Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't create instance writer methods for class attributes. [Rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/branches/1-2-stable@6109 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 6a04f3599ef1a32affa3d4c1b10c588d08c7445d 1 parent 58cb43c
@technoweenie technoweenie authored
View
2  activerecord/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Don't create instance writer methods for class attributes. [Rick]
+
* When dealing with SQLite3, use the table_info pragma helper, so that the bindings can do some translation for when sqlite3 breaks incompatibly between point releases. [Jamis Buck]
* SQLServer: don't choke on strings containing 'null'. #7083 [Jakob S]
View
22 activerecord/lib/active_record/base.rb
@@ -262,7 +262,7 @@ def initialize(errors)
class Base
# Accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed
# on to any new database connections made and which can be retrieved on both a class and instance level by calling +logger+.
- cattr_accessor :logger
+ cattr_accessor :logger, :instance_writer => false
include Reloadable::Deprecated
@@ -288,54 +288,54 @@ def self.reset_subclasses #:nodoc:
@@subclasses = {}
- cattr_accessor :configurations
+ cattr_accessor :configurations, :instance_writer => false
@@configurations = {}
# Accessor for the prefix type that will be prepended to every primary key column name. The options are :table_name and
# :table_name_with_underscore. If the first is specified, the Product class will look for "productid" instead of "id" as
# the primary column. If the latter is specified, the Product class will look for "product_id" instead of "id". Remember
# that this is a global setting for all Active Records.
- cattr_accessor :primary_key_prefix_type
+ cattr_accessor :primary_key_prefix_type, :instance_writer => false
@@primary_key_prefix_type = nil
# Accessor for the name of the prefix string to prepend to every table name. So if set to "basecamp_", all
# table names will be named like "basecamp_projects", "basecamp_people", etc. This is a convenient way of creating a namespace
# for tables in a shared database. By default, the prefix is the empty string.
- cattr_accessor :table_name_prefix
+ cattr_accessor :table_name_prefix, :instance_writer => false
@@table_name_prefix = ""
# Works like +table_name_prefix+, but appends instead of prepends (set to "_basecamp" gives "projects_basecamp",
# "people_basecamp"). By default, the suffix is the empty string.
- cattr_accessor :table_name_suffix
+ cattr_accessor :table_name_suffix, :instance_writer => false
@@table_name_suffix = ""
# Indicates whether or not table names should be the pluralized versions of the corresponding class names.
# If true, the default table name for a +Product+ class will be +products+. If false, it would just be +product+.
# See table_name for the full rules on table/class naming. This is true, by default.
- cattr_accessor :pluralize_table_names
+ cattr_accessor :pluralize_table_names, :instance_writer => false
@@pluralize_table_names = true
# Determines whether or not to use ANSI codes to colorize the logging statements committed by the connection adapter. These colors
# make it much easier to overview things during debugging (when used through a reader like +tail+ and on a black background), but
# may complicate matters if you use software like syslog. This is true, by default.
- cattr_accessor :colorize_logging
+ cattr_accessor :colorize_logging, :instance_writer => false
@@colorize_logging = true
# Determines whether to use Time.local (using :local) or Time.utc (using :utc) when pulling dates and times from the database.
# This is set to :local by default.
- cattr_accessor :default_timezone
+ cattr_accessor :default_timezone, :instance_writer => false
@@default_timezone = :local
# Determines whether or not to use a connection for each thread, or a single shared connection for all threads.
# Defaults to false. Set to true if you're writing a threaded application.
- cattr_accessor :allow_concurrency
+ cattr_accessor :allow_concurrency, :instance_writer => false
@@allow_concurrency = false
# Determines whether to speed up access by generating optimized reader
# methods to avoid expensive calls to method_missing when accessing
# attributes by name. You might want to set this to false in development
# mode, because the methods would be regenerated on each request.
- cattr_accessor :generate_read_methods
+ cattr_accessor :generate_read_methods, :instance_writer => false
@@generate_read_methods = true
# Specifies the format to use when dumping the database schema with Rails'
@@ -344,7 +344,7 @@ def self.reset_subclasses #:nodoc:
# ActiveRecord::Schema file which can be loaded into any database that
# supports migrations. Use :ruby if you want to have different database
# adapters for, e.g., your development and test environments.
- cattr_accessor :schema_format
+ cattr_accessor :schema_format , :instance_writer => false
@@schema_format = :ruby
class << self # Class methods
View
2  activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb
@@ -11,7 +11,7 @@ def initialize (config, adapter_method)
# Check for activity after at least +verification_timeout+ seconds.
# Defaults to 0 (always check.)
- cattr_accessor :verification_timeout
+ cattr_accessor :verification_timeout, :instance_writer => false
@@verification_timeout = 0
# The class -> [adapter_method, config] map
View
2  activerecord/lib/active_record/locking/optimistic.rb
@@ -26,7 +26,7 @@ def self.included(base) #:nodoc:
super
base.extend ClassMethods
- base.cattr_accessor :lock_optimistically
+ base.cattr_accessor :lock_optimistically, :instance_writer => false
base.lock_optimistically = true
base.alias_method_chain :update, :lock
View
2  activerecord/lib/active_record/timestamp.rb
@@ -23,7 +23,7 @@ def self.included(base) #:nodoc:
base.alias_method_chain :create, :timestamps
base.alias_method_chain :update, :timestamps
- base.cattr_accessor :record_timestamps
+ base.cattr_accessor :record_timestamps, :instance_writer => false
base.record_timestamps = true
end
View
10 activerecord/test/base_test.rb
@@ -708,6 +708,16 @@ def test_mass_assignment_protection
firm.attributes = { "name" => "Next Angle", "rating" => 5 }
assert_equal 1, firm.rating
end
+
+ def test_mass_assignment_protection_against_class_attribute_writers
+ [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names, :colorize_logging,
+ :default_timezone, :allow_concurrency, :generate_read_methods, :schema_format, :verification_timeout, :lock_optimistically, :record_timestamps].each do |method|
+ assert Task.respond_to?(method)
+ assert Task.respond_to?("#{method}=")
+ assert Task.new.respond_to?(method)
+ assert !Task.new.respond_to?("#{method}=")
+ end
+ end
def test_customized_primary_key_remains_protected
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
Please sign in to comment.
Something went wrong with that request. Please try again.