From baf3cf9abff867afb8b542367fedb6e6fb1364e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonne=20Ha=C3=9F?= Date: Wed, 24 Oct 2012 19:02:06 +0200 Subject: [PATCH 1/4] don't error out if the root of a reshare of a reshare got deleted, fixes #3546 --- Changelog.md | 4 ++++ app/presenters/post_presenter.rb | 2 +- spec/presenters/post_presenter_spec.rb | 10 ++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 500303cbf..a5af6a57f 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +# 0.0.1.2 + +Fix exception when the root of a reshare of a reshare got deleted [#3546](https://github.com/diaspora/diaspora/issues/3546) + # 0.0.1.1 Fix syntax error in French Javascript pluralization rule. diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb index a5619a0d4..a0558bc4e 100644 --- a/app/presenters/post_presenter.rb +++ b/app/presenters/post_presenter.rb @@ -63,7 +63,7 @@ class PostPresenter end def root - PostPresenter.new(@post.absolute_root, current_user).as_json if @post.respond_to?(:root) && @post.root.present? + PostPresenter.new(@post.absolute_root, current_user).as_json if @post.respond_to?(:absolute_root) && @post.absolute_root.present? end def user_like diff --git a/spec/presenters/post_presenter_spec.rb b/spec/presenters/post_presenter_spec.rb index f23b848f6..1d70df86f 100644 --- a/spec/presenters/post_presenter_spec.rb +++ b/spec/presenters/post_presenter_spec.rb @@ -44,6 +44,16 @@ describe PostPresenter do end describe '#root' do + it 'does not raise if the absolute_root does not exists' do + first_reshare = FactoryGirl.create :reshare + first_reshare.root = nil + reshare = FactoryGirl.create :reshare, :root => first_reshare + + expect { + PostPresenter.new(reshare).root + }.to_not raise_error + end + it 'does not raise if the root does not exists' do reshare = FactoryGirl.create:reshare reshare.root = nil From e0d50c8522ed10fdad6a7868ab71a972bb496dfe Mon Sep 17 00:00:00 2001 From: Florian Staudacher Date: Wed, 24 Oct 2012 19:54:37 +0200 Subject: [PATCH 2/4] bump version to 0.0.1.2 --- config/defaults.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/defaults.yml b/config/defaults.yml index 0f5824620..a4d44bb35 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.0.1.1" + number: "0.0.1.2" release: true # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch. heroku: false environment: From 42f47626890218a180870bc3f44ec57625b0779c Mon Sep 17 00:00:00 2001 From: Florian Staudacher Date: Tue, 20 Nov 2012 19:09:36 +0100 Subject: [PATCH 3/4] changelog update before release --- Changelog.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index d938b5de6..640dccbd2 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,4 +1,4 @@ -# 0.0.2.0pre +# 0.0.2.0 ## Refactor @@ -27,6 +27,7 @@ ## Bug Fixes +* Fix missing X-Frame headers [#3739](https://github.com/diaspora/diaspora/pull/3739) * Fix image path for padlocks [#3682](https://github.com/diaspora/diaspora/pull/3682) * Fix posting to Facebook and Tumblr. Have a look at the updated [services guide](https://github.com/diaspora/diaspora/wiki/Howto-setup-services) for new Facebook instructions. * Fix overflow button in mobile reset password. [#3697](https://github.com/diaspora/diaspora/pull/3697) From 11f82c794e43ccb1f00d411ed8b948a4225cc33c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonne=20Ha=C3=9F?