activerecord_csi 2.3.5.p7 → 2.3.5.p8
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/active_record/attribute_methods.rb +17 -2
- data/lib/active_record/base.rb +3 -3
- data/test/cases/base_test.rb +6 -0
- metadata +11 -11
@@ -80,7 +80,9 @@ module ActiveRecord
|
|
80
80
|
end
|
81
81
|
|
82
82
|
unless instance_method_already_implemented?("#{name}=")
|
83
|
-
if
|
83
|
+
if self.serialized_attributes[name]
|
84
|
+
define_write_method_for_serialized_attribute(name)
|
85
|
+
elsif create_time_zone_conversion_attribute?(name, column)
|
84
86
|
define_write_method_for_time_zone_conversion(name)
|
85
87
|
else
|
86
88
|
define_write_method(name.to_sym)
|
@@ -130,7 +132,7 @@ module ActiveRecord
|
|
130
132
|
# Suffixes a, ?, c become regexp /(a|\?|c)$/
|
131
133
|
def rebuild_attribute_method_regexp
|
132
134
|
suffixes = attribute_method_suffixes.map { |s| Regexp.escape(s) }
|
133
|
-
@@attribute_method_regexp = /(#{suffixes.join('|')})
|
135
|
+
@@attribute_method_regexp = /(#{suffixes.join('|')})\z/.freeze
|
134
136
|
end
|
135
137
|
|
136
138
|
# Default to =, ?, _before_type_cast
|
@@ -184,6 +186,19 @@ module ActiveRecord
|
|
184
186
|
def define_write_method(attr_name)
|
185
187
|
evaluate_attribute_method attr_name, "def #{attr_name}=(new_value);write_attribute('#{attr_name}', new_value);end", "#{attr_name}="
|
186
188
|
end
|
189
|
+
|
190
|
+
# Defined for all serialized attributes. Disallows assigning already serialized YAML.
|
191
|
+
def define_write_method_for_serialized_attribute(attr_name)
|
192
|
+
method_body = <<-EOV
|
193
|
+
def #{attr_name}=(value)
|
194
|
+
if value.is_a?(String) and value =~ /^---/
|
195
|
+
raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
|
196
|
+
end
|
197
|
+
write_attribute(:#{attr_name}, value)
|
198
|
+
end
|
199
|
+
EOV
|
200
|
+
evaluate_attribute_method attr_name, method_body, "#{attr_name}="
|
201
|
+
end
|
187
202
|
|
188
203
|
# Defined for all +datetime+ and +timestamp+ attributes when +time_zone_aware_attributes+ are enabled.
|
189
204
|
# This enhanced write method will automatically convert the time passed to it to the zone stored in Time.zone.
|
data/lib/active_record/base.rb
CHANGED
@@ -2943,11 +2943,11 @@ module ActiveRecord #:nodoc:
|
|
2943
2943
|
def remove_attributes_protected_from_mass_assignment(attributes)
|
2944
2944
|
safe_attributes =
|
2945
2945
|
if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
|
2946
|
-
attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(
|
2946
|
+
attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
|
2947
2947
|
elsif self.class.protected_attributes.nil?
|
2948
|
-
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(
|
2948
|
+
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
|
2949
2949
|
elsif self.class.accessible_attributes.nil?
|
2950
|
-
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(
|
2950
|
+
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
|
2951
2951
|
else
|
2952
2952
|
raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both."
|
2953
2953
|
end
|
data/test/cases/base_test.rb
CHANGED
@@ -1499,6 +1499,12 @@ class BasicsTest < ActiveRecord::TestCase
|
|
1499
1499
|
assert_nil topic.content
|
1500
1500
|
end
|
1501
1501
|
|
1502
|
+
def test_should_raise_exception_on_assigning_already_serialized_content
|
1503
|
+
topic = Topic.new
|
1504
|
+
serialized_content = %w[foo bar].to_yaml
|
1505
|
+
assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content }
|
1506
|
+
end
|
1507
|
+
|
1502
1508
|
def test_should_raise_exception_on_serialized_attribute_with_type_mismatch
|
1503
1509
|
myobj = MyObject.new('value1', 'value2')
|
1504
1510
|
topic = Topic.new(:content => myobj)
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activerecord_csi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 1242149109
|
5
5
|
prerelease: 6
|
6
6
|
segments:
|
7
7
|
- 2
|
8
8
|
- 3
|
9
9
|
- 5
|
10
10
|
- p
|
11
|
-
-
|
12
|
-
version: 2.3.5.
|
11
|
+
- 8
|
12
|
+
version: 2.3.5.p8
|
13
13
|
platform: ruby
|
14
14
|
authors:
|
15
15
|
- David Heinemeier Hansson
|
@@ -17,27 +17,27 @@ autorequire: active_record
|
|
17
17
|
bindir: bin
|
18
18
|
cert_chain: []
|
19
19
|
|
20
|
-
date: 2013-
|
20
|
+
date: 2013-02-12 00:00:00 -04:00
|
21
21
|
default_executable:
|
22
22
|
dependencies:
|
23
23
|
- !ruby/object:Gem::Dependency
|
24
|
+
prerelease: false
|
24
25
|
name: activesupport_csi
|
25
|
-
|
26
|
+
type: :runtime
|
27
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
26
28
|
none: false
|
27
29
|
requirements:
|
28
30
|
- - "="
|
29
31
|
- !ruby/object:Gem::Version
|
30
|
-
hash:
|
32
|
+
hash: 1242149109
|
31
33
|
segments:
|
32
34
|
- 2
|
33
35
|
- 3
|
34
36
|
- 5
|
35
37
|
- p
|
36
|
-
-
|
37
|
-
version: 2.3.5.
|
38
|
-
|
39
|
-
type: :runtime
|
40
|
-
requirement: *id001
|
38
|
+
- 8
|
39
|
+
version: 2.3.5.p8
|
40
|
+
version_requirements: *id001
|
41
41
|
description: Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL.
|
42
42
|
email: david@loudthinking.com
|
43
43
|
executables: []
|