-
Notifications
You must be signed in to change notification settings - Fork 21.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this CVE-2012-2661
- Loading branch information
1 parent
fe4dfdd
commit 71f7917
Showing
3 changed files
with
38 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
require "cases/helper" | ||
require 'models/post' | ||
|
||
module ActiveRecord | ||
class WhereTest < ActiveRecord::TestCase | ||
fixtures :posts | ||
|
||
def test_where_error | ||
assert_raises(ActiveRecord::StatementInvalid) do | ||
Post.where(:id => { 'posts.author_id' => 10 }).first | ||
end | ||
end | ||
|
||
def test_where_with_table_name | ||
post = Post.first | ||
assert_equal post, Post.where(:posts => { 'id' => post.id }).first | ||
end | ||
end | ||
end |