Permalink
Browse files

Merge branch '2-3-later' into 2-3-stable

* 2-3-later:
  adding test for CVE
  • Loading branch information...
2 parents 08d83a9 + f8a2ec2 commit 4d478857005f48eb156b771f1b67b7e10e98c3f6 @tenderlove tenderlove committed Apr 9, 2013
Showing with 12 additions and 0 deletions.
  1. +12 −0 activerecord/test/cases/base_test.rb
@@ -920,6 +920,18 @@ def test_mass_assignment_protection_against_class_attribute_writers
end
end
+ def test_firm_safe_assign
+ firm = Company.new
+
+ assert_raise(ActiveRecord::UnknownAttributeError) do
+ firm.attributes = { "rating=\n" => 5 }
+ end
+ assert_equal 1, firm.rating
+
+ firm.attributes = { "rating(1)\n" => 5 }
+ assert_equal 1, firm.rating
+ end
+
def test_customized_primary_key_remains_protected
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
assert_nil subscriber.id

0 comments on commit 4d47885

Please sign in to comment.