Permalink
Browse files

stop calling to_sym when building arel nodes [CVE-2013-1854]

  • Loading branch information...
1 parent dad3109 commit ef9f0537b003bc521b1a456a6f21bf98d034f86e @tenderlove tenderlove committed Mar 5, 2013
@@ -2307,7 +2307,7 @@ def aggregate_mapping(reflection)
def expand_hash_conditions_for_aggregates(attrs)
expanded_attrs = {}
attrs.each do |attr, value|
- unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
+ unless (aggregation = reflect_on_aggregation(attr)).nil?
mapping = aggregate_mapping(aggregation)
mapping.each do |field_attr, aggregate_attr|
if mapping.size == 1 && !value.respond_to?(aggregate_attr)
@@ -18,7 +18,7 @@ def create_reflection(macro, name, options, active_record)
when :composed_of
reflection = AggregateReflection.new(macro, name, options, active_record)
end
- write_inheritable_hash :reflections, name => reflection
+ write_inheritable_hiwa :reflections, name => reflection
reflection
end
@@ -109,6 +109,11 @@ def write_inheritable_hash(key, hash)
write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
end
+ def write_inheritable_hiwa(key, hash)
+ write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil?
+ write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
+ end
+
def read_inheritable_attribute(key)
inheritable_attributes[key]
end

2 comments on commit ef9f053

@alboyadjian

Shouldn't this be write_inheritable_hwia (hash with indifferent access) instead of write_inheritable_hiwa ?

@MacksMind
Contributor

I found an interesting side effect. I have some test code that expected Model.reflections.keys to be symbols, and now it uses strings. It wasn't hard to change my code, but I'm guessing I'm not the only one trying to be too clever.

Please sign in to comment.