecord::Base.establish_connection(configuration) load(file) when :sql file ||= File.join(db_dir, "structure.sql") check_schema_file(file) - structure_load(current_config, file) + purge(configuration) + structure_load(configuration, file) else raise ArgumentError, "unknown format #{format.inspect}" end end + def load_schema_current(format = ActiveRecord::Base.schema_format, file = nil, environment = env) + each_current_configuration(environment) { |configuration| + load_schema_for configuration, format, file + } + ActiveRecord::Base.establish_connection(environment.to_sym) + end + def check_schema_file(filename) unless File.exist?(filename) message = %{#{filename} doesn't exist yet. Run `rake db:migrate` to create it, then try again.} diff -Nru rails-4.1.6/activerecord/lib/active_record/tasks/mysql_database_tasks.rb rails-4.1.8/activerecord/lib/active_record/tasks/mysql_database_tasks.rb --- rails-4.1.6/activerecord/lib/active_record/tasks/mysql_database_tasks.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/tasks/mysql_database_tasks.rb 2014-11-16 17:42:07.000000000 -0200 @@ -42,7 +42,7 @@ end def purge - establish_connection :test + establish_connection configuration connection.recreate_database configuration['database'], creation_options end diff -Nru rails-4.1.6/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb rails-4.1.8/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb --- rails-4.1.6/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb 2014-11-16 17:42:07.000000000 -0200 @@ -21,7 +21,11 @@ FileUtils.rm(file) if File.exist?(file) end - alias :purge :drop + + def purge + drop + create + end def charset connection.encoding diff -Nru rails-4.1.6/activerecord/test/cases/adapters/mysql/connection_test.rb rails-4.1.8/activerecord/test/cases/adapters/mysql/connection_test.rb --- rails-4.1.6/activerecord/test/cases/adapters/mysql/connection_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/adapters/mysql/connection_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -138,12 +138,11 @@ assert_equal [["STRICT_ALL_TABLES"]], result.rows end - def test_mysql_strict_mode_disabled_dont_override_global_sql_mode + def test_mysql_strict_mode_disabled run_without_connection do |orig_connection| ActiveRecord::Base.establish_connection(orig_connection.merge({:strict => false})) - global_sql_mode = ActiveRecord::Base.connection.exec_query "SELECT @@GLOBAL.sql_mode" - session_sql_mode = ActiveRecord::Base.connection.exec_query "SELECT @@SESSION.sql_mode" - assert_equal global_sql_mode.rows, session_sql_mode.rows + result = ActiveRecord::Base.connection.exec_query "SELECT @@SESSION.sql_mode" + assert_equal [['']], result.rows end end diff -Nru rails-4.1.6/activerecord/test/cases/adapters/mysql2/connection_test.rb rails-4.1.8/activerecord/test/cases/adapters/mysql2/connection_test.rb --- rails-4.1.6/activerecord/test/cases/adapters/mysql2/connection_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/adapters/mysql2/connection_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -57,12 +57,11 @@ assert_equal [["STRICT_ALL_TABLES"]], result.rows end - def test_mysql_strict_mode_disabled_dont_override_global_sql_mode + def test_mysql_strict_mode_disabled run_without_connection do |orig_connection| ActiveRecord::Base.establish_connection(orig_connection.merge({:strict => false})) - global_sql_mode = ActiveRecord::Base.connection.exec_query "SELECT @@GLOBAL.sql_mode" - session_sql_mode = ActiveRecord::Base.connection.exec_query "SELECT @@SESSION.sql_mode" - assert_equal global_sql_mode.rows, session_sql_mode.rows + result = ActiveRecord::Base.connection.exec_query "SELECT @@SESSION.sql_mode" + assert_equal [['']], result.rows end end diff -Nru rails-4.1.6/activerecord/test/cases/associations_test.rb rails-4.1.8/activerecord/test/cases/associations_test.rb --- rails-4.1.6/activerecord/test/cases/associations_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/associations_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -23,7 +23,7 @@ class AssociationsTest < ActiveRecord::TestCase fixtures :accounts, :companies, :developers, :projects, :developers_projects, - :computers, :people, :readers + :computers, :people, :readers, :authors, :author_favorites def test_eager_loading_should_not_change_count_of_children liquid = Liquid.create(:name => 'salty') @@ -35,6 +35,13 @@ assert_equal 1, liquids[0].molecules.length end + def test_subselect + author = authors :david + favs = author.author_favorites + fav2 = author.author_favorites.where(:author => Author.where(id: author.id)).to_a + assert_equal