In redis cache store, options to `fetch_multi` are passed correctly to
`write_multi` but not to `read_multi`. This causes cache always to be missed
when passing `namespace` option to it.
- Disables Dalli compression in MemCacheStore.
- Fixes issue where redundant compression in Dalli can cause values to
either be compressed twice, or compressed when they fall below the
specified compression threshold.
- Fixes issue where reads with raw: true using redis or memcached cache
store, will compress values on reads.
- Should speed up raw cache reads by preventing unnecessary cpu intensive
operation.
### Summary
This PR fixes `NoMethodError` for `ActiveSupport::Cache::FileStore.cleanup` when using [Sprockets](https://github.com/rails/sprockets).
`FileStore.cleanup` assumes entry object is a `Cache::Entry`.
An entry obejct is returned from `FileStore.read_entry` method.
If `FileStore.read_entry` returns object that cannot respond to `expired?` method, `FileStore.cleanup` will fail.
Sprockets generates cache file in tmp/cache/assets.
If `FileStore.read_entry` gets these Sprocket's cache file, this method creates entry object which cannot respond to `expired?` method.
In my project, this error occured and failed to execute `ActiveSupport::Cache::FileStore.cleanup`.
This PR adds a `is_a?` checking to entry object in `read_entry` method.
Follow up to c07dff72278fb7f2a3c4c71212a0773a2b25c790.
Actually it is not the cop's fault, but we mistakenly use `^`, `$`, and
`\Z` in much places, the cop doesn't correct those conservatively.
I've checked all those usage and replaced all safe ones.
This is most easiest done by switching to before_setup, which fits since
we're also testing the ordering of the reset calls provided by the
TestHelper.
Currently there's a problem with ActiveSupport::CurrentAttributes where
they don't reset unless there's a controller or a job executing.
This is because we correctly hook into the controller/job executor to
reset them.
However, we were missing plain tests, so this is that.
cd31e113c0663dabcdc293d9e7dc3b6e1392db5d switched to passing options as
keyword arguments, which always creates a new hash.
9e4ff29f748b05c3a949f0d75167950039b6cda8 removed a now-unnecessary call
to `dup`, since the options could no longer be accidentally mutated.
a55620f3fa89d957817349e5170f686d505eeee4 switched back to passing
options as a positional argument for Ruby < 2.7, but didn't restore the
call to `dup`, which meant that the same options hash was now passed
with every method call and mutations leaked from one call to another.
* master-sec:
Check that request is same-origin prior to including CSRF token in XHRs
HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
activesupport: Avoid Marshal.load on raw cache value in RedisCacheStore
activesupport: Avoid Marshal.load on raw cache value in MemCacheStore
Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Include Content-Length in signature for ActiveStorage direct upload
Empty backtraces means you didn't run any code, which isn't the case,
and goes against the contract that Minitest.backtrace_cleaner expects.
This fixes a bug I've seen in a number of reports.
It would be nice if this got backported to whatever versions are
active, as this keeps coming back on minitest issues.
The same value for the `raw` option should be provided for both reading and
writing to avoid Marshal.load being called on untrusted data.
[CVE-2020-8165]
Dalli is already being used for marshalling, so we should also rely
on it for unmarshalling. Since Dalli tags the cache value as marshalled
it can avoid unmarshalling a raw string which might have come from
an untrusted source.
[CVE-2020-8165]
Issue #39291
In https://github.com/rails/rails/pull/38893 parallel test worker ids
were changed to `SecureRandom.uuid` to keep track of inflight work
across distributed instances, but negelected to change the worker
callbacks to match. This caused a new set of unique test databases are
created with every test run.
This commit makes the appropriate change to worker callbacks so only one
set of of parallel test databases are created.
On constant missing Ruby call `#inspect` on the receiver to build
the error message.
For instance, the error message for `Foo::Bar` will be `"#{Foo.inspect}::Bar"`.
And since Active Record override the model classes inspect method, this
breaks `missing_name` assumptions.
Until now it worked because missing_name was only called on errors
raised by the classic autoloader, and the classic autoloader calls
`#name` to build its error message.
Follow-up to #39147 and #39168.
By adding a new purpose-specific format, we avoid potential pitfalls
from concatenating format strings. We also save a String allocation per
Time attribute per inspect.
The new format also includes a time zone offset for more introspective
inspection.
