Last active
December 12, 2015 01:09
-
-
Save uxp/4689141 to your computer and use it in GitHub Desktop.
Mac OS X Mountain Lion Server.app (v2.2 - 166) Rails Vulnerability Patch - Cumulative
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/http/request.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/http/request.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/http/request.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/http/request.rb 2013-01-31 20:48:46.000000000 -0700 | |
| @@ -257,5 +257,30 @@ | |
| def local? | |
| LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip } | |
| end | |
| + | |
| + # Remove nils from the params hash | |
| + def deep_munge(hash) | |
| + hash.each do |k, v| | |
| + case v | |
| + when Array | |
| + if v.size > 0 && v.all?(&:nil) | |
| + hash[k] = nil | |
| + next | |
| + end | |
| + v.grep(Hash) { |x| deep_munge(x) } | |
| + v.compact! | |
| + when Hash | |
| + deep_munge(v) | |
| + end | |
| + end | |
| + | |
| + hash | |
| + end | |
| + | |
| + protected | |
| + | |
| + def parse_query(sq) | |
| + deep_munge(super) | |
| + end | |
| end | |
| end | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb 2013-01-31 20:50:12.000000000 -0700 | |
| @@ -38,13 +38,13 @@ | |
| when Proc | |
| strategy.call(request.raw_post) | |
| when :xml_simple, :xml_node | |
| - data = Hash.from_xml(request.body.read) || {} | |
| + data = request.deep_munge(Hash.from_xml(request.body.read) || {}) | |
| request.body.rewind if request.body.respond_to?(:rewind) | |
| data.with_indifferent_access | |
| when :yaml | |
| YAML.load(request.raw_post) | |
| when :json | |
| - data = ActiveSupport::JSON.decode(request.body) | |
| + data = request.deep_munge ActiveSupport::JSON.decode(request.body) | |
| request.body.rewind if request.body.respond_to?(:rewind) | |
| data = {:_json => data} unless data.is_a?(Hash) | |
| data.with_indifferent_access | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb 2013-01-31 20:31:22.000000000 -0700 | |
| @@ -988,7 +988,11 @@ | |
| attribute_names = match.attribute_names | |
| super unless all_attributes_exists?(attribute_names) | |
| if match.finder? | |
| - options = arguments.extract_options! | |
| + options = if arguments.length > attribute_names.size | |
| + arguments.extract_options! | |
| + else | |
| + {} | |
| + end | |
| relation = options.any? ? construct_finder_arel(options, current_scoped_methods) : scoped | |
| relation.send :find_by_attributes, match, attribute_names, *arguments | |
| elsif match.instantiator? | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/relation/predicate_builder.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/relation/predicate_builder.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/relation/predicate_builder.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activerecord-3.0.10/lib/active_record/relation/predicate_builder.rb 2013-01-31 20:56:41.000000000 -0700 | |
| @@ -5,17 +5,22 @@ | |
| @engine = engine | |
| end | |
| - def build_from_hash(attributes, default_table) | |
| + def build_from_hash(attributes, default_table, allow_table_name = true) | |
| predicates = attributes.map do |column, value| | |
| table = default_table | |
| - if value.is_a?(Hash) | |
| + if allow_table_name && value.is_a?(Hash) | |
| table = Arel::Table.new(column, :engine => @engine) | |
| - build_from_hash(value, table) | |
| + | |
| + if value.empty? | |
| + '1 = 2' | |
| + else | |
| + build_from_hash(value, table, false) | |
| + end | |
| else | |
| column = column.to_s | |
| - if column.include?('.') | |
| + if allow_table_name && column.include?('.') | |
| table_name, column = column.split('.', 2) | |
| table = Arel::Table.new(table_name, :engine => @engine) | |
| end | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/hash/conversions.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/hash/conversions.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/hash/conversions.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/hash/conversions.rb 2013-01-31 21:03:10.000000000 -0700 | |
| @@ -73,15 +73,33 @@ | |
| end | |
| end | |
| + class DisallowedType < StandardError #:nodoc: | |
| + def initialize(type) | |
| + super "Disallowed type attribute: #{type.inspect}" | |
| + end | |
| + end | |
| + | |
| + DISALLOWED_XML_TYPES = %w(symbol yaml) | |
| + | |
| class << self | |
| - def from_xml(xml) | |
| - typecast_xml_value(unrename_keys(ActiveSupport::XmlMini.parse(xml))) | |