favs, fav2 + end + def test_clear_association_cache_stored firm = Firm.find(1) assert_kind_of Firm, firm @@ -350,4 +357,18 @@ def test_model_method_overrides_association_method assert_equal(comments(:greetings).body, posts(:welcome).first_comment) end + + module MyModule + def comments; :none end + end + + class MyArticle < ActiveRecord::Base + self.table_name = "articles" + include MyModule + has_many :comments, inverse_of: false + end + + def test_included_module_overwrites_association_methods + assert_equal :none, MyArticle.new.comments + end end diff -Nru rails-4.1.6/activerecord/test/cases/attribute_methods/read_test.rb rails-4.1.8/activerecord/test/cases/attribute_methods/read_test.rb --- rails-4.1.6/activerecord/test/cases/attribute_methods/read_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/attribute_methods/read_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -12,6 +12,7 @@ @klass = Class.new do def self.superclass; Base; end def self.base_class; self; end + def self.initialize_generated_modules; end include ActiveRecord::AttributeMethods diff -Nru rails-4.1.6/activerecord/test/cases/connection_adapters/connection_handler_test.rb rails-4.1.8/activerecord/test/cases/connection_adapters/connection_handler_test.rb --- rails-4.1.6/activerecord/test/cases/connection_adapters/connection_handler_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/connection_adapters/connection_handler_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -11,10 +11,14 @@ def setup @previous_database_url = ENV.delete("DATABASE_URL") + @previous_rack_env = ENV.delete("RACK_ENV") + @previous_rails_env = ENV.delete("RAILS_ENV") end def teardown ENV["DATABASE_URL"] = @previous_database_url + ENV["RACK_ENV"] = @previous_rack_env + ENV["RAILS_ENV"] = @previous_rails_env end def resolve(spec, config) @@ -33,6 +37,26 @@ assert_equal expected, actual end + def test_resolver_with_database_uri_and_current_env_symbol_key_and_rails_env + ENV['DATABASE_URL'] = "postgres://localhost/foo" + ENV['RAILS_ENV'] = "foo" + + config = { "not_production" => { "adapter" => "not_postgres", "database" => "not_foo" } } + actual = resolve(:foo, config) + expected = { "adapter" => "postgresql", "database" => "foo", "host" => "localhost" } + assert_equal expected, actual + end + + def test_resolver_with_database_uri_and_current_env_symbol_key_and_rack_env + ENV['DATABASE_URL'] = "postgres://localhost/foo" + ENV['RACK_ENV'] = "foo" + + config = { "not_production" => { "adapter" => "not_postgres", "database" => "not_foo" } } + actual = resolve(:foo, config) + expected = { "adapter" => "postgresql", "database" => "foo", "host" => "localhost" } + assert_equal expected, actual + end + def test_resolver_with_database_uri_and_and_current_env_string_key ENV['DATABASE_URL'] = "postgres://localhost/foo" config = { "default_env" => { "adapter" => "not_postgres", "database" => "not_foo" } } @@ -41,6 +65,26 @@ assert_equal expected, actual end + def test_resolver_with_database_uri_and_and_current_env_string_key_and_rails_env + ENV['DATABASE_URL'] = "postgres://localhost/foo" + ENV['RAILS_ENV'] = "foo" + + config = { "not_production" => {"adapter" => "not_postgres", "database" => "not_foo" } } + actual = assert_deprecated { resolve("foo", config) } + expected = { "adapter" => "postgresql", "database" => "foo", "host" => "localhost" } + assert_equal expected, actual + end + + def test_resolver_with_database_uri_and_and_current_env_string_key_and_rack_env + ENV['DATABASE_URL'] = "postgres://localhost/foo" + ENV['RACK_ENV'] = "foo" + + config = { "not_production" => {"adapter" => "not_postgres", "database" => "not_foo" } } + actual = assert_deprecated { resolve("foo", config) } + expected = { "adapter" => "postgresql", "database" => "foo", "host" => "localhost" } + assert_equal expected, actual + end + def test_resolver_with_database_uri_and_known_key ENV['DATABASE_URL'] = "postgres://localhost/foo" config = { "production" => { "adapter" => "not_postgres", "database" => "not_foo", "host" => "localhost" } } @@ -145,6 +189,51 @@ assert_equal nil, actual["production"] assert_equal nil, actual["development"] assert_equal nil, actual["test"] + assert_equal nil, actual[:default_env] + assert_equal nil, actual[:production] + assert_equal nil, actual[:development] + assert_equal nil, actual[:test] + end + + def test_blank_with_database_url_with_rails_env + ENV['RAILS_ENV'] = "not_production" + ENV['DATABASE_URL'] = "postgres://localhost/foo" + + config = {} + actual = klass.new(config).resolve + expected = { "adapter" => "postgresql", + "database" => "foo", + "host" => "localhost" } + + assert_equal