Skip to content
This repository
Browse code

Merge branch '3-0-stable-sec' into 3-0-stable-rel

* 3-0-stable-sec:
  Array parameters should not contain nil values.
  Additional fix for CVE-2012-2661
  • Loading branch information...
commit b9e048c7fb28dd92ccfe02133d82386f99790776 2 parents 6c0c40b + 2f3bc04
Aaron Patterson authored June 11, 2012
6  actionpack/lib/action_dispatch/http/request.rb
@@ -262,17 +262,19 @@ def local?
262 262
 
263 263
     # Remove nils from the params hash
264 264
     def deep_munge(hash)
  265
+      keys = hash.keys.find_all { |k| hash[k] == [nil] }
  266
+      keys.each { |k| hash[k] = nil }
  267
+
265 268
       hash.each_value do |v|
266 269
         case v
267 270
         when Array
268 271
           v.grep(Hash) { |x| deep_munge(x) }
  272
+          v.compact!
269 273
         when Hash
270 274
           deep_munge(v)
271 275
         end
272 276
       end
273 277
 
274  
-      keys = hash.keys.find_all { |k| hash[k] == [nil] }
275  
-      keys.each { |k| hash[k] = nil }
276 278
       hash
277 279
     end
278 280
 
4  actionpack/test/dispatch/request/query_string_parsing_test.rb
@@ -89,6 +89,10 @@ def teardown
89 89
     assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]")
90 90
   end
91 91
 
  92
+  def test_array_parses_without_nil
  93
+    assert_parses({"action" => ['1']}, "action[]=1&action[]")
  94
+  end
  95
+
92 96
   test "query string with empty key" do
93 97
     assert_parses(
94 98
       { "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
6  activerecord/lib/active_record/relation/predicate_builder.rb
@@ -5,17 +5,17 @@ def initialize(engine)
5 5
       @engine = engine
6 6
     end
7 7
 
8  
-    def build_from_hash(attributes, default_table, check_column = true)
  8
+    def build_from_hash(attributes, default_table, allow_table_name = true)
9 9
       predicates = attributes.map do |column, value|
10 10
         table = default_table
11 11
 
12  
-        if value.is_a?(Hash)
  12
+        if allow_table_name && value.is_a?(Hash)
13 13
           table = Arel::Table.new(column, :engine => @engine)
14 14
           build_from_hash(value, table, false)
15 15
         else
16 16
           column = column.to_s
17 17
 
18  
-          if check_column && column.include?('.')
  18
+          if allow_table_name && column.include?('.')
19 19
             table_name, column = column.split('.', 2)
20 20
             table = Arel::Table.new(table_name, :engine => @engine)
21 21
           end
6  activerecord/test/cases/relation/where_test.rb
@@ -11,6 +11,12 @@ def test_where_error
11 11
       end
12 12
     end
13 13
 
  14
+    def test_where_error_with_hash
  15
+      assert_raises(ActiveRecord::StatementInvalid) do
  16
+        Post.where(:id => { :posts => {:author_id => 10} }).first
  17
+      end
  18
+    end
  19
+
14 20
     def test_where_with_table_name
15 21
       post = Post.first
16 22
       assert_equal post, Post.where(:posts => { 'id' => post.id }).first

0 notes on commit b9e048c

Please sign in to comment.
Something went wrong with that request. Please try again.