= Date: Wed, 2 Jan 2013 23:40:46 +0100 Subject: [PATCH 4/4] Bump to Rails 3.2.10 as per CVE-2012-5664 https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53 --- Changelog.md | 4 +++ Gemfile | 2 +- Gemfile.lock | 60 +++++++++++++++++++++++---------------------- config/defaults.yml | 2 +- 4 files changed, 37 insertions(+), 31 deletions(-) diff --git a/Changelog.md b/Changelog.md index 2878b6d74..1b0476ed9 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,7 @@ +# 0.0.2.1 + +* Upgrade to Rails 3.2.10 as per CVE-2012-5664. [Read more](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53) + # 0.0.2.0 ## Refactor diff --git a/Gemfile b/Gemfile index 912c67abd..9779d6a66 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'http://rubygems.org' -gem 'rails', '3.2.8' +gem 'rails', '3.2.10' gem 'foreman', '0.60.2' diff --git a/Gemfile.lock b/Gemfile.lock index 458e18d72..8d30ba0e2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -17,34 +17,34 @@ GIT GEM remote: http://rubygems.org/ specs: - actionmailer (3.2.8) - actionpack (= 3.2.8) + actionmailer (3.2.10) + actionpack (= 3.2.10) mail (~> 2.4.4) - actionpack (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) + actionpack (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) rack (~> 1.4.0) rack-cache (~> 1.2) rack-test (~> 0.6.1) - sprockets (~> 2.1.3) - activemodel (3.2.8) - activesupport (= 3.2.8) + sprockets (~> 2.2.1) + activemodel (3.2.10) + activesupport (= 3.2.10) builder (~> 3.0.0) - activerecord (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) + activerecord (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) arel (~> 3.0.2) tzinfo (~> 0.3.29) activerecord-import (0.2.11) activerecord (~> 3.0) activerecord (~> 3.0) - activeresource (3.2.8) - activemodel (= 3.2.8) - activesupport (= 3.2.8) - activesupport (3.2.8) + activeresource (3.2.10) + activemodel (= 3.2.10) + activesupport (= 3.2.10) + activesupport (3.2.10) i18n (~> 0.6) multi_json (~> 1.0) acts-as-taggable-on (2.3.3) @@ -231,7 +231,7 @@ GEM mobile-fu (1.1.0) rack-mobile-detect rails - multi_json (1.3.7) + multi_json (1.5.0) multipart-post (1.1.5) mysql2 (0.3.11) nested_form (0.2.3) @@ -292,14 +292,14 @@ GEM rack rack-test (0.6.2) rack (>= 1.0) - rails (3.2.8) - actionmailer (= 3.2.8) - actionpack (= 3.2.8) - activerecord (= 3.2.8) - activeresource (= 3.2.8) - activesupport (= 3.2.8) + rails (3.2.10) + actionmailer (= 3.2.10) + actionpack (= 3.2.10) + activerecord (= 3.2.10) + activeresource (= 3.2.10) + activesupport (= 3.2.10) bundler (~> 1.0) - railties (= 3.2.8) + railties (= 3.2.10) rails-i18n (0.7.0) i18n (~> 0.5) rails_admin (0.2.0) @@ -318,15 +318,15 @@ GEM sass-rails (~> 3.1) rails_autolink (1.0.9) rails (~> 3.1) - railties (3.2.8) - actionpack (= 3.2.8) - activesupport (= 3.2.8) + railties (3.2.10) + actionpack (= 3.2.10) + activesupport (= 3.2.10) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) raindrops (0.10.0) - rake (0.9.2.2) + rake (10.0.3) rb-fsevent (0.9.2) rb-inotify (0.8.8) ffi (>= 0.5.0) @@ -379,8 +379,9 @@ GEM tilt (~> 1.3, >= 1.3.3) slop (3.3.3) spork (1.0.0rc3) - sprockets (2.1.3) + sprockets (2.2.2) hike (~> 1.2) + multi_json (~> 1.0) rack (~> 1.0) tilt (~> 1.1, != 1.3.0) subexec (0.2.2) @@ -469,9 +470,10 @@ DEPENDENCIES rack-cors (= 0.2.7) rack-google-analytics (= 0.11.0) rack-piwik (= 0.1.3) + rack-protection (= 1.2) rack-rewrite (= 1.3.1) rack-ssl (= 1.3.2) - rails (= 3.2.8) + rails (= 3.2.10) rails-i18n (= 0.7.0) rails_admin (= 0.2.0) rails_autolink (= 1.0.9) diff --git a/config/defaults.yml b/config/defaults.yml index 0f15d57e3..4d11a5c41 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.0.2.0" + number: "0.0.2.1" release: true # Do not touch unless in a merge conflict on doing a release, master should have a commit setting this to true which is not backported to the develop branch. heroku: false environment: