Permalink
Browse files

Block calls to #define_dynamic_writer with invalid method names

  • Loading branch information...
1 parent 1a8f0c9 commit 0c60ee49fa36584e02a4b3a85f35bc2daffa9152 @mzsanford committed Nov 27, 2012
Showing with 21 additions and 3 deletions.
  1. +4 −0 lib/mongoid/attributes.rb
  2. +5 −3 lib/mongoid/attributes/processing.rb
  3. +12 −0 lib/mongoid/extensions/string.rb
@@ -191,6 +191,8 @@ def write_attributes(attrs = nil, guard_protected_attributes = true)
#
# @since 3.0.0
def define_dynamic_reader(name)
+ return unless name.valid_method_name?
+
class_eval <<-READER
def #{name}
read_attribute(#{name.inspect})
@@ -209,6 +211,8 @@ def #{name}
#
# @since 3.0.0
def define_dynamic_writer(name)
+ return unless name.valid_method_name?
+
class_eval <<-WRITER
def #{name}=(value)
write_attribute(#{name.inspect}, value)
@@ -118,12 +118,14 @@ def pending_nested
#
# @since 2.0.0.rc.7
def process_attribute(name, value)
- responds = respond_to?("#{name}=")
- if Mongoid.allow_dynamic_fields && !responds
+ writer_method = "#{name}="
+ responds = respond_to?(writer_method)
+ if Mongoid.allow_dynamic_fields && (!responds ||
+ !writer_method.valid_method_name?)
write_attribute(name, value)
else
raise Errors::UnknownAttribute.new(self.class, name) unless responds
- send("#{name}=", value)
+ send(writer_method, value)
end
end
@@ -120,6 +120,18 @@ def writer?
include?("=")
end
+ # Is this string a valid_method_name?
+ #
+ # @example Is the string a valid Ruby idenfier for use as a method name
+ # "model=".valid_method_name?
+ #
+ # @return [ true, false ] If the string contains a valid Ruby identifier.
+ #
+ # @since 3.0.15
+ def valid_method_name?
+ /[@$"]/ !~ to_sym.inspect
+ end
+
# Is the object not to be converted to bson on criteria creation?
#
# @example Is the object unconvertable?

0 comments on commit 0c60ee4

Please sign in to comment.