ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bump rails gem and json gem 

to address: CVE-2013-0276 CVE-2013-0277 CVE-2013-0269

fixes CNVS-3779

Change-Id: I758b21251101170869c24d2f535318f6756c2d3c
Reviewed-on: https://gerrit.instructure.com/17611
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Paul Hinze <paulh@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
This commit is contained in:
Brian Palmer 2013-02-11 12:25:33 -07:00
parent eeecead08c
commit 7602a0443e
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Gemfile
View File

@ -2,7 +2,7 @@ source :rubygems
ONE_NINE = RUBY_VERSION >= "1.9."
gem 'rails', '2.3.16'
gem 'rails', '2.3.17'
gem 'authlogic', '2.1.3'
#gem 'aws-s3', '0.6.2', :require => 'aws/s3'
# use custom gem until pull request at https://github.com/marcel/aws-s3/pull/41
@ -27,7 +27,7 @@ gem 'highline', '1.6.1'
gem 'i18n', '0.6.0'
gem 'icalendar', '1.1.5'
gem 'jammit', '0.6.0'
gem 'json', '1.5.2'
gem 'json', '1.5.5'
# native xml parsing, diigo
gem 'libxml-ruby', '2.3.2', :require => 'xml/libxml'
gem 'macaddr', '1.0.0' # macaddr 1.2.0 tries to require 'systemu' which isn't a dependency

2
spec/helpers/quizzes_helper_spec.rb
View File

@ -89,7 +89,7 @@ describe QuizzesHelper do
:answers => []
)
html.should == %q|<input name="question_1" 'value=&#x27;&gt;&lt;script&gt;alert(&#x27;ha!&#x27;)&lt;/script&gt;&lt;img' readonly="readonly" />|
html.should == %q|<input name="question_1" 'value=&#39;&gt;&lt;script&gt;alert(&#39;ha!&#39;)&lt;/script&gt;&lt;img' readonly="readonly" />|
end
end
end

2
spec/lib/content_zipper_spec.rb
View File

@ -35,7 +35,7 @@ describe ContentZipper do
Zip::ZipFile.foreach(attachment.full_filename) do |f|
if f.file?
f.name.should =~ /some-999-_-1234-guy/
f.get_input_stream.read.should match(%r{This submission was a url, we&#x27;re taking you to the url link now.})
f.get_input_stream.read.should match(%r{This submission was a url, we&#39;re taking you to the url link now.})
f.get_input_stream.read.should be_include("http://www.instructure.com/")
end
end

2
spec/lib/text_helper_spec.rb
View File

@ -272,7 +272,7 @@ describe TextHelper do
context "i18n" do
it "should automatically escape Strings" do
th.mt(:foo, "We **don't** trust the following input: %{input}", :input => "`a` **b** _c_ ![d](e)\n# f\n + g\n - h").
should == "We <strong>don&#x27;t</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
should == "We <strong>don&#39;t</strong> trust the following input: `a` **b** _c_ ![d](e) # f + g - h"
end
it "should not escape MarkdownSafeBuffers" do