backport dynamic finder fix (CVE-2012-5664)

activerecord/lib/active_record/base.rb

@@ -1897,7 +1897,11 @@ def method_missing(method_id, *arguments, &block)
               # end
               self.class_eval <<-EOS, __FILE__, __LINE__ + 1
                 def self.#{method_id}(*args)
-                  options = args.extract_options!
+                  options = if args.length > #{attribute_names.size}
+                              args.extract_options!
+                            else
+                              {}
+                            end
                   attributes = construct_attributes_from_arguments(
                     [:#{attribute_names.join(',:')}],
                     args