Permalink
Browse files

fix for Issue #2: internal Rails ActiveRecord::Base subclasses get lo…

…aded before the plugin and thus do not have xss_terminate_options set. Return early from sanitize_fields in this case

git-svn-id: http://xssterminate.googlecode.com/svn/trunk/xss_terminate@7 503a6658-bc44-0410-a8bd-599819d3de0a
  • Loading branch information...
1 parent 50ab117 commit 974c5bfa92ea689539c735e351b02f362cd0df82 look@recursion.org committed Jun 2, 2008
Showing with 19 additions and 1 deletion.
  1. +5 −1 lib/xss_terminate.rb
  2. +6 −0 test/schema.rb
  3. +8 −0 test/xss_terminate_test.rb
View
@@ -22,8 +22,12 @@ def xss_terminate(options = {})
end
module InstanceMethods
-
+
def sanitize_fields
+ # fix a bug with Rails internal AR::Base models that get loaded before
+ # the plugin, like CGI::Sessions::ActiveRecordStore::Session
+ return if xss_terminate_options.nil?
+
self.class.columns.each do |column|
next unless (column.type == :string || column.type == :text)
View
@@ -31,4 +31,10 @@
t.column :person_id, :integer
t.column :created_on, :datetime
end
+
+ create_table :sessions, :force => true do |t|
+ t.string :session_id, :null => false
+ t.text :data
+ t.timestamps
+ end
end
@@ -55,5 +55,13 @@ def test_nil_attributes_should_be_allowed_with_html5
assert_nil review.title
assert_nil review.body
end
+
+ # issue reported by Garrett Dimon and jmcnevin
+ def test_active_record_session_store_does_not_cause_nil_exception
+ assert_nil CGI::Session::ActiveRecordStore::Session.xss_terminate_options
+
+ session = CGI::Session::ActiveRecordStore::Session.new(:session_id => 'foo', :data => 'blah')
+ assert session.save
+ end
end

0 comments on commit 974c5bf

Please sign in to comment.