From 44b76489b5fd91599739cd2b40026d3d324e14d7 Mon Sep 17 00:00:00 2001
From: Brian Palmer <brianp@instructure.com>
Date: Fri, 1 Feb 2013 10:53:36 -0700
Subject: [PATCH] upgrade rails to 2.3.16

The html_escape changes were backported from rails 3 in 2.3.16, so I've
removed our modified version.

Change-Id: I0067b9d84e49459dd7d46ba53a1d597d2e0efb67
Reviewed-on: https://gerrit.instructure.com/17379
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
---
 Gemfile                              |  2 +-
 app/helpers/quizzes_helper.rb        |  2 +-
 config/initializers/rails_patches.rb | 34 +---------------------------
 spec/helpers/quizzes_helper_spec.rb  |  2 +-
 spec/lib/content_zipper_spec.rb      |  2 +-
 spec/lib/text_helper_spec.rb         |  2 +-
 6 files changed, 6 insertions(+), 38 deletions(-)

diff --git a/Gemfile b/Gemfile
index 05cf9fe6293..dbcdd1858c9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source :rubygems
 
 ONE_NINE = RUBY_VERSION >= "1.9."
 
-gem 'rails',          '2.3.15'
+gem 'rails',          '2.3.16'
 gem 'authlogic',      '2.1.3'
 #gem 'aws-s3',         '0.6.2',  :require => 'aws/s3'
 # use custom gem until pull request at https://github.com/marcel/aws-s3/pull/41
diff --git a/app/helpers/quizzes_helper.rb b/app/helpers/quizzes_helper.rb
index 44ba6bc9314..f3b761b79e2 100644
--- a/app/helpers/quizzes_helper.rb
+++ b/app/helpers/quizzes_helper.rb
@@ -178,7 +178,7 @@ module QuizzesHelper
     if answer_list && !answer_list.empty?
       index  = 0
       res.gsub %r{<input.*?name=['"](question_.*?)['"].*?/>} do |match|
-        a = h(answer_list[index]).gsub "'", "&#39;"
+        a = h(answer_list[index])
         index += 1
         #  Replace the {{question_BLAH}} template text with the user's answer text.
         match.sub(/\{\{question_.*?\}\}/, a).
diff --git a/config/initializers/rails_patches.rb b/config/initializers/rails_patches.rb
index 3fe69f8aebe..e3c15aab218 100644
--- a/config/initializers/rails_patches.rb
+++ b/config/initializers/rails_patches.rb
@@ -1,6 +1,7 @@
 ActionController::Base.param_parsers.delete(Mime::XML)
 # CVE-2013-0333
 # https://groups.google.com/d/topic/rubyonrails-security/1h2DR63ViGo/discussion
+# With Rails 2.3.16 we could remove this line, but we still prefer JSONGem for performance reasons
 ActiveSupport::JSON.backend = "JSONGem"
 
 if Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR >= 1
@@ -41,39 +42,6 @@ else
     end
   end
 
-  # https://github.com/rails/rails/commit/0e17cf17ebeb70490d7c7cd25c6bf8f9401e44b3
-  # https://github.com/rails/rails/commit/63cd9432265a32d222353b535d60333c2a6a5125
-  # Backport from Rails 3.1
-  ERB::Util.module_eval do
-    # Detect whether 1.9 can transcode with XML escaping.
-    if '"&gt;&lt;&amp;&quot;"' == ('><&"'.encode('utf-8', :xml => :attr) rescue false)
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
-        end
-      end
-    else
-      def html_escape(s)
-        s = s.to_s
-        if s.html_safe?
-          s
-        else
-          s.gsub(/[&"><]/n) { |special| ERB::Util::HTML_ESCAPE[special] }.html_safe
-        end
-      end
-    end
-
-    remove_method(:h)
-    alias h html_escape
-
-    module_function :h
-    module_function :html_escape
-  end
-
-
   # Fix for has_many :through where the through and target reflections are the
   # same table (the through table needs to be aliased)
   # https://github.com/rails/rails/issues/669 (fixed in rails 3.1)
diff --git a/spec/helpers/quizzes_helper_spec.rb b/spec/helpers/quizzes_helper_spec.rb
index fda6e8df742..23c6e988be8 100644
--- a/spec/helpers/quizzes_helper_spec.rb
+++ b/spec/helpers/quizzes_helper_spec.rb
@@ -89,7 +89,7 @@ describe QuizzesHelper do
         :answers => []
       )
 
-      html.should == %q|<input name="question_1" 'value=&#39;&gt;&lt;script&gt;alert(&#39;ha!&#39;)&lt;/script&gt;&lt;img' readonly="readonly" />|
+      html.should == %q|<input name="question_1" 'value=&#x27;&gt;&lt;script&gt;alert(&#x27;ha!&#x27;)&lt;/script&gt;&lt;img' readonly="readonly" />|
     end
   end
 end
diff --git a/spec/lib/content_zipper_spec.rb b/spec/lib/content_zipper_spec.rb
index 1b368615cb6..da0b7b5cb93 100644
--- a/spec/lib/content_zipper_spec.rb
+++ b/spec/lib/content_zipper_spec.rb
@@ -35,7 +35,7 @@ describe ContentZipper do
       Zip::ZipFile.foreach(attachment.full_filename) do |f|
         if f.file?
           f.name.should =~ /some-999-_-1234-guy/
-          f.get_input_stream.read.should match(%r{This submission was a url, we're taking you to the url link now.})
+          f.get_input_stream.read.should match(%r{This submission was a url, we&#x27;re taking you to the url link now.})
           f.get_input_stream.read.should be_include("http://www.instructure.com/")
         end
       end
diff --git a/spec/lib/text_helper_spec.rb b/spec/lib/text_helper_spec.rb
index 93ef7a82a60..1f46ab6bece 100644
--- a/spec/lib/text_helper_spec.rb
+++ b/spec/lib/text_helper_spec.rb
@@ -272,7 +272,7 @@ describe TextHelper do
     context "i18n" do
       it "should automatically escape Strings" do
         th.mt(:foo, "We **don't** trust the following input: %{input}", :input => "`a` **b** _c_ ![d](e)\n# f\n + g\n - h").
-          should == "We <strong>don't</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
+          should == "We <strong>don&#x27;t</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
       end
 
       it "should not escape MarkdownSafeBuffers" do