| + def from_xml(xml, disallowed_types = nil) | |
| + typecast_xml_value(unrename_keys(ActiveSupport::XmlMini.parse(xml)), disallowed_types) | |
| end | |
| + def from_trusted_xml(xml) | |
| + from_xml xml, [] | |
| + end | |
| + | |
| private | |
| - def typecast_xml_value(value) | |
| + def typecast_xml_value(value, disallowed_types = nil) | |
| + disallowed_types ||= DISALLOWED_XML_TYPES | |
| + | |
| case value.class.to_s | |
| when 'Hash' | |
| + if value.include?('type') && !value['type'].is_a?(Hash) && disallowed_types.include?(value['type']) | |
| + raise DisallowedType, value['type'] | |
| + end | |
| + | |
| if value['type'] == 'array' | |
| _, entries = Array.wrap(value.detect { |k,v| k != 'type' }) | |
| if entries.nil? || (c = value['__content__'] && c.blank?) | |
| @@ -89,9 +107,9 @@ | |
| else | |
| case entries.class.to_s # something weird with classes not matching here. maybe singleton methods breaking is_a? | |
| when "Array" | |
| - entries.collect { |v| typecast_xml_value(v) } | |
| + entries.collect { |v| typecast_xml_value(v, disallowed_types) } | |
| when "Hash" | |
| - [typecast_xml_value(entries)] | |
| + [typecast_xml_value(entries, disallowed_types)] | |
| else | |
| raise "can't typecast #{entries.inspect}" | |
| end | |
| @@ -116,7 +134,7 @@ | |
| nil | |
| else | |
| xml_value = value.inject({}) do |h,(k,v)| | |
| - h[k] = typecast_xml_value(v) | |
| + h[k] = typecast_xml_value(v, disallowed_types) | |
| h | |
| end | |
| @@ -125,7 +143,7 @@ | |
| xml_value["file"].is_a?(StringIO) ? xml_value["file"] : xml_value | |
| end | |
| when 'Array' | |
| - value.map! { |i| typecast_xml_value(i) } | |
| + value.map! { |i| typecast_xml_value(i, disallowed_types) } | |
| value.length > 1 ? value : value.first | |
| when 'String' | |
| value | |
| Only in b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/backends: okjson.rb | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/backends/yaml.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/backends/yaml.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/backends/yaml.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/backends/yaml.rb 2013-01-31 20:29:19.000000000 -0700 | |
| @@ -8,102 +8,10 @@ | |
| extend self | |
| EXCEPTIONS = [::ArgumentError] # :nodoc: | |
| - begin | |
| - require 'psych' | |
| - EXCEPTIONS << Psych::SyntaxError | |
| - rescue LoadError | |
| - end | |
| - # Parses a JSON string or IO and converts it into an object | |
| def decode(json) | |
| - if json.respond_to?(:read) | |
| - json = json.read | |
| - end | |
| - YAML.load(convert_json_to_yaml(json)) | |
| - rescue *EXCEPTIONS => e | |
| - raise ParseError, "Invalid JSON string: '%s'" % json | |
| + raise "Warning: The Yaml backend has been deprecated due to security risks, you should set ActiveSupport::JSON.backend = 'OkJson'" | |
| end | |
| - | |
| - protected | |
| - # Ensure that ":" and "," are always followed by a space | |
| - def convert_json_to_yaml(json) #:nodoc: | |
| - require 'strscan' unless defined? ::StringScanner | |
| - scanner, quoting, marks, pos, times = ::StringScanner.new(json), false, [], nil, [] | |
| - while scanner.scan_until(/(\\['"]|['":,\\]|\\.)/) | |
| - case char = scanner[1] | |
| - when '"', "'" | |
| - if !quoting | |
| - quoting = char | |
| - pos = scanner.pos | |
| - elsif quoting == char | |
| - if valid_date?(json[pos..scanner.pos-2]) | |
| - # found a date, track the exact positions of the quotes so we can | |
| - # overwrite them with spaces later. | |
| - times << pos | |
| - end | |
| - quoting = false | |
| - end | |
| - when ":","," | |
| - marks << scanner.pos - 1 unless quoting | |
| - when "\\" | |
| - scanner.skip(/\\/) | |
| - end | |
| - end | |
| - | |
| - if marks.empty? | |
| - json.gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do | |
| - ustr = $1 | |
| - if ustr.start_with?('u') | |
| - char = [ustr[1..-1].to_i(16)].pack("U") | |
| - # "\n" needs extra escaping due to yaml formatting | |
| - char == "\n" ? "\\n" : char | |
| - elsif ustr == '\\' | |
| - '\\\\' | |
| - else | |
| - ustr | |
| - end | |
| - end | |
| - else | |
| - left_pos = [-1].push(*marks) | |
| - right_pos = marks << scanner.pos + scanner.rest_size | |
| - output = [] | |
| - left_pos.each_with_index do |left, i| | |
| - scanner.pos = left.succ | |
| - chunk = scanner.peek(right_pos[i] - scanner.pos + 1) | |
