Permalink
Browse files

backport dynamic finder fix (CVE-2012-5664)

  • Loading branch information...
1 parent b18f5c9 commit 46f1ddbff9c0c8468a5ab72e749c35d62a4a141f @technoweenie technoweenie committed Jan 2, 2013
Showing with 5 additions and 1 deletion.
  1. +5 −1 activerecord/lib/active_record/base.rb
@@ -1897,7 +1897,11 @@ def method_missing(method_id, *arguments, &block)
# end
self.class_eval <<-EOS, __FILE__, __LINE__ + 1
def self.#{method_id}(*args)
- options = args.extract_options!
+ options = if args.length > #{attribute_names.size}
+ args.extract_options!
+ else
+ {}
+ end
attributes = construct_attributes_from_arguments(
[:#{attribute_names.join(',:')}],
args

0 comments on commit 46f1ddb

Please sign in to comment.