expected, actual["not_production"] + assert_equal nil, actual["production"] + assert_equal nil, actual["default_env"] + assert_equal nil, actual["development"] + assert_equal nil, actual["test"] + assert_equal nil, actual[:default_env] + assert_equal nil, actual[:not_production] + assert_equal nil, actual[:production] + assert_equal nil, actual[:development] + assert_equal nil, actual[:test] + end + + def test_blank_with_database_url_with_rack_env + ENV['RACK_ENV'] = "not_production" + ENV['DATABASE_URL'] = "postgres://localhost/foo" + + config = {} + actual = klass.new(config).resolve + expected = { "adapter" => "postgresql", + "database" => "foo", + "host" => "localhost" } + + assert_equal expected, actual["not_production"] + assert_equal nil, actual["production"] + assert_equal nil, actual["default_env"] + assert_equal nil, actual["development"] + assert_equal nil, actual["test"] + assert_equal nil, actual[:default_env] + assert_equal nil, actual[:not_production] assert_equal nil, actual[:production] assert_equal nil, actual[:development] assert_equal nil, actual[:test] diff -Nru rails-4.1.6/activerecord/test/cases/enum_test.rb rails-4.1.8/activerecord/test/cases/enum_test.rb --- rails-4.1.6/activerecord/test/cases/enum_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/enum_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -194,7 +194,8 @@ :valid, # generates #valid?, which conflicts with an AR method :save, # generates #save!, which conflicts with an AR method :proposed, # same value as an existing enum - :public, :private, :protected, # generates a method that conflict with ruby words + :public, :private, :protected, # some important methods on Module and Class + :name, :parent, :superclass ] conflicts.each_with_index do |value, i| diff -Nru rails-4.1.6/activerecord/test/cases/fixtures_test.rb rails-4.1.8/activerecord/test/cases/fixtures_test.rb --- rails-4.1.6/activerecord/test/cases/fixtures_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/fixtures_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -816,15 +816,20 @@ class FixtureLoadingTest < ActiveRecord::TestCase def test_logs_message_for_failed_dependency_load - ActiveRecord::TestCase.expects(:require_dependency).with(:does_not_exist).raises(LoadError) - ActiveRecord::Base.logger.expects(:warn) - ActiveRecord::TestCase.try_to_load_dependency(:does_not_exist) + ActiveRecord::Base.logger.expects(:warn).twice + ActiveRecord::TestCase.try_to_load_dependency('does_not_exist') + end + + def test_does_not_logs_message_for_dependency_that_has_been_defined_with_set_fixture_class + ActiveRecord::TestCase.set_fixture_class unknown_dead_parrots: DeadParrot + ActiveRecord::Base.logger.expects(:warn).never + ActiveRecord::TestCase.try_to_load_dependency('unknown_dead_parrot') end def test_does_not_logs_message_for_successful_dependency_load - ActiveRecord::TestCase.expects(:require_dependency).with(:works_out_fine) + ActiveRecord::TestCase.expects(:require_dependency).with('works_out_fine') ActiveRecord::Base.logger.expects(:warn).never - ActiveRecord::TestCase.try_to_load_dependency(:works_out_fine) + ActiveRecord::TestCase.try_to_load_dependency('works_out_fine') end end diff -Nru rails-4.1.6/activerecord/test/cases/quoting_test.rb rails-4.1.8/activerecord/test/cases/quoting_test.rb --- rails-4.1.6/activerecord/test/cases/quoting_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/quoting_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -195,6 +195,10 @@ def test_quote_duration_int_column assert_equal "7200", @quoter.quote(2.hours, FakeColumn.new(:integer)) end + + def test_quote_integer_string_column + assert_equal "'1'", @quoter.quote(1, FakeColumn.new(:string)) + end end end end diff -Nru rails-4.1.6/activerecord/test/cases/relation/merging_test.rb rails-4.1.8/activerecord/test/cases/relation/merging_test.rb --- rails-4.1.6/activerecord/test/cases/relation/merging_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/relation/merging_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -4,6 +4,7 @@ require 'models/developer' require 'models/post' require 'models/project' +require 'models/rating' class RelationMergingTest < ActiveRecord::TestCase fixtures :developers, :comments, :authors, :posts @@ -165,4 +166,16 @@ assert_equal ["Mary", "Mary", "Mary", "David"], posts_by_author_name end + + test "relation merging (using a proc argument)" do + dev = Developer.where(name: "Jamis").first + + comment_1 = dev.comments.create!(body: "I'm Jamis", post: Post.first) + rating_1 = comment_1.ratings.create! + + comment_2 = dev.comments.create!(body: "I'm John", post: Post.first) + rating_2 = comment_2.ratings.create! + + assert_equal dev.ratings, [rating_1] + end end diff -Nru rails-4.1.6/activerecord/test/cases/scoping/named_scoping_test.rb rails-4.1.8/activerecord/test/cases/scoping/named_scoping_test.rb --- rails-4.1.6/activerecord/test/cases/scoping/named_scoping_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/scoping/named_scoping_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -291,9 +291,12 @@ :relation, # private class method on AR::Base :new, # redefined class method on AR::Base :all, # a default scope - :public, + :public, # some imporant methods on Module and Class :protected, - :private + :private, + :name, + :parent, + :superclass ] non_conflicts = [ diff -Nru rails-4.1.6/activerecord/test/cases/tasks/mysql_rake_test.rb rails-4.1.8/activerecord/test/cases/tasks/mysql_rake_test.rb --- rails-4.1.6/activerecord/test/cases/tasks/mysql_rake_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/cases/tasks/mysql_rake_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -197,7 +197,7 @@ end def test_establishes_connection_to_test_database - ActiveRecord::Base.expects(:establish_connection).with(:test) + ActiveRecord::Base.expects(:establish_connection).with(@configuration) ActiveRecord::Tasks::DatabaseTasks.purge @configuration end diff -Nru rails-4.1.6/activerecord/test/models/comment.rb rails-4.1.8/activerecord/test/models/comment.rb --- rails-4.1.6/activerecord/test/models/comment.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/models/comment.rb 2014-11-16 17:42:07.000000000 -0200 @@ -9,6 +9,7 @@ belongs_to :post, :counter_cache => true belongs_to :author, polymorphic: true belongs_to :resource, polymorphic: true + belongs_to :developer has_many :ratings diff -Nru rails-4.1.6/activerecord/test/models/developer.rb rails-4.1.8/activerecord/test/models/developer.rb --- rails-4.1.6/activerecord/test/models/developer.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/models/developer.rb 2014-11-16 17:42:07.000000000 -0200 @@ -46,6 +46,8 @@ has_many :audit_logs has_many :contracts has_many :firms, :through => :contracts, :source => :firm + has_many :comments, ->(developer) { where(body: "I'm #{developer.name}") } + has_many :ratings, through: :comments scope :jamises, -> { where(:name => 'Jamis') } diff -Nru rails-4.1.6/activerecord/test/schema/schema.rb rails-4.1.8/activerecord/test/schema/schema.rb --- rails-4.1.6/activerecord/test/schema/schema.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activerecord/test/schema/schema.rb 2014-11-16 17:42:07.000000000 -0200 @@ -195,6 +195,7 @@ t.references :author, polymorphic: true t.string :resource_id t.string :resource_type + t.integer :developer_id end create_table :companies, force: true do |t| diff -Nru rails-4.1.6/activesupport/CHANGELOG.md rails-4.1.8/activesupport/CHANGELOG.md --- rails-4.1.6/activesupport/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activesupport/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,9 @@ +* `Method` objects now report themselves as not `duplicable?`. This allows + hashes and arrays containing `Method` objects to be `deep_dup`ed. + + *Peter Jaros* + + ## Rails 4.1.6 (September 11, 2014) ## * Fix DateTime comparison with DateTime::Infinity object. diff -Nru rails-4.1.6/activesupport/lib/active_support/core_ext/object/duplicable.rb rails-4.1.8/activesupport/lib/active_support/core_ext/object/duplicable.rb --- rails-4.1.6/activesupport/lib/active_support/core_ext/object/duplicable.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activesupport/lib/active_support/core_ext/object/duplicable.rb 2014-11-16 17:42:07.000000000 -0200 @@ -88,3 +88,13 @@ # can't dup, so use superclass implementation end end + +class Method + # Methods are not duplicable: + # + # method(:puts).duplicable? # => false + # method(:puts).dup # => TypeError: allocator undefined for Method + def duplicable? + false + end +end diff -Nru rails-4.1.6/activesupport/lib/active_support/gem_version.rb rails-4.1.8/activesupport/lib/active_support/gem_version.rb --- rails-4.1.6/activesupport/lib/active_support/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activesupport/lib/active_support/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/activesupport/test/core_ext/duplicable_test.rb rails-4.1.8/activesupport/test/core_ext/duplicable_test.rb --- rails-4.1.6/activesupport/test/core_ext/duplicable_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/activesupport/test/core_ext/duplicable_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -4,7 +4,7 @@ require 'active_support/core_ext/numeric/time' class DuplicableTest < ActiveSupport::TestCase - RAISE_DUP = [nil, false, true, :symbol, 1, 2.3, 5.seconds] + RAISE_DUP = [nil, false, true, :symbol, 1, 2.3, 5.seconds, method(:puts)] YES = ['1', Object.new, /foo/, [], {}, Time.now, Class.new, Module.new] NO = [] diff -Nru rails-4.1.6/debian/changelog rails-4.1.8/debian/changelog --- rails-4.1.6/debian/changelog 2014-09-30 18:33:47.000000000 -0300 +++ rails-4.1.8/debian/changelog 2014-11-25 16:51:56.000000000 -0200 @@ -1,3 +1,16 @@ +rails (2:4.1.8-1) unstable; urgency=medium + + * New upstream release + - Includes only bug fixes and no behavior changes. In special, includes + fix for [CVE-2014-7818] and [CVE-2014-7829] (Arbitrary file existence + disclosure in Action Pack) (Closes: #770934) + * Add new transitional binary package ruby-activesupport-2.3 plus + appropriate Breaks:/Replaces: fieds in all binary packages to ensure + upgrades from wheezy work (Closes: #768850) + - Many thanks to Andreas Beckmann for helping debug the upgrade issue. + + -- Antonio Terceiro <terceiro@debian.org> Tue, 25 Nov 2014 16:51:50 -0200 + rails (2:4.1.6-2) unstable; urgency=medium * fix upgrades from wheezy: diff -Nru rails-4.1.6/debian/control rails-4.1.8/debian/control --- rails-4.1.6/debian/control 2014-09-29 19:53:03.000000000 -0300 +++ rails-4.1.8/debian/control 2014-11-25 16:51:56.000000000 -0200 @@ -28,12 +28,29 @@ ruby-tzinfo (>= 1.1), ${misc:Depends}, ${shlibs:Depends} -Replaces: ruby-activesupport-2.3, ruby-activesupport-3.2, ruby-activesupport-4.0 +Replaces: ruby-activesupport-2.3 (<< 2:4), ruby-activesupport-3.2, ruby-activesupport-4.0 +Breaks: ruby-activesupport-2.3 (<< 2:4), ruby-activesupport-3.2, ruby-activesupport-4.0 Description: Support and utility classes used by the Rails 4.1 framework ActiveSupport consists of utility classes and extensions to the Ruby standard library that were required for Rails but found to be generally useful. +Package: ruby-activesupport-2.3 +Architecture: all +Depends: ruby-activesupport (>= 2:4), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: + ruby-activesupport-3.2, + ruby-activesupport-4.0, + ruby-actionpack-2.3, + ruby-activerecord-2.3, + ruby-activeresource-2.3, + ruby-rails-2.3, +Description: transitional dummy package + Ensure the removal of rails 2.3 on upgrades from wheezy. + This package can be safely removed. + Package: ruby-activerecord Architecture: all X-DhRuby-Root: activerecord/ @@ -45,6 +62,7 @@ ruby-arel (>= 5.0.0), ${misc:Depends} Replaces: ruby-activerecord-2.3, ruby-activerecord-3.2, ruby-activerecord-4.0 +Breaks: ruby-activerecord-2.3, ruby-activerecord-3.2, ruby-activerecord-4.0 Description: object-relational mapper framework (part of Rails) Active Records is a framework to work with databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. @@ -61,6 +79,7 @@ ruby-builder (>= 3.1), ${misc:Depends} Replaces: ruby-activemodel-3.2, ruby-activemodel-4.0 +Breaks: ruby-activemodel-3.2, ruby-activemodel-4.0 Description: toolkit for building modeling frameworks (part of Rails) Active Model is a toolkit for building modeling frameworks like Active Record and Active Resource. This includes a rich support for @@ -79,6 +98,7 @@ ruby-erubis (>= 2.7.0), ${misc:Depends} Replaces: ruby-actionpack-2.3, ruby-actionpack-3.2 +Breaks: ruby-actionpack-2.3, ruby-actionpack-3.2 Description: framework for handling view template lookup and rendering (part of Rails) Action View is a framework for handling view template lookup and rendering, and provides view helpers that assist when building HTML @@ -115,6 +135,7 @@ ${misc:Depends}, ${shlibs:Depends} Replaces: ruby-actionmailer-2.3, ruby-actionmailer-3.2, ruby-actionmailer-4.0 +Breaks: ruby-actionmailer-2.3, ruby-actionmailer-3.2, ruby-actionmailer-4.0 Description: email composition, delivery, and receiving framework (part of Rails) Action Mailer is a framework for working with email on Rails. Compose, deliver, receive, and test emails using the familiar @@ -132,8 +153,8 @@ ruby-thor (<< 2.0), ruby-thor (>= 0.18.1), ${misc:Depends} -Breaks: rails (<< 2:4) Replaces: rails (<< 2:4), ruby-rails-2.3, ruby-railties-3.2, ruby-railties-4.0 +Breaks: rails (<< 2:4), ruby-rails-2.3, ruby-railties-3.2, ruby-railties-4.0 Description: tools for creating, working with, and running Rails applications This package contains the Rails internals, i.e. components that implement and/or control application bootup, plugins, generators, and rake tasks. @@ -165,8 +186,8 @@ ruby-sqlite3, ruby-turbolinks, ruby-uglifier -Breaks: ruby-activeresource-3.2 Replaces: ruby-rails-2.3, ruby-rails-3.2, ruby-rails-4.0 +Breaks: ruby-activeresource-3.2, ruby-rails-2.3, ruby-rails-3.2, ruby-rails-4.0 Description: MVC ruby based framework geared for web application development Rails is a full-stack, open-source web framework in Ruby for writing real-world applications. @@ -180,6 +201,7 @@ Architecture: all Depends: ruby-rails (= ${source:Version}), ${misc:Depends} Replaces: rails3 +Breaks: rails3 Description: MVC ruby based framework geared for web application development (metapackage) Rails is a full-stack, open-source web framework in Ruby for writing real-world applications. diff -Nru rails-4.1.6/guides/source/4_1_release_notes.md rails-4.1.8/guides/source/4_1_release_notes.md --- rails-4.1.6/guides/source/4_1_release_notes.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/guides/source/4_1_release_notes.md 2014-11-16 17:42:07.000000000 -0200 @@ -8,10 +8,10 @@ * Action Pack variants * Action Mailer previews -These release notes cover only the major changes. To know about various bug -fixes and changes, please refer to the change logs or check out the -[list of commits](https://github.com/rails/rails/commits/master) in the main -Rails repository on GitHub. +These release notes cover only the major changes. To learn about various bug +fixes and changes, please refer to the change logs or check out the [list of +commits](https://github.com/rails/rails/commits/4-1-stable) in the main Rails +repository on GitHub. -------------------------------------------------------------------------------- diff -Nru rails-4.1.6/guides/source/upgrading_ruby_on_rails.md rails-4.1.8/guides/source/upgrading_ruby_on_rails.md --- rails-4.1.6/guides/source/upgrading_ruby_on_rails.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/guides/source/upgrading_ruby_on_rails.md 2014-11-16 17:42:07.000000000 -0200 @@ -277,7 +277,7 @@ `test_helper.rb`. ```ruby -class FixtureFileHelpers +module FixtureFileHelpers def file_sha(path) Digest::SHA2.hexdigest(File.read(Rails.root.join('test/fixtures', path))) end diff -Nru rails-4.1.6/rails.gemspec rails-4.1.8/rails.gemspec --- rails-4.1.6/rails.gemspec 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/rails.gemspec 2014-11-16 17:42:07.000000000 -0200 @@ -16,7 +16,7 @@ s.email = 'david@loudthinking.com' s.homepage = 'http://www.rubyonrails.org' - s.files = ['README.md'] + Dir['guides/**/*'] + s.files = ['README.md'] + Dir['guides/**/*'] - Dir['guides/output/**/*'] s.add_dependency 'activesupport', version s.add_dependency 'actionpack', version diff -Nru rails-4.1.6/RAILS_VERSION rails-4.1.8/RAILS_VERSION --- rails-4.1.6/RAILS_VERSION 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/RAILS_VERSION 2014-11-16 17:42:07.000000000 -0200 @@ -1 +1 @@ -4.1.6 +4.1.8 diff -Nru rails-4.1.6/railties/CHANGELOG.md rails-4.1.8/railties/CHANGELOG.md --- rails-4.1.6/railties/CHANGELOG.md 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/CHANGELOG.md 2014-11-16 17:42:07.000000000 -0200 @@ -1,3 +1,15 @@ +* Specify dummy app's db migrate path in plugin's test_helper.rb. + + Fixes #16877. + + *Yukio Mizuta* + +* Change the path of dummy app location in plugin's test_helper.rb for cases + you specify dummy_path option. + + *Yukio Mizuta* + + ## Rails 4.1.6 (September 11, 2014) ## * Scaffold generator `_form` partial adds `class="field"` for password diff -Nru rails-4.1.6/railties/lib/rails/gem_version.rb rails-4.1.8/railties/lib/rails/gem_version.rb --- rails-4.1.6/railties/lib/rails/gem_version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/lib/rails/gem_version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".") diff -Nru rails-4.1.6/railties/lib/rails/generators/rails/plugin/templates/test/test_helper.rb rails-4.1.8/railties/lib/rails/generators/rails/plugin/templates/test/test_helper.rb --- rails-4.1.6/railties/lib/rails/generators/rails/plugin/templates/test/test_helper.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/lib/rails/generators/rails/plugin/templates/test/test_helper.rb 2014-11-16 17:42:07.000000000 -0200 @@ -1,7 +1,13 @@ # Configure Rails Environment ENV["RAILS_ENV"] = "test" -require File.expand_path("../dummy/config/environment.rb", __FILE__) +require File.expand_path("../../<%= options[:dummy_path] -%>/config/environment.rb", __FILE__) +<% unless options[:skip_active_record] -%> +ActiveRecord::Migrator.migrations_paths = [File.expand_path("../../<%= options[:dummy_path] -%>/db/migrate", __FILE__)] +<% if options[:mountable] -%> +ActiveRecord::Migrator.migrations_paths << File.expand_path('../../db/migrate', __FILE__) +<% end -%> +<% end -%> require "rails/test_help" Rails.backtrace_cleaner.remove_silencers! diff -Nru rails-4.1.6/railties/test/application/middleware/cache_test.rb rails-4.1.8/railties/test/application/middleware/cache_test.rb --- rails-4.1.6/railties/test/application/middleware/cache_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/test/application/middleware/cache_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -81,8 +81,8 @@ add_to_config "config.action_dispatch.rack_cache = true" get "/expires/expires_header" - assert_equal "miss, ignore, store", last_response.headers["X-Rack-Cache"] - assert_equal "max-age=10, public", last_response.headers["Cache-Control"] + assert_equal "miss, store", last_response.headers["X-Rack-Cache"] + assert_equal "max-age=10, public", last_response.headers["Cache-Control"] body = last_response.body @@ -115,8 +115,8 @@ add_to_config "config.action_dispatch.rack_cache = true" get "/expires/expires_etag" - assert_equal "miss, ignore, store", last_response.headers["X-Rack-Cache"] - assert_equal "public", last_response.headers["Cache-Control"] + assert_equal "miss, store", last_response.headers["X-Rack-Cache"] + assert_equal "public", last_response.headers["Cache-Control"] body = last_response.body etag = last_response.headers["ETag"] @@ -149,8 +149,8 @@ add_to_config "config.action_dispatch.rack_cache = true" get "/expires/expires_last_modified" - assert_equal "miss, ignore, store", last_response.headers["X-Rack-Cache"] - assert_equal "public", last_response.headers["Cache-Control"] + assert_equal "miss, store", last_response.headers["X-Rack-Cache"] + assert_equal "public", last_response.headers["Cache-Control"] body = last_response.body last = last_response.headers["Last-Modified"] diff -Nru rails-4.1.6/railties/test/application/rake/dbs_test.rb rails-4.1.8/railties/test/application/rake/dbs_test.rb --- rails-4.1.6/railties/test/application/rake/dbs_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/test/application/rake/dbs_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -188,6 +188,35 @@ "your test schema automatically, see the release notes for details.\n", output end end + + test 'db:setup loads schema and seeds database' do + begin + @old_rails_env = ENV["RAILS_ENV"] + @old_rack_env = ENV["RACK_ENV"] + ENV.delete "RAILS_ENV" + ENV.delete "RACK_ENV" + + app_file 'db/schema.rb', <<-RUBY + ActiveRecord::Schema.define(version: "1") do + create_table :users do |t| + t.string :name + end + end + RUBY + + app_file 'db/seeds.rb', <<-RUBY + puts ActiveRecord::Base.connection_config[:database] + RUBY + + Dir.chdir(app_path) do + database_path = `bundle exec rake db:setup` + assert_equal "development.sqlite3", File.basename(database_path.strip) + end + ensure + ENV["RAILS_ENV"] = @old_rails_env + ENV["RACK_ENV"] = @old_rack_env + end + end end end end diff -Nru rails-4.1.6/railties/test/application/test_test.rb rails-4.1.8/railties/test/application/test_test.rb --- rails-4.1.6/railties/test/application/test_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/test/application/test_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -67,7 +67,7 @@ assert_match %r{/app/test/unit/failing_test\.rb}, output end - test "migrations" do + test "ruby schema migrations" do output = script('generate model user name:string') version = output.match(/(\d+)_create_users\.rb/)[1] @@ -104,6 +104,95 @@ assert !result.include?("create_table(:users)") end + test "sql structure migrations" do + output = script('generate model user name:string') + version = output.match(/(\d+)_create_users\.rb/)[1] + + app_file 'test/models/user_test.rb', <<-RUBY + require 'test_helper' + + class UserTest < ActiveSupport::TestCase + test "user" do + User.create! name: "Jon" + end + end + RUBY + + app_file 'db/structure.sql', '' + app_file 'config/initializers/enable_sql_schema_format.rb', <<-RUBY + Rails.application.config.active_record.schema_format = :sql + RUBY + + assert_unsuccessful_run "models/user_test.rb", "Migrations are pending" + + app_file 'db/structure.sql', <<-SQL + CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL); + CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version"); + CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255)); + INSERT INTO schema_migrations (version) VALUES ('#{version}'); + SQL + + app_file 'config/initializers/disable_maintain_test_schema.rb', <<-RUBY + Rails.application.config.active_record.maintain_test_schema = false + RUBY + + assert_unsuccessful_run "models/user_test.rb", "Could not find table 'users'" + + File.delete "#{app_path}/config/initializers/disable_maintain_test_schema.rb" + + assert_successful_test_run('models/user_test.rb') + end + + test "sql structure migrations when adding column to existing table" do + output_1 = script('generate model user name:string') + version_1 = output_1.match(/(\d+)_create_users\.rb/)[1] + + app_file 'test/models/user_test.rb', <<-RUBY + require 'test_helper' + class UserTest < ActiveSupport::TestCase + test "user" do + User.create! name: "Jon" + end + end + RUBY + + app_file 'config/initializers/enable_sql_schema_format.rb', <<-RUBY + Rails.application.config.active_record.schema_format = :sql + RUBY + + app_file 'db/structure.sql', <<-SQL + CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL); + CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version"); + CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255)); + INSERT INTO schema_migrations (version) VALUES ('#{version_1}'); + SQL + + assert_successful_test_run('models/user_test.rb') + + output_2 = script('generate migration add_email_to_users') + version_2 = output_2.match(/(\d+)_add_email_to_users\.rb/)[1] + + app_file 'test/models/user_test.rb', <<-RUBY + require 'test_helper' + + class UserTest < ActiveSupport::TestCase + test "user" do + User.create! name: "Jon", email: "jon@doe.com" + end + end + RUBY + + app_file 'db/structure.sql', <<-SQL + CREATE TABLE "schema_migrations" ("version" varchar(255) NOT NULL); + CREATE UNIQUE INDEX "unique_schema_migrations" ON "schema_migrations" ("version"); + CREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar(255), "email" varchar(255)); + INSERT INTO schema_migrations (version) VALUES ('#{version_1}'); + INSERT INTO schema_migrations (version) VALUES ('#{version_2}'); + SQL + + assert_successful_test_run('models/user_test.rb') + end + private def assert_unsuccessful_run(name, message) result = run_test_file(name) diff -Nru rails-4.1.6/railties/test/generators/plugin_generator_test.rb rails-4.1.8/railties/test/generators/plugin_generator_test.rb --- rails-4.1.6/railties/test/generators/plugin_generator_test.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/railties/test/generators/plugin_generator_test.rb 2014-11-16 17:42:07.000000000 -0200 @@ -53,7 +53,10 @@ run_generator assert_file "README.rdoc", /Bukkits/ assert_no_file "config/routes.rb" - assert_file "test/test_helper.rb" + assert_file "test/test_helper.rb" do |content| + assert_match(/require.+test\/dummy\/config\/environment/, content) + assert_match(/ActiveRecord::Migrator\.migrations_paths.+test\/dummy\/db\/migrate/, content) + end assert_file "test/bukkits_test.rb", /assert_kind_of Module, Bukkits/ end @@ -238,6 +241,10 @@ assert_match(/stylesheet_link_tag\s+['"]bukkits\/application['"]/, contents) assert_match(/javascript_include_tag\s+['"]bukkits\/application['"]/, contents) end + assert_file "test/test_helper.rb" do |content| + assert_match(/ActiveRecord::Migrator\.migrations_paths.+\.\.\/test\/dummy\/db\/migrate/, content) + assert_match(/ActiveRecord::Migrator\.migrations_paths.+<<.+\.\.\/db\/migrate/, content) + end end def test_creating_gemspec @@ -266,6 +273,10 @@ assert_file "spec/dummy" assert_file "spec/dummy/config/application.rb" assert_no_file "test/dummy" + assert_file "test/test_helper.rb" do |content| + assert_match(/require.+spec\/dummy\/config\/environment/, content) + assert_match(/ActiveRecord::Migrator\.migrations_paths.+spec\/dummy\/db\/migrate/, content) + end end def test_creating_dummy_application_with_different_name @@ -273,6 +284,10 @@ assert_file "spec/fake" assert_file "spec/fake/config/application.rb" assert_no_file "test/dummy" + assert_file "test/test_helper.rb" do |content| + assert_match(/require.+spec\/fake\/config\/environment/, content) + assert_match(/ActiveRecord::Migrator\.migrations_paths.+spec\/fake\/db\/migrate/, content) + end end def test_creating_dummy_without_tests_but_with_dummy_path @@ -280,6 +295,7 @@ assert_file "spec/dummy" assert_file "spec/dummy/config/application.rb" assert_no_file "test" + assert_no_file "test/test_helper.rb" assert_file '.gitignore' do |contents| assert_match(/spec\/dummy/, contents) end diff -Nru rails-4.1.6/version.rb rails-4.1.8/version.rb --- rails-4.1.6/version.rb 2014-09-11 14:24:13.000000000 -0300 +++ rails-4.1.8/version.rb 2014-11-16 17:42:07.000000000 -0200 @@ -7,7 +7,7 @@ module VERSION MAJOR = 4 MINOR = 1 - TINY = 6 + TINY = 8 PRE = nil STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
Attachment:
signature.asc
Description: Digital signature