| - # overwrite the quotes found around the dates with spaces | |
| - while times.size > 0 && times[0] <= right_pos[i] | |
| - chunk.insert(times.shift - scanner.pos - 1, '! ') | |
| - end | |
| - chunk.gsub!(/\\([\\\/]|u[[:xdigit:]]{4})/) do | |
| - ustr = $1 | |
| - if ustr.start_with?('u') | |
| - char = [ustr[1..-1].to_i(16)].pack("U") | |
| - # "\n" needs extra escaping due to yaml formatting | |
| - char == "\n" ? "\\n" : char | |
| - elsif ustr == '\\' | |
| - '\\\\' | |
| - else | |
| - ustr | |
| - end | |
| - end | |
| - output << chunk | |
| - end | |
| - output = output * " " | |
| - | |
| - output.gsub!(/\\\//, '/') | |
| - output | |
| - end | |
| - end | |
| - | |
| - private | |
| - def valid_date?(date_string) | |
| - begin | |
| - date_string =~ DATE_REGEX && DateTime.parse(date_string) | |
| - rescue ArgumentError | |
| - false | |
| - end | |
| - end | |
| - | |
| end | |
| end | |
| end | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/decoding.rb b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/decoding.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/decoding.rb 2013-01-26 14:46:11.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/collabd/gems/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/json/decoding.rb 2013-01-31 20:29:19.000000000 -0700 | |
| @@ -7,7 +7,7 @@ | |
| module JSON | |
| # Listed in order of preference. | |
| - DECODERS = %w(Yajl Yaml) | |
| + DECODERS = %w(Yajl OkJson) | |
| class << self | |
| attr_reader :parse_error | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activerecord/lib/active_record/base.rb b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activerecord/lib/active_record/base.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activerecord/lib/active_record/base.rb 2013-01-26 14:46:13.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activerecord/lib/active_record/base.rb 2013-01-31 20:13:12.000000000 -0700 | |
| @@ -1897,7 +1897,11 @@ | |
| # end | |
| self.class_eval <<-EOS, __FILE__, __LINE__ + 1 | |
| def self.#{method_id}(*args) | |
| - options = args.extract_options! | |
| + options = if args.length > #{attribute_names.size} | |
| + args.extract_options! | |
| + else | |
| + {} | |
| + end | |
| attributes = construct_attributes_from_arguments( | |
| [:#{attribute_names.join(',:')}], | |
| args | |
| @@ -2336,6 +2340,8 @@ | |
| def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name) | |
| attrs = expand_hash_conditions_for_aggregates(attrs) | |
| + return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty? | |
| + | |
| conditions = attrs.map do |attr, value| | |
| table_name = default_table_name | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/core_ext/hash/conversions.rb b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/core_ext/hash/conversions.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/core_ext/hash/conversions.rb 2013-01-26 14:46:13.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/core_ext/hash/conversions.rb 2013-01-31 20:13:12.000000000 -0700 | |
| @@ -26,6 +26,13 @@ | |
| end | |
| end | |
| + DISALLOWED_XML_TYPES = %w(symbol yaml) | |
| + class DisallowedType < StandardError #:nodoc: | |
| + def initialize(type) | |
| + super "Disallowed type attribute: #{type.inspect}" | |
| + end | |
| + end | |
| + | |
| XML_TYPE_NAMES = { | |
| "Symbol" => "symbol", | |
| "Fixnum" => "integer", | |
| @@ -160,14 +167,24 @@ | |
| end | |
| module ClassMethods | |
| - def from_xml(xml) | |
| - typecast_xml_value(unrename_keys(XmlMini.parse(xml))) | |
| + def from_xml(xml, disallowed_types = nil) | |
| + typecast_xml_value(unrename_keys(XmlMini.parse(xml)), disallowed_types) | |
| + end | |
| + | |
| + def from_trusted_xml(xml) | |
| + from_xml xml, [] | |
| end | |
| private | |
| - def typecast_xml_value(value) | |
| + def typecast_xml_value(value, disallowed_types = nil) | |
| + disallowed_types ||= DISALLOWED_XML_TYPES | |
| + | |
| case value.class.to_s | |
| when 'Hash' | |
| + if value.include?('type') && !value['type'].is_a?(Hash) && disallowed_types.include?(value['type']) | |
| + raise DisallowedType, value['type'] | |
| + end | |
| + | |
| if value['type'] == 'array' | |
| child_key, entries = value.detect { |k,v| k != 'type' } # child_key is throwaway | |
| if entries.nil? || (c = value['__content__'] && c.blank?) | |
| @@ -175,9 +192,9 @@ | |
| else | |
| case entries.class.to_s # something weird with classes not matching here. maybe singleton methods breaking is_a? | |
