diff --git a/Gemfile b/Gemfile index c95ab538e80..9c29c7bf91f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,5 +1,56 @@ source 'https://rubygems.org' +# monkey patching to support dual booting +module Bundler::SharedHelpers + def default_lockfile=(path) + @default_lockfile = path + end + def default_lockfile + @default_lockfile ||= Pathname.new("#{default_gemfile}.lock") + end +end + +def rails4? + !!ENV["RAILS4"] +end + +if rails4? + Bundler::SharedHelpers.default_lockfile = Pathname.new("#{Bundler::SharedHelpers.default_gemfile}_rails4.lock") + + # Bundler::Dsl.evaluate already called with an incorrect lockfile ... fix it + class Bundler::Dsl + # A bit messy, this can be called multiple times by bundler, avoid blowing the stack + unless self.method_defined? :to_definition_unpatched + alias_method :to_definition_unpatched, :to_definition + puts "Booting in Rails 4 mode" + end + def to_definition(bad_lockfile, unlock) + to_definition_unpatched(Bundler::SharedHelpers.default_lockfile, unlock) + end + end +end + +if rails4? + gem 'rails', '4.0.0' + gem 'redis-rails', :git => 'git://github.com/SamSaffron/redis-store.git' + gem 'rails-observers' + gem 'protected_attributes' + gem 'actionpack-action_caching' +else + # we had pain with the 3.2.13 upgrade so monkey patch the security fix + # next time around we hope to upgrade + gem 'rails', '3.2.12' + gem 'strong_parameters' # remove when we upgrade to Rails 4 + # we are using a custom sprockets repo to work around: https://github.com/rails/rails/issues/8099#issuecomment-16137638 + # REVIEW EVERY RELEASE + gem 'sprockets', git: 'https://github.com/SamSaffron/sprockets.git', branch: 'rails-compat' + gem 'redis-rails' +end + +gem 'redis' +gem 'hiredis' +gem 'em-redis' + gem 'active_model_serializers', git: 'https://github.com/rails-api/active_model_serializers.git' # we had issues with latest, stick to the rev till we figure this out @@ -20,13 +71,11 @@ gem 'activerecord-postgres-hstore' gem 'active_attr' # until we get ActiveModel::Model with Rails 4 gem 'airbrake', '3.1.2', require: false # errbit is broken with 3.1.3 for now gem 'clockwork', require: false -gem 'em-redis' gem 'eventmachine' gem 'fast_xs' gem 'fast_xor', git: 'https://github.com/CodeMonkeySteve/fast_xor.git' gem 'fastimage' gem 'fog', require: false -gem 'hiredis' gem 'email_reply_parser', git: 'https://github.com/lawrencepit/email_reply_parser.git' @@ -49,12 +98,9 @@ gem 'omniauth-browserid', git: 'https://github.com/callahad/omniauth-browserid.g gem 'omniauth-cas' gem 'oj' gem 'pg' -# we had pain with the 3.2.13 upgrade so monkey patch the security fix -# next time around we hope to upgrade -gem 'rails', '3.2.12' gem 'rake' -gem 'redis' -gem 'redis-rails' + + gem 'rest-client' gem 'rinku' gem 'sanitize' @@ -64,7 +110,6 @@ gem 'sidekiq' gem 'sidekiq-failures' gem 'sinatra', require: nil gem 'slim' # required for sidekiq-web -gem 'strong_parameters' # remove when we upgrade to Rails 4 gem 'therubyracer', require: 'v8' gem 'thin', require: false gem 'diffy', require: false @@ -123,9 +168,6 @@ group :development do gem 'annotate', :git => 'https://github.com/SamSaffron/annotate_models.git' end -# we are using a custom sprockets repo to work around: https://github.com/rails/rails/issues/8099#issuecomment-16137638 -# REVIEW EVERY RELEASE -gem 'sprockets', git: 