Skip to content
Browse files

Puts ActiveRecord::SessionStore attributes in white list, fixes #483

  • Loading branch information...
1 parent 8c05293 commit 95b49895593124d9be37ccfbee0f06229e7f4a5b @nicolasblanco nicolasblanco committed May 10, 2011
View
2 activerecord/lib/active_record/session_store.rb
@@ -83,6 +83,8 @@ class Session < ActiveRecord::Base
cattr_accessor :data_column_name
self.data_column_name = 'data'
+ attr_accessible :session_id, :data, :marshaled_data
+
before_save :marshal_data!
before_save :raise_on_session_data_overflow!
View
6 activerecord/test/cases/session_store/session_test.rb
@@ -21,6 +21,12 @@ def test_table_name
assert_equal 'sessions', Session.table_name
end
+ def test_accessible_attributes
+ assert Session.accessible_attributes.include?(:session_id)
+ assert Session.accessible_attributes.include?(:data)
+ assert Session.accessible_attributes.include?(:marshaled_data)
+ end
+
def test_create_table!
assert !Session.table_exists?
Session.create_table!

0 comments on commit 95b4989

Please sign in to comment.
Something went wrong with that request. Please try again.