upgrade rails to 2.3.16

The html_escape changes were backported from rails 3 in 2.3.16, so I've removed our modified version. Change-Id: I0067b9d84e49459dd7d46ba53a1d597d2e0efb67 Reviewed-on: https://gerrit.instructure.com/17379 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> Reviewed-by: Cameron Matheson <cameron@instructure.com> QA-Review: Clare Hetherington <clare@instructure.com>
2013-02-01 10:53:36 -07:00 · 2013-02-01 10:53:36 -07:00 · 44b76489b5
parent d7bac4a190
commit 44b76489b5
6 changed files with 6 additions and 38 deletions
--- a/2
+++ b/2
@ -2,7 +2,7 @@ source :rubygems

 ONE_NINE = RUBY_VERSION >= "1.9."

-gem 'rails',          '2.3.15'
+gem 'rails',          '2.3.16'
 gem 'authlogic',      '2.1.3'
 #gem 'aws-s3',         '0.6.2',  :require => 'aws/s3'
 # use custom gem until pull request at https://github.com/marcel/aws-s3/pull/41
--- a/app/helpers/quizzes_helper.rb
+++ b/app/helpers/quizzes_helper.rb
@ -178,7 +178,7 @@ module QuizzesHelper
    if answer_list && !answer_list.empty?
      index  = 0
      res.gsub %r{<input.*?name=['"](question_.*?)['"].*?/>} do |match|
-        a = h(answer_list[index]).gsub "'", "&#39;"
+        a = h(answer_list[index])
        index += 1
        #  Replace the {{question_BLAH}} template text with the user's answer text.
        match.sub(/\{\{question_.*?\}\}/, a).
--- a/config/initializers/rails_patches.rb
+++ b/config/initializers/rails_patches.rb
@ -1,6 +1,7 @@
 ActionController::Base.param_parsers.delete(Mime::XML)
 # CVE-2013-0333
 # https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion
+# With Rails 2.3.16 we could remove this line, but we still prefer JSONGem for performance reasons
 ActiveSupport::JSON.backend = "JSONGem"

 if Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR >= 1
@ -41,39 +42,6 @@ else
    end
  end

-  # https://github.com/rails/rails/commit/0e17cf17ebeb70490d7c7cd25c6bf8f9401e44b3
-  # https://github.com/rails/rails/commit/63cd9432265a32d222353b535d60333c2a6a5125
-  # Backport from Rails 3.1
-  ERB::Util.module_eval do
-    # Detect whether 1.9 can transcode with XML escaping.
-    if '"&gt;&lt;&amp;&quot;"' == ('><&"'.encode('utf-8', :xml => :attr) rescue false)
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
-        end
-      end
-    else
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.gsub(/[&"><]/n) { |special| ERB::Util::HTML_ESCAPE[special] }.html_safe
-        end
-      end
-    end
-
-    remove_method(:h)
-    alias h html_escape
-
-    module_function :h
-    module_function :html_escape
-  end
-
-
  # Fix for has_many :through where the through and target reflections are the
  # same table (the through table needs to be aliased)
  # https://github.com/rails/rails/issues/669 (fixed in rails 3.1)
--- a/spec/helpers/quizzes_helper_spec.rb
+++ b/spec/helpers/quizzes_helper_spec.rb
@ -89,7 +89,7 @@ describe QuizzesHelper do
        :answers => []
      )

-      html.should == %q|<input name="question_1" 'value=&#39;&gt;&lt;script&gt;alert(&#39;ha!&#39;)&lt;/script&gt;&lt;img' readonly="readonly" />|
+      html.should == %q|<input name="question_1" 'value=&#x27;&gt;&lt;script&gt;alert(&#x27;ha!&#x27;)&lt;/script&gt;&lt;img' readonly="readonly" />|
    end
  end
 end
--- a/spec/lib/content_zipper_spec.rb
+++ b/spec/lib/content_zipper_spec.rb
@ -35,7 +35,7 @@ describe ContentZipper do
      Zip::ZipFile.foreach(attachment.full_filename) do |f|
        if f.file?
          f.name.should =~ /some-999-_-1234-guy/
-          f.get_input_stream.read.should match(%r{This submission was a url, we're taking you to the url link now.})
+          f.get_input_stream.read.should match(%r{This submission was a url, we&#x27;re taking you to the url link now.})
          f.get_input_stream.read.should be_include("http://www.instructure.com/")
        end
      end
--- a/spec/lib/text_helper_spec.rb
+++ b/spec/lib/text_helper_spec.rb
@ -272,7 +272,7 @@ describe TextHelper do
    context "i18n" do
      it "should automatically escape Strings" do
        th.mt(:foo, "We **don't** trust the following input: %{input}", :input => "`a` **b** _c_ ![d](e)\n# f\n + g\n - h").
-          should == "We <strong>don't</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
+          should == "We <strong>don&#x27;t</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
      end

      it "should not escape MarkdownSafeBuffers" do