'https://github.com/SamSaffron/sprockets.git', branch: 'rails-compat' # this is an optional gem, it provides a high performance replacement diff --git a/Gemfile.lock b/Gemfile.lock index 172a70bbbe8..ec7191fa2a0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -93,7 +93,7 @@ PATH remote: vendor/gems/simple_handlebars_rails specs: simple_handlebars_rails (0.0.1) - rails (~> 3.1) + rails (> 3.1) GEM remote: https://rubygems.org/ diff --git a/Gemfile_rails4.lock b/Gemfile_rails4.lock new file mode 100644 index 00000000000..bcb7b7f2b5c --- /dev/null +++ b/Gemfile_rails4.lock @@ -0,0 +1,565 @@ +GIT + remote: git://github.com/SamSaffron/redis-store.git + revision: 1eafaa3d8bfbcb61ad89d1a2831adbba4ea8e1e1 + specs: + redis-actionpack (3.2.3) + actionpack (>= 3.2.3) + redis-rack (~> 1.4.0) + redis-store (~> 1.1.0) + redis-activesupport (3.2.3) + activesupport (>= 3.2.3) + redis-store (~> 1.1.0) + redis-rack (1.4.2) + rack (> 1.4.1) + redis-store (~> 1.1.0) + redis-rails (3.2.3) + redis-actionpack (>= 3.2.3) + redis-activesupport (>= 3.2.3) + redis-store (~> 1.1.0) + +GIT + remote: https://github.com/CodeMonkeySteve/fast_xor.git + revision: 85b79ec6d116f9680f23bd2c5c8c2c2039d477d8 + specs: + fast_xor (1.1.2) + rake + rake-compiler + +GIT + remote: https://github.com/SamSaffron/annotate_models.git + revision: ebe4ba7e3f6ceeb43e4e40078da2b261a1bb71b2 + specs: + annotate (2.6.0.beta1) + activerecord (>= 2.3.0) + rake (>= 0.8.7) + +GIT + remote: https://github.com/SamSaffron/message_bus + revision: 09392967940daf77943d1489ed3f1f71d6f8450a + specs: + message_bus (0.0.2) + eventmachine + rack (>= 1.1.3) + redis + thin + +GIT + remote: https://github.com/SamSaffron/redis-rack-cache.git + revision: 379ef30e31d4e185cb1d7f8badca0cc06403eba2 + specs: + redis-rack-cache (1.2.1) + rack-cache (~> 1.2) + redis-store (~> 1.1.0) + +GIT + remote: https://github.com/callahad/omniauth-browserid.git + revision: af62d667626c1622de6fe13b60849c3640765ab1 + branch: observer_api + specs: + omniauth-browserid (0.0.2) + faraday + multi_json + omniauth (~> 1.0) + +GIT + remote: https://github.com/lawrencepit/email_reply_parser.git + revision: 67408dfb1b99fb8d5f145f782b9e22d1851a8e5a + specs: + email_reply_parser (0.6) + +GIT + remote: https://github.com/rails-api/active_model_serializers.git + revision: 8ac4bf90067eef442a6208848f86e55892d724f1 + specs: + active_model_serializers (0.8.1) + activemodel (>= 3.2) + +GIT + remote: https://github.com/zhangyuan/vestal_versions + revision: 0ea75ec4e269b5a9e609639919ade0f36381a446 + specs: + vestal_versions (1.2.2) + activerecord (>= 3.0.0) + activesupport (>= 3.0.0) + +PATH + remote: vendor/gems/discourse_emoji + specs: + discourse_emoji (0.0.1) + +PATH + remote: vendor/gems/discourse_plugin + specs: + discourse_plugin (0.0.1) + +PATH + remote: vendor/gems/rails_multisite + specs: + rails_multisite (0.0.1) + +PATH + remote: vendor/gems/simple_handlebars_rails + specs: + simple_handlebars_rails (0.0.1) + rails (> 3.1) + +GEM + remote: https://rubygems.org/ + specs: + actionmailer (4.0.0) + actionpack (= 4.0.0) + mail (~> 2.5.3) + actionpack (4.0.0) + activesupport (= 4.0.0) + builder (~> 3.1.0) + erubis (~> 2.7.0) + rack (~> 1.5.2) + rack-test (~> 0.6.2) + actionpack-action_caching (1.0.0) + actionpack (>= 4.0.0.beta, < 5.0) + active_attr (0.8.2) + activemodel (>= 3.0.2, < 4.1) + activesupport (>= 3.0.2, < 4.1) + activemodel (4.0.0) + activesupport (= 4.0.0) + builder (~> 3.1.0) + activerecord (4.0.0) + activemodel (= 4.0.0) + activerecord-deprecated_finders (~> 1.0.2) + activesupport (= 4.0.0) + arel (~> 4.0.0) + activerecord-deprecated_finders (1.0.3) + activerecord-postgres-hstore (0.7.6) + activerecord (>= 3.1) + pg-hstore (>= 1.1.5) + rake + activesupport (4.0.0) + i18n (~> 0.6, >= 0.6.4) + minitest (~> 4.2) + multi_json (~> 1.3) + thread_safe (~> 0.1) + tzinfo (~> 0.3.37) + addressable (2.3.5) + airbrake (3.1.2) + activesupport + builder + arel (4.0.0) + atomic (1.1.10) + barber (0.4.2) + ember-source + execjs + handlebars-source + better_errors (0.9.0) + coderay (>= 1.0.0) + erubis (>= 2.6.6) + binding_of_caller (0.7.2) + debug_inspector (>= 0.0.1) + builder (3.1.4) + celluloid (0.14.1) + timers (>= 1.0.0) + certified (0.1.1) + childprocess (0.3.9) + ffi (~> 1.0, >= 1.0.11) + clockwork (0.5.3) + activesupport (~> 4.0.0) + tzinfo (~> 0.3.35) + coderay (1.0.9) + connection_pool (1.1.0) + daemons (1.1.9) + debug_inspector (0.0.2) + diff-lcs (1.2.4) + diffy (3.0.1) + em-redis (0.3.0) + eventmachine + ember-data-source (0.13) + ember-source + ember-rails (0.13.0) + active_model_serializers + barber (>= 0.4.1) + ember-data-source + ember-source + execjs (>= 1.2) + handlebars-source + railties (>= 3.1) + ember-source (1.0.0.rc6.2) + handlebars-source (= 1.0.12) + erubis (2.7.0) + eventmachine (1.0.3) + excon (0.25.3) + execjs (1.4.0) + multi_json (~> 1.0) + fabrication (2.7.2) + fakeweb (1.3.0) + faraday (0.8.7) + multipart-post (~> 1.1) + fast_blank (0.0.1) + rake + rake-compiler + fast_xs (0.8.0) + fastimage (1.5.0) + ffi (1.9.0) + fog (1.14.0) + builder + excon (~> 0.25.0) + formatador (~> 0.2.0) + mime-types + multi_json (~> 1.0) + net-scp (~> 1.1) + net-ssh (>= 2.1.3) + nokogiri (~> 1.5) + ruby-hmac + formatador (0.2.4) + fspath (2.0.4) + given_core (3.0.0) + sorcerer (>= 0.3.7) + guard (1.8.1) + formatador (>= 0.2.4) + listen (>= 1.0.0) + lumberjack (>= 1.0.2) + pry (>= 0.9.10) + thor (>= 0.14.6) + guard-rspec (3.0.2) + guard (>= 1.8) + rspec (~> 2.13) + guard-spork (1.5.1) + childprocess (>= 0.2.3) + guard (>= 1.1) + spork (>= 0.8.4) + handlebars-source (1.0.12) + hashie (2.0.5) + highline (1.6.19) + hike (1.2.3) + hiredis (0.4.5) + httpauth (0.2.0) + i18n (0.6.4) + image_optim (0.8.1) + fspath (~> 2.0.3) + image_size (~> 1.1.2) + in_threads (~> 1.1.1) + progress (~> 2.4.0) + image_size (1.1.2) + image_sorcery (1.1.0) + in_threads (1.1.1) + json (1.8.0) + jwt (0.1.8) + multi_json (>= 1.5) + kgio (2.8.0) + librarian (0.1.0) + highline + thor (~> 0.15) + libv8 (3.11.8.17) + listen (1.2.2) + rb-fsevent (>= 0.9.3) + rb-inotify (>= 0.9) + rb-kqueue (>= 0.2) + lru_redux (0.0.6) + lumberjack (1.0.4) + mail (2.5.4) + mime-types (~> 1.16) + treetop (~> 1.4.8) + metaclass (0.0.1) + method_source (0.8.1) + mime-types (1.23) + mini_portile (0.5.1) + minitest (4.7.5) + mocha (0.14.0) + metaclass (~> 0.0.1) + multi_json (1.7.7) + multipart-post (1.2.0) + mustache (0.99.4) + net-scp (1.1.2) + net-ssh (>= 2.6.5) + net-ssh (2.6.8) + nokogiri (1.6.0) + mini_portile (~> 0.5.0) + oauth (0.4.7) + oauth2 (0.8.1) + faraday (~> 0.8) + httpauth (~> 0.1) + jwt (~> 0.1.4) + multi_json (~> 1.0) + rack (~> 1.2) + oj (2.1.4) + omniauth (1.1.4) + hashie (>= 1.2, < 3) + rack + omniauth-cas (1.0.4) + addressable (~> 2.3) + nokogiri (~> 1.6) + omniauth (~> 1.1.0) + omniauth-facebook (1.4.1) + omniauth-oauth2 (~> 1.1.0) + omniauth-github (1.1.1) + omniauth (~> 1.0) + omniauth-oauth2 (~> 1.1) + omniauth-oauth (1.0.1) + oauth + omniauth (~> 1.0) + omniauth-oauth2 (1.1.1) + oauth2 (~> 0.8.0) + omniauth (~> 1.0) + omniauth-openid (1.0.1) + omniauth (~> 1.0) + rack-openid (~> 1.3.1) + omniauth-twitter (1.0.0) + multi_json (~> 1.3) + omniauth-oauth (~> 1.0) + openid-redis-store (0.0.2) + redis + ruby-openid + pg (0.15.1) + pg-hstore (1.1.7) + polyglot (0.3.3) + progress (2.4.0) + protected_attributes (1.0.3) + activemodel (>= 4.0.0, < 5.0) + pry (0.9.12.2) + coderay (~> 1.0.5) + method_source (~> 0.8) + slop (~> 3.4) + pry-nav (0.2.3) + pry (~> 0.9.10) + pry-rails (0.3.1) + pry (>= 0.9.10) + qunit-rails (0.0.3) + railties (>= 3.2.3) + rack (1.5.2) + rack-cache (1.2) + rack (>= 0.4) + rack-cors (0.2.8) + rack + rack-mini-profiler (0.1.27) + rack (>= 1.1.3) + rack-openid (1.3.1) + rack (>= 1.1.0) + ruby-openid (>= 2.1.8) + rack-protection (1.5.0) + rack + rack-test (0.6.2) + rack (>= 1.0) + rails (4.0.0) + actionmailer (= 4.0.0) + actionpack (= 4.0.0) + activerecord (= 4.0.0) + activesupport (= 4.0.0) + bundler (>= 1.3.0, < 2.0) + railties (= 4.0.0) + sprockets-rails (~> 2.0.0) + rails-observers (0.1.2) + activemodel (~> 4.0) + railties (4.0.0) + actionpack (= 4.0.0) + activesupport (= 4.0.0) + rake (>= 0.8.7) + thor (>= 0.18.1, < 2.0) + raindrops (0.11.0) + rake (10.1.0) + rake-compiler (0.8.3) + rake + rb-fsevent (0.9.3) + rb-inotify (0.9.0) + ffi (>= 0.5.0) + rb-kqueue (0.2.0) + ffi (>= 0.5.0) + redcarpet (3.0.0) + redis (3.0.4) + redis-namespace (1.3.0) + redis (~> 3.0.0) + redis-store (1.1.2) + redis (>= 2.2.0) + ref (1.0.5) + rest-client (1.6.7) + mime-types (>= 1.16) + rinku (1.7.3) + rspec (2.14.1) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + rspec-core (2.14.3) + rspec-expectations (2.14.0) + diff-lcs (>= 1.1.3, < 2.0) + rspec-given (3.0.0) + given_core (= 3.0.0) + rspec (>= 2.12) + rspec-mocks (2.14.1) + rspec-rails (2.14.0) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 2.14.0) + rspec-expectations (~> 2.14.0) + rspec-mocks (~> 2.14.0) + ruby-hmac (0.4.0) + ruby-openid (2.2.3) + sanitize (2.0.6) + nokogiri (>= 1.4.4) + sass (3.2.9) + sass-rails (4.0.0) + railties (>= 4.0.0.beta, < 5.0) + sass (>= 3.1.10) + sprockets-rails (~> 2.0.0) + seed-fu (1.2.3) + rails (>= 2.1) + shoulda (3.5.0) + shoulda-context (~> 1.0, >= 1.0.1) + shoulda-matchers (>= 1.4.1, < 3.0) + shoulda-context (1.1.4) + shoulda-matchers (2.2.0) + activesupport (>= 3.0.0) + sidekiq (2.13.0) + celluloid (>= 0.14.1) + connection_pool (>= 1.0.0) + json + redis (>= 3.0) + redis-namespace + sidekiq-failures (0.2.1) + sidekiq (>= 2.2.1) + simplecov (0.7.1) + multi_json (~> 1.0) + simplecov-html (~> 0.7.1) + simplecov-html (0.7.1) + sinatra (1.4.3) + rack (~> 1.4) + rack-protection (~> 1.4) + tilt (~> 1.3, >= 1.3.4) + slim (2.0.0) + temple (~> 0.6.5) + tilt (~> 1.3, >= 1.3.3) + slop (3.4.5) + sorcerer (1.0.0) + spork (0.9.2) + sprockets (2.10.0) + hike (~> 1.2) + multi_json (~> 1.0) + rack (~> 1.0) + tilt (~> 1.1, != 1.3.0) + sprockets-rails (2.0.0) + actionpack (>= 3.0) + activesupport (>= 3.0) + sprockets (~> 2.8) + temple (0.6.5) + terminal-notifier-guard (1.5.3) + therubyracer (0.11.4) + libv8 (~> 3.11.8.12) + ref + thin (1.5.1) + daemons (>= 1.0.9) + eventmachine (>= 0.12.6) + rack (>= 1.0.0) + thor (0.18.1) + thread_safe (0.1.0) + atomic + tilt (1.4.1) + timecop (0.6.2.2) + timers (1.1.0) + treetop (1.4.14) + polyglot + polyglot (>= 0.3.1) + turbo-sprockets-rails3 (0.2.9) + railties (>= 3.1.0) + sprockets (>= 2.0.0) + tzinfo (0.3.37) + uglifier (2.1.2) + execjs (>= 0.3.0) + multi_json (~> 1.0, >= 1.0.2) + unicorn (4.6.3) + kgio (~> 2.6) + rack + raindrops (~> 0.7) + +PLATFORMS + ruby + +DEPENDENCIES + actionpack-action_caching + active_attr + active_model_serializers! + activerecord-postgres-hstore + airbrake (= 3.1.2) + annotate! + barber + better_errors + binding_of_caller + certified + clockwork + diffy + discourse_emoji! + discourse_plugin! + em-redis + email_reply_parser! + ember-rails + ember-source (= 1.0.0.rc6.2) + eventmachine + fabrication + fakeweb (~> 1.3.0) + fast_blank + fast_xor! + fast_xs + fastimage + fog + guard-rspec + guard-spork + handlebars-source (= 1.0.12) + highline + hiredis + image_optim + image_sorcery + librarian (>= 0.0.25) + listen + lru_redux + message_bus! + minitest + mocha + multi_json + mustache + nokogiri + oj + omniauth + omniauth-browserid! + omniauth-cas + omniauth-facebook + omniauth-github + omniauth-openid + omniauth-twitter + openid-redis-store + pg + protected_attributes + pry-nav + pry-rails + qunit-rails + rack-cache + rack-cors + rack-mini-profiler (= 0.1.27) + rails (= 4.0.0) + rails-observers + rails_multisite! + rake + rb-fsevent + rb-inotify (~> 0.9) + redcarpet + redis + redis-rack-cache! + redis-rails! + rest-client + rinku + rspec-given + rspec-rails + sanitize + sass + sass-rails + seed-fu + shoulda + sidekiq + sidekiq-failures + simple_handlebars_rails! + simplecov + sinatra + slim + terminal-notifier-guard + therubyracer + thin + timecop + turbo-sprockets-rails3 + uglifier + unicorn + vestal_versions! diff --git a/lib/avatar_lookup.rb b/lib/avatar_lookup.rb index 2f0b81933ea..ee10e029dd5 100644 --- a/lib/avatar_lookup.rb +++ b/lib/avatar_lookup.rb @@ -1,7 +1,7 @@ class AvatarLookup def initialize(user_ids=[]) - @user_ids = user_ids.tap(&:compact!).tap(&:uniq!) + @user_ids = user_ids.tap(&:compact!).tap(&:uniq!).tap(&:flatten!) end # Lookup a user by id diff --git a/lib/freedom_patches/rails_security_fixes.rb b/lib/freedom_patches/rails_security_fixes.rb index 6f2438175c6..2d745121137 100644 --- a/lib/freedom_patches/rails_security_fixes.rb +++ b/lib/freedom_patches/rails_security_fixes.rb @@ -1,124 +1,125 @@ -module HTML - class WhiteListSanitizer - # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute - def sanitize_css(style) - # disallow urls - style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') +unless Rails.version =~ /^4/ + module HTML + class WhiteListSanitizer + # Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute + def sanitize_css(style) + # disallow urls + style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ') - # gauntlet - if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ || - style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/ - return '' - end + # gauntlet + if style !~ /\A([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*\z/ || + style !~ /\A(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*\z/ + return '' + end - clean = [] - style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val| - if allowed_css_properties.include?(prop.downcase) - clean << prop + ': ' + val + ';' - elsif shorthand_css_properties.include?(prop.split('-')[0].downcase) - unless val.split().any? do |keyword| - !allowed_css_keywords.include?(keyword) && - keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ - end - clean << prop + ': ' + val + ';' + clean = [] + style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val| + if allowed_css_properties.include?(prop.downcase) + clean << prop + ': ' + val + ';' + elsif shorthand_css_properties.include?(prop.split('-')[0].downcase) + unless val.split().any? do |keyword| + !allowed_css_keywords.include?(keyword) && + keyword !~ /\A(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)\z/ + end + clean << prop + ': ' + val + ';' + end end end + clean.join(' ') end - clean.join(' ') end end -end -module HTML - class WhiteListSanitizer - self.protocol_separator = /:|(�*58)|(p)|(�*3a)|(%|%)3A/i + module HTML + class WhiteListSanitizer + self.protocol_separator = /:|(�*58)|(p)|(�*3a)|(%|%)3A/i - def contains_bad_protocols?(attr_name, value) - uri_attributes.include?(attr_name) && - (value =~ /(^[^\/:]*):|(�*58)|(p)|(�*3a)|(%|%)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip)) + def contains_bad_protocols?(attr_name, value) + uri_attributes.include?(attr_name) && + (value =~ /(^[^\/:]*):|(�*58)|(p)|(�*3a)|(%|%)3A/i && !allowed_protocols.include?(value.split(protocol_separator).first.downcase.strip)) + end end end -end -module ActiveRecord - class Relation + module ActiveRecord + class Relation - def where_values_hash - equalities = with_default_scope.where_values.grep(Arel::Nodes::Equality).find_all { |node| - node.left.relation.name == table_name - } + def where_values_hash + equalities = with_default_scope.where_values.grep(Arel::Nodes::Equality).find_all { |node| + node.left.relation.name == table_name + } + + Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access + end - Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access end - end -end -module ActiveRecord - class PredicateBuilder # :nodoc: - def self.build_from_hash(engine, attributes, default_table, allow_table_name = true) - predicates = attributes.map do |column, value| - table = default_table + module ActiveRecord + class PredicateBuilder # :nodoc: + def self.build_from_hash(engine, attributes, default_table, allow_table_name = true) + predicates = attributes.map do |column, value| + table = default_table - if allow_table_name && value.is_a?(Hash) - table = Arel::Table.new(column, engine) + if allow_table_name && value.is_a?(Hash) + table = Arel::Table.new(column, engine) - if value.empty? - '1 = 2' - else - build_from_hash(engine, value, table, false) - end - else - column = column.to_s - - if allow_table_name && column.include?('.') - table_name, column = column.split('.', 2) - table = Arel::Table.new(table_name, engine) - end - - attribute = table[column] - - case value - when ActiveRecord::Relation - value = value.select(value.klass.arel_table[value.klass.primary_key]) if value.select_values.empty? - attribute.in(value.arel.ast) - when Array, ActiveRecord::Associations::CollectionProxy - values = value.to_a.map {|x| x.is_a?(ActiveRecord::Base) ? x.id : x} - ranges, values = values.partition {|v| v.is_a?(Range) || v.is_a?(Arel::Relation)} - - array_predicates = ranges.map {|range| attribute.in(range)} - - if values.include?(nil) - values = values.compact - if values.empty? - array_predicates << attribute.eq(nil) - else - array_predicates << attribute.in(values.compact).or(attribute.eq(nil)) - end + if value.empty? + '1 = 2' else - array_predicates << attribute.in(values) + build_from_hash(engine, value, table, false) + end + else + column = column.to_s + + if allow_table_name && column.include?('.') + table_name, column = column.split('.', 2) + table = Arel::Table.new(table_name, engine) end - array_predicates.inject {|composite, predicate| composite.or(predicate)} - when Range, Arel::Relation - attribute.in(value) - when ActiveRecord::Base - attribute.eq(value.id) - when Class - # FIXME: I think we need to deprecate this behavior - attribute.eq(value.name) - when Integer, ActiveSupport::Duration - # Arel treats integers as literals, but they should be quoted when compared with strings - column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s] - attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column))) - else - attribute.eq(value) + attribute = table[column] + + case value + when ActiveRecord::Relation + value = value.select(value.klass.arel_table[value.klass.primary_key]) if value.select_values.empty? + attribute.in(value.arel.ast) + when Array, ActiveRecord::Associations::CollectionProxy + values = value.to_a.map {|x| x.is_a?(ActiveRecord::Base) ? x.id : x} + ranges, values = values.partition {|v| v.is_a?(Range) || v.is_a?(Arel::Relation)} + + array_predicates = ranges.map {|range| attribute.in(range)} + + if values.include?(nil) + values = values.compact + if values.empty? + array_predicates << attribute.eq(nil) + else + array_predicates << attribute.in(values.compact).or(attribute.eq(nil)) + end + else + array_predicates << attribute.in(values) + end + + array_predicates.inject {|composite, predicate| composite.or(predicate)} + when Range, Arel::Relation + attribute.in(value) + when ActiveRecord::Base + attribute.eq(value.id) + when Class + # FIXME: I think we need to deprecate this behavior + attribute.eq(value.name) + when Integer, ActiveSupport::Duration + # Arel treats integers as literals, but they should be quoted when compared with strings + column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s] + attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column))) + else + attribute.eq(value) + end end end - end - predicates.flatten + predicates.flatten + end end end end - diff --git a/vendor/gems/simple_handlebars_rails/simple_handlebars_rails.gemspec b/vendor/gems/simple_handlebars_rails/simple_handlebars_rails.gemspec index 0b44ec1a59c..6938ade8923 100644 --- a/vendor/gems/simple_handlebars_rails/simple_handlebars_rails.gemspec +++ b/vendor/gems/simple_handlebars_rails/simple_handlebars_rails.gemspec @@ -10,9 +10,9 @@ Gem::Specification.new do |s| s.summary = %q{Basic Mustache Support for Rails} s.description = %q{Adds the Mustache plugin and a corresponding Sprockets engine to the asset pipeline in Rails applications.} - s.add_development_dependency "rails", ["~> 3.1"] - s.add_dependency 'rails', ['~> 3.1'] + s.add_development_dependency "rails", ["> 3.1"] + s.add_dependency 'rails', ['> 3.1'] s.files = Dir["lib/**/*"] s.require_paths = ["lib"] -end \ No newline at end of file +end