Browse files

Don't create instance writer methods for class attributes. Closes #7401

… [Rick]

git-svn-id: 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent 5e85a1c commit 1a11bffde107bf5b2daa997a61133cc8a76445e0 @technoweenie technoweenie committed Jan 28, 2007
@@ -1,5 +1,7 @@
+* Don't create instance writer methods for class attributes. Closes #7401 [Rick]
* Docs: validations examples. #7343 [zackchandler]
* Add missing tests ensuring callbacks work with class inheritance. Closes #7339 [sandofsky]
@@ -265,7 +265,7 @@ def initialize(errors)
class Base
# Accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed
# on to any new database connections made and which can be retrieved on both a class and instance level by calling +logger+.
- cattr_accessor :logger
+ cattr_accessor :logger, :instance_writer => false
include Reloadable::Deprecated
@@ -291,54 +291,54 @@ def self.reset_subclasses #:nodoc:
@@subclasses = {}
- cattr_accessor :configurations
+ cattr_accessor :configurations, :instance_writer => false
@@configurations = {}
# Accessor for the prefix type that will be prepended to every primary key column name. The options are :table_name and
# :table_name_with_underscore. If the first is specified, the Product class will look for "productid" instead of "id" as
# the primary column. If the latter is specified, the Product class will look for "product_id" instead of "id". Remember
# that this is a global setting for all Active Records.
- cattr_accessor :primary_key_prefix_type
+ cattr_accessor :primary_key_prefix_type, :instance_writer => false
@@primary_key_prefix_type = nil
# Accessor for the name of the prefix string to prepend to every table name. So if set to "basecamp_", all
# table names will be named like "basecamp_projects", "basecamp_people", etc. This is a convenient way of creating a namespace
# for tables in a shared database. By default, the prefix is the empty string.
- cattr_accessor :table_name_prefix
+ cattr_accessor :table_name_prefix, :instance_writer => false
@@table_name_prefix = ""
# Works like +table_name_prefix+, but appends instead of prepends (set to "_basecamp" gives "projects_basecamp",
# "people_basecamp"). By default, the suffix is the empty string.
- cattr_accessor :table_name_suffix
+ cattr_accessor :table_name_suffix, :instance_writer => false
@@table_name_suffix = ""
# Indicates whether or not table names should be the pluralized versions of the corresponding class names.
# If true, the default table name for a +Product+ class will be +products+. If false, it would just be +product+.
# See table_name for the full rules on table/class naming. This is true, by default.
- cattr_accessor :pluralize_table_names
+ cattr_accessor :pluralize_table_names, :instance_writer => false
@@pluralize_table_names = true
# Determines whether or not to use ANSI codes to colorize the logging statements committed by the connection adapter. These colors
# make it much easier to overview things during debugging (when used through a reader like +tail+ and on a black background), but
# may complicate matters if you use software like syslog. This is true, by default.
- cattr_accessor :colorize_logging
+ cattr_accessor :colorize_logging, :instance_writer => false
@@colorize_logging = true
# Determines whether to use Time.local (using :local) or Time.utc (using :utc) when pulling dates and times from the database.
# This is set to :local by default.
- cattr_accessor :default_timezone
+ cattr_accessor :default_timezone, :instance_writer => false
@@default_timezone = :local
# Determines whether or not to use a connection for each thread, or a single shared connection for all threads.
# Defaults to false. Set to true if you're writing a threaded application.
- cattr_accessor :allow_concurrency
+ cattr_accessor :allow_concurrency, :instance_writer => false
@@allow_concurrency = false
# Determines whether to speed up access by generating optimized reader
# methods to avoid expensive calls to method_missing when accessing
# attributes by name. You might want to set this to false in development
# mode, because the methods would be regenerated on each request.
- cattr_accessor :generate_read_methods
+ cattr_accessor :generate_read_methods, :instance_writer => false
@@generate_read_methods = true
# Specifies the format to use when dumping the database schema with Rails'
@@ -347,7 +347,7 @@ def self.reset_subclasses #:nodoc:
# ActiveRecord::Schema file which can be loaded into any database that
# supports migrations. Use :ruby if you want to have different database
# adapters for, e.g., your development and test environments.
- cattr_accessor :schema_format
+ cattr_accessor :schema_format , :instance_writer => false
@@schema_format = :ruby
class << self # Class methods
@@ -11,7 +11,7 @@ def initialize (config, adapter_method)
# Check for activity after at least +verification_timeout+ seconds.
# Defaults to 0 (always check.)
- cattr_accessor :verification_timeout
+ cattr_accessor :verification_timeout, :instance_writer => false
@@verification_timeout = 0
# The class -> [adapter_method, config] map
@@ -26,7 +26,7 @@ def self.included(base) #:nodoc:
base.extend ClassMethods
- base.cattr_accessor :lock_optimistically
+ base.cattr_accessor :lock_optimistically, :instance_writer => false
base.lock_optimistically = true
base.alias_method_chain :update, :lock
@@ -23,7 +23,7 @@ def self.included(base) #:nodoc:
base.alias_method_chain :create, :timestamps
base.alias_method_chain :update, :timestamps
- base.cattr_accessor :record_timestamps
+ base.cattr_accessor :record_timestamps, :instance_writer => false
base.record_timestamps = true
@@ -748,6 +748,16 @@ def test_mass_assignment_protection
firm.attributes = { "name" => "Next Angle", "rating" => 5 }
assert_equal 1, firm.rating
+ def test_mass_assignment_protection_against_class_attribute_writers
+ [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names, :colorize_logging,
+ :default_timezone, :allow_concurrency, :generate_read_methods, :schema_format, :verification_timeout, :lock_optimistically, :record_timestamps].each do |method|
+ assert Task.respond_to?(method)
+ assert Task.respond_to?("#{method}=")
+ assert
+ assert !"#{method}=")
+ end
+ end
def test_customized_primary_key_remains_protected
subscriber = => 'webster123', :name => 'nice try')

0 comments on commit 1a11bff

Please sign in to comment.