[pkgsrc/trunk]: pkgsrc/www/ruby-actionpack31 Update ruby-actionpack31 to 3.1.8.

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/84728a3020ec
branches:  trunk
changeset: 607463:84728a3020ec
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun Aug 12 10:34:38 2012 +0000

description:
Update ruby-actionpack31 to 3.1.8.

## Rails 3.1.8 (Aug 9, 2012)

* There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the
  helper doesn't correctly handle malformed html.  As a result an attacker can
  execute arbitrary javascript through the use of specially crafted malformed
  html.

  *Marek from Nethemba (www.nethemba.com) & Santiago Pastorino*

* When a "prompt" value is supplied to the `select_tag` helper, the
  "prompt" value is not escaped.
  If untrusted data is not escaped, and is supplied as the prompt value,
  there is a potential for XSS attacks.
  Vulnerable code will look something like this:
    select_tag("name", options, :prompt => UNTRUSTED_INPUT)

  *Santiago Pastorino*

diffstat:

 www/ruby-actionpack31/distinfo |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (13 lines):

diff -r d9c156fd880e -r 84728a3020ec www/ruby-actionpack31/distinfo
--- a/www/ruby-actionpack31/distinfo    Sun Aug 12 10:33:48 2012 +0000
+++ b/www/ruby-actionpack31/distinfo    Sun Aug 12 10:34:38 2012 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.6 2012/07/31 12:38:13 taca Exp $
+$NetBSD: distinfo,v 1.7 2012/08/12 10:34:38 taca Exp $
 
-SHA1 (actionpack-3.1.7.gem) = d6d7d99e6b4c30f80ca5a1d321f44aefeb5583cf
-RMD160 (actionpack-3.1.7.gem) = b49e3389c06c965c43aeb3a18893bcd44bd5797b
-Size (actionpack-3.1.7.gem) = 367616 bytes
+SHA1 (actionpack-3.1.8.gem) = 20d22f75b553e897808269ad308405570d2c874b
+RMD160 (actionpack-3.1.8.gem) = 9343ed89627b3a9dd6d4eca3d82a9d66fae09853
+Size (actionpack-3.1.8.gem) = 368128 bytes