I've got an old Rails project with frozen Rails 2.1. I need to apply the patch from here http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails/
Using git-am doesn't work, I'm guessing because its expecting the git repo to have the rails folders in the root, which it doesn't. So how do I apply this patch?
Stinks they've got it in some git format, instead of a normal patch.
A few ideas:
1) the instructions on that site say to use git-apply not git-am (so maybe git-apply would work?)
2) you might be able to turn it into a normal patch by just deleting the lines at the top, so what's left is a normal patch. i.e. so the file stars with:
--- a/activesupport/lib/active_support/multibyte.rb
+++ b/activesupport/lib/active_support/multibyte.rb
3) If that doesn't work, you could clone the git repo/revision/branch the patch was meant for, and apply it to that, then use git-diff to get a normal patch, which you could then apply to your site (with the "patch" command, not git)
Ok, next step was to try
$ cd vendor/rails
$ git apply <name-of-patch>
No luck with that (nothing happens). Then tried
$ cd vendor/rails
$ patch -p1 < <name-of-patch>
which worked successfully.