Upgrade to Rails 2.3.16

- Addresses critical security vulnerability in Rails
author: Christian Johansen <christian@gitorious.com> 2013-01-29 08:12:53 (GMT)
committer: Christian Johansen <christian@gitorious.com> 2013-01-29 08:12:53 (GMT)
commit: af84d8a3c3094871b1bbf61acd4ad3db8c8a0d26 (patch)
tree: cea703453994826e2ae81f827ce250bf2ee895de
parent: 7e2ef85be9f50608f6ecdcc7b3b3e0f0aaa45572 (diff)
4 files changed, 22 insertions, 43 deletions
diff --git a/Gemfile b/Gemfile
index 7fea995..cbfbb09 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,16 +1,6 @@
 source "http://rubygems.org"
 
-# Last released version of Rails 2.3 is 2.3.15, which does not address
-# all known security vulnerabilities.
-git "git://github.com/rails/rails.git", :branch => "2-3-stable" do
-  gem "rails"
-  gem "actionmailer"
-  gem "actionpack"
-  gem "activerecord"
-  gem "activeresource"
-  gem "activesupport"
-end
-
+gem "rails", "2.3.16"
 gem "chronic", "0.3.0"
 gem "geoip", "0.8.9"
 gem "daemons", "1.1.0", :require => false
diff --git a/Gemfile.lock b/Gemfile.lock
index 53fabd0..12f7e01 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,27 +1,4 @@
 GIT
-  remote: git://github.com/rails/rails.git
-  revision: 3b75781d38260f5f4f2f0b944a79d16121d31342
-  branch: 2-3-stable
-  specs:
-    actionmailer (2.3.15)
-      actionpack (= 2.3.15)
-    actionpack (2.3.15)
-      activesupport (= 2.3.15)
-      rack (~> 1.1.0)
-    activerecord (2.3.15)
-      activesupport (= 2.3.15)
-    activeresource (2.3.15)
-      activesupport (= 2.3.15)
-    activesupport (2.3.15)
-    rails (2.3.15)
-      actionmailer (= 2.3.15)
-      actionpack (= 2.3.15)
-      activerecord (= 2.3.15)
-      activeresource (= 2.3.15)
-      activesupport (= 2.3.15)
-      rake (>= 0.8.3)
-
-GIT
   remote: https://github.com/roman/rots.git
   revision: babb5559aae8914556da528147b6649b9c48f48c
   specs:
@@ -31,12 +8,22 @@ GEM
   remote: http://rubygems.org/
   specs:
     SystemTimer (1.2.3)
+    actionmailer (2.3.16)
+      actionpack (= 2.3.16)
+    actionpack (2.3.16)
+      activesupport (= 2.3.16)
+      rack (~> 1.1.0)
     activemessaging (0.7.1)
       activesupport (>= 1.0.0)
+    activerecord (2.3.16)
+      activesupport (= 2.3.16)
     activerecord-jdbc-adapter (1.2.2.1)
     activerecord-jdbcmysql-adapter (1.2.2.1)
       activerecord-jdbc-adapter (~> 1.2.2.1)
       jdbc-mysql (~> 5.1.0)
+    activeresource (2.3.16)
+      activesupport (= 2.3.16)
+    activesupport (2.3.16)
     acts-as-taggable-on (2.0.6)
     addressable (2.2.8)
     after_commit (1.0.10)
@@ -103,9 +90,16 @@ GEM
       mime-types
     proxymachine (1.2.4)
       eventmachine (>= 0.12.10)
-    rack (1.1.4)
+    rack (1.1.5)
     rack-test (0.6.2)
       rack (>= 1.0)
+    rails (2.3.16)
+      actionmailer (= 2.3.16)
+      actionpack (= 2.3.16)
+      activerecord (= 2.3.16)
+      activeresource (= 2.3.16)
+      activesupport (= 2.3.16)
+      rake (>= 0.8.3)
     raindrops (0.10.0)
     rake (0.8.7)
     rdiscount (1.3.1.1)
@@ -171,13 +165,8 @@ PLATFORMS
 
 DEPENDENCIES
   SystemTimer (= 1.2.3)
-  actionmailer!
-  actionpack!
   activemessaging (= 0.7.1)
-  activerecord!
   activerecord-jdbcmysql-adapter
-  activeresource!
-  activesupport!
   acts-as-taggable-on (= 2.0.6)
   builder (= 3.0.0)
   capillary (~> 1.0.1)
@@ -203,7 +192,7 @@ DEPENDENCIES
   oauth (= 0.4.4)
   paperclip (~> 2.7.2)
   proxymachine (= 1.2.4)
-  rails!
+  rails (= 2.3.16)
   rake (= 0.8.7)
   rdiscount (= 1.3.1.1)
   resque (= 1.9.8)
diff --git a/config/environment.rb b/config/environment.rb
index bd06aaf..393eebc 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -4,7 +4,7 @@
 # you don't control web/app server and can't set it the proper way
 
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '2.3.15' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.3.16' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
diff --git a/test/unit/helpers/blobs_helper_test.rb b/test/unit/helpers/blobs_helper_test.rb
index f90e12d..20fb57f 100644
--- a/test/unit/helpers/blobs_helper_test.rb
+++ b/test/unit/helpers/blobs_helper_test.rb
@@ -36,7 +36,7 @@ class BlobsHelperTest < ActionView::TestCase
   context "render_highlighted()" do
     should "html escape the line & add the proper class" do
       res = render_highlighted("puts '<foo>'", "foo.rb")
-      assert res.include?(%Q{<td class="code"><pre class="prettyprint lang-rb">puts '&lt;foo&gt;'</pre></td>}), res
+      assert res.include?(%Q{<td class="code"><pre class="prettyprint lang-rb">puts &#x27;&lt;foo&gt;&#x27;</pre></td>}), res
     end
 
     should "add line numbers" do
author	Christian Johansen <christian@gitorious.com>	2013-01-29 08:12:53 (GMT)
committer	Christian Johansen <christian@gitorious.com>	2013-01-29 08:12:53 (GMT)
commit	af84d8a3c3094871b1bbf61acd4ad3db8c8a0d26 (patch)
tree	cea703453994826e2ae81f827ce250bf2ee895de
parent	7e2ef85be9f50608f6ecdcc7b3b3e0f0aaa45572 (diff)