From ab75d7b36d115317b5a0e9b2d36172321e9f40bf Mon Sep 17 00:00:00 2001 From: Mamoru Tasaka Date: Dec 06 2009 17:38:02 +0000 Subject: fix patch --- diff --git a/rubygem-actionpack-2.2.x-strip_tag-for-nonprintable.patch b/rubygem-actionpack-2.2.x-strip_tag-for-nonprintable.patch index 8656379..2c3a958 100644 --- a/rubygem-actionpack-2.2.x-strip_tag-for-nonprintable.patch +++ b/rubygem-actionpack-2.2.x-strip_tag-for-nonprintable.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Make sure strip_tags removes tags which start with a non-printa Signed-off-by: Michael Koziarski --- .../vendor/html-scanner/html/node.rb | 2 +- + .../test/controller/html-scanner/sanitizer_test.rb | 1 + 2 files changed, 2 insertions(+), 1 deletions(-) diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb @@ -21,15 +22,3 @@ index 6c03316..0cd05d8 100644 name.downcase! unless closing -index bae0f5c..51baba6 100644 -@@ -19,6 +19,7 @@ class SanitizerTest < Test::Unit::TestCase - assert_equal "This has a here.", sanitizer.sanitize("This has a here.") - assert_equal "This has a here.", sanitizer.sanitize("This has a ]]> here.") - assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed ]] here...") -+ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag") - [nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) } - end - --- -1.6.0.1 - diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec index 2dc35f1..f03061b 100644 --- a/rubygem-actionpack.spec +++ b/rubygem-actionpack.spec @@ -7,7 +7,7 @@ Summary: Web-flow and rendering framework putting the VC in MVC Name: rubygem-%{gemname} Version: 2.1.1 -Release: 4%{?dist} +Release: 5%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -71,7 +71,7 @@ rm -rf %{buildroot} %changelog -* Mon Dec 7 2009 Mamoru Tasaka - 2.1.1-4 +* Mon Dec 7 2009 Mamoru Tasaka - 2.1.1-5 - Fix for potential CSRF protection circumvention (bug 544329) - Fix for XSS weakness in strip_tags (bug 542786)