Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix for CVE-2013-0155

  • Loading branch information...
commit 7763f39a7f7e705bbd6b0a46f3dede48f3dae185 1 parent 28cfd79
@ernie ernie authored guilleiguaran committed
Showing with 2 additions and 0 deletions.
  1. +2 −0  activerecord/lib/active_record/base.rb
View
2  activerecord/lib/active_record/base.rb
@@ -2340,6 +2340,8 @@ def expand_hash_conditions_for_aggregates(attrs)
def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
attrs = expand_hash_conditions_for_aggregates(attrs)
+ return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty?
+
conditions = attrs.map do |attr, value|
table_name = default_table_name

2 comments on commit 7763f39

@mguterl

Anyone know when this fix is going to be pushed into an official gem release? @NZKoz

@carlosantoniodasilva

@mguterl please check the discussion going on in #8948.

Please sign in to comment.
Something went wrong with that request. Please try again.