Rick Olson wrote:
On 8/8/06, Michael A. Schoen [EMAIL PROTECTED] wrote:
David Heinemeier Hansson wrote:
So...is this intentional? Would core be open to a patch that
allowed AR
to differentiate between nil -- this association needs to be loaded
and nil -- the target is actually nil?
Yes,
Kent,
We're working on it. 1.1.6 should fix it I believe. Someone on the
core chime in?
Kev
On 8/10/06, Kent Sibilev [EMAIL PROTECTED] wrote:
Hi,
I think there is still a major vulnerability exists in the latest Rails 1.1.5.
The problem is in the routing.rb file and safe_load_paths method.
I'd already mentioned this...http://dev.rubyonrails.org/ticket/5767-Jonathan.On 8/13/06,
Richard Livsey [EMAIL PROTECTED] wrote:
Rick Olson wrote: On 8/8/06, Michael A. Schoen [EMAIL PROTECTED] wrote: David Heinemeier Hansson wrote: So...is this intentional? Would core be open to a patch that
Jonathan Viney wrote:
I'd already mentioned this...
http://dev.rubyonrails.org/ticket/5767
-Jonathan.
Cool. Had a look on trac but didn't see the ticket.
Then again I have been up for 36hrs straight so I probably stared right
at it and still didn't see it!
--
Richard Livsey
Nice extraction of the inheritance code, hope this work gets some legs.
Looks good on the surface, however, your patch has some junk in it that
should be removed. It has your username in the postgres database connection
and also includes the class inheritance stuff that isn't complete. I think
On 8/12/06, Bob Silva [EMAIL PROTECTED] wrote:
Nice extraction of the inheritance code, hope this work gets some legs.
Looks good on the surface, however, your patch has some junk in it that
should be removed. It has your username in the postgres database connection
and also includes the class
I agree that the patch has some junk on it, sorry. I'll clean it up
and post in trac.
I haven't found any satisfying inheritance plugin out there and imho
it would be nice if AR would support other inheritances types right in
the core, but even if there's no intention of incorporating other
Kent,
We're working on it. 1.1.6 should fix it I believe. Someone on the
core chime in?
Yes, 1.1.6 is not vulnerable as far as we can tell. In future, this
list is *not* the place to report vulnerabilities. Perhaps we should
have a [EMAIL PROTECTED] which contacts a few of us on the core
I noticed that you can't cascade an include more than twice on the
same association (for has_many at least). It seems that the
association name table alias is used as a key to store the number of
times that the association has been used in the include. This allows
the alias to change for