| when "Array" | |
| - entries.collect { |v| typecast_xml_value(v) } | |
| + entries.collect { |v| typecast_xml_value(v, disallowed_types) } | |
| when "Hash" | |
| - [typecast_xml_value(entries)] | |
| + [typecast_xml_value(entries, disallowed_types)] | |
| else | |
| raise "can't typecast #{entries.inspect}" | |
| end | |
| @@ -205,7 +222,7 @@ | |
| nil | |
| else | |
| xml_value = value.inject({}) do |h,(k,v)| | |
| - h[k] = typecast_xml_value(v) | |
| + h[k] = typecast_xml_value(v, disallowed_types) | |
| h | |
| end | |
| @@ -214,7 +231,7 @@ | |
| xml_value["file"].is_a?(StringIO) ? xml_value["file"] : xml_value | |
| end | |
| when 'Array' | |
| - value.map! { |i| typecast_xml_value(i) } | |
| + value.map! { |i| typecast_xml_value(i, disallowed_types) } | |
| case value.length | |
| when 0 then nil | |
| when 1 then value.first | |
| Only in b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/backends: okjson.rb | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/backends/yaml.rb b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/backends/yaml.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/backends/yaml.rb 2013-01-26 14:46:13.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/backends/yaml.rb 2013-01-31 20:13:12.000000000 -0700 | |
| @@ -7,79 +7,12 @@ | |
| ParseError = ::StandardError | |
| extend self | |
| - # Converts a JSON string into a Ruby object. | |
| def decode(json) | |
| - YAML.load(convert_json_to_yaml(json)) | |
| - rescue ArgumentError => e | |
| - raise ParseError, "Invalid JSON string" | |
| + raise "The Yaml backend has been deprecated due to security risks, you should set ActiveSupport::JSON.backend = 'OkJson'" | |
| end | |
| protected | |
| - # Ensure that ":" and "," are always followed by a space | |
| - def convert_json_to_yaml(json) #:nodoc: | |
| - require 'strscan' unless defined? ::StringScanner | |
| - scanner, quoting, marks, pos, times = ::StringScanner.new(json), false, [], nil, [] | |
| - while scanner.scan_until(/(\\['"]|['":,\\]|\\.)/) | |
| - case char = scanner[1] | |
| - when '"', "'" | |
| - if !quoting | |
| - quoting = char | |
| - pos = scanner.pos | |
| - elsif quoting == char | |
| - if json[pos..scanner.pos-2] =~ DATE_REGEX | |
| - # found a date, track the exact positions of the quotes so we can | |
| - # overwrite them with spaces later. | |
| - times << pos << scanner.pos | |
| - end | |
| - quoting = false | |
| - end | |
| - when ":","," | |
| - marks << scanner.pos - 1 unless quoting | |
| - when "\\" | |
| - scanner.skip(/\\/) | |
| - end | |
| - end | |
| - | |
| - if marks.empty? | |
| - json.gsub(/\\([\\\/]|u[[:xdigit:]]{4})/) do | |
| - ustr = $1 | |
| - if ustr.start_with?('u') | |
| - [ustr[1..-1].to_i(16)].pack("U") | |
| - elsif ustr == '\\' | |
| - '\\\\' | |
| - else | |
| - ustr | |
| - end | |
| - end | |
| - else | |
| - left_pos = [-1].push(*marks) | |
| - right_pos = marks << scanner.pos + scanner.rest_size | |
| - output = [] | |
| - left_pos.each_with_index do |left, i| | |
| - scanner.pos = left.succ | |
| - chunk = scanner.peek(right_pos[i] - scanner.pos + 1) | |
| - # overwrite the quotes found around the dates with spaces | |
| - while times.size > 0 && times[0] <= right_pos[i] | |
| - chunk[times.shift - scanner.pos - 1] = ' ' | |
| - end | |
| - chunk.gsub!(/\\([\\\/]|u[[:xdigit:]]{4})/) do | |
| - ustr = $1 | |
| - if ustr.start_with?('u') | |
| - [ustr[1..-1].to_i(16)].pack("U") | |
| - elsif ustr == '\\' | |
| - '\\\\' | |
| - else | |
| - ustr | |
| - end | |
| - end | |
| - output << chunk | |
| - end | |
| - output = output * " " | |
| - | |
| - output.gsub!(/\\\//, '/') | |
| - output | |
| - end | |
| - end | |
| + | |
| end | |
| end | |
| end | |
| diff -ru a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/decoding.rb b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/decoding.rb | |
| --- a/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/decoding.rb 2013-01-26 14:46:13.000000000 -0700 | |
| +++ b/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/vendor/rails/activesupport/lib/active_support/json/decoding.rb 2013-01-31 20:13:12.000000000 -0700 | |
| @@ -6,7 +6,7 @@ | |
| module JSON | |
| # Listed in order of preference. | |
| - DECODERS = %w(Yajl Yaml) | |
| + DECODERS = %w(Yajl OkJson) | |
| class << self | |
| attr_reader :parse_error |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment