Path to this page:
Subject: CVS commit: pkgsrc/www/ruby-actionpack3
From: Takahiro Kambe
Date: 2011-04-06 15:26:04
Message id: 20110406132604.45C18175DD@cvs.netbsd.org
Log Message:
Update ruby-actionpack3 pacakge to 3.0.6.
*Rails 3.0.6 (April 5, 2011)
* Fixed XSS vulnerability in `auto_link`. `auto_link` no longer marks input as
html safe. Please make sure that calls to auto_link() are wrapped in a
sanitize(), or a raw() depending on the type of input passed to auto_link().
For example:
<%= sanitize(auto_link(some_user_input)) %>
Thanks to Torben Schulz for reporting this. The fix can be found here:
61ee3449674c591747db95f9b3472c5c3bd9e84d
* Fixes the output of `rake routes` to be correctly match to the
behavior of the application, as the regular expression used to match
the path is greedy and won't capture the format part by default
[Prem Sichanugrist]
* Fixes an issue with number_to_human when converting values which are
less than 1 but greater than -1 [Josh Kalderimis]
* Sensitive query string parameters (specified in
config.filter_parameters) will now be filtered out from the request
paths in the log file. [Prem Sichanugrist, fxn]
* URL parameters which return nil for to_param are now removed from
the query string [Andrew White]
* Don't allow i18n to change the minor version, version now set to ~>
0.5.0 [Santiago Pastorino]
* Make TranslationHelper#translate use the :rescue_format option in
I18n 0.5.0 [Sven Fuchs]
* Fix regression: javascript_include_tag shouldn't raise if you
register an expansion key with nil or [] value [Santiago Pastorino]
* Fix Action caching bug where an action that has a non-cacheable
response always renders a nil response body. It now correctly
renders the response body. [Cheah Chu Yeow]
Files: