From 46f1ddbff9c0c8468a5ab72e749c35d62a4a141f Mon Sep 17 00:00:00 2001
From: rick <technoweenie@gmail.com>
Date: Wed, 2 Jan 2013 15:02:25 -0700
Subject: [PATCH] backport dynamic finder fix (CVE-2012-5664)

---
 activerecord/lib/active_record/base.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index d8a4daf05fdbd..0179b005e5de8 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -1897,7 +1897,11 @@ def method_missing(method_id, *arguments, &block)
               # end
               self.class_eval <<-EOS, __FILE__, __LINE__ + 1
                 def self.#{method_id}(*args)
-                  options = args.extract_options!
+                  options = if args.length > #{attribute_names.size}
+                              args.extract_options!
+                            else
+                              {}
+                            end
                   attributes = construct_attributes_from_arguments(
                     [:#{attribute_names.join(',:')}],
                     args