stop calling to_sym when building arel nodes [CVE-2013-1854]

rails · Mar 16, 2013 · ef9f053 · ef9f053 · alboyadjian · Mar 18, 2013
1 parent dad3109
commit ef9f053
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 2 deletions.
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
@@ -2307,7 +2307,7 @@ def aggregate_mapping(reflection)
         def expand_hash_conditions_for_aggregates(attrs)
           expanded_attrs = {}
           attrs.each do |attr, value|
-            unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
+            unless (aggregation = reflect_on_aggregation(attr)).nil?
               mapping = aggregate_mapping(aggregation)
               mapping.each do |field_attr, aggregate_attr|
                 if mapping.size == 1 && !value.respond_to?(aggregate_attr)

diff --git a/activerecord/lib/active_record/reflection.rb b/activerecord/lib/active_record/reflection.rb
@@ -18,7 +18,7 @@ def create_reflection(macro, name, options, active_record)
           when :composed_of
             reflection = AggregateReflection.new(macro, name, options, active_record)
         end
-        write_inheritable_hash :reflections, name => reflection
+        write_inheritable_hiwa :reflections, name => reflection
         reflection
       end
 

diff --git a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
@@ -109,6 +109,11 @@ def write_inheritable_hash(key, hash)
     write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
   end
 
+  def write_inheritable_hiwa(key, hash)
+    write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil?
+    write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
+  end
+
   def read_inheritable_attribute(key)
     inheritable_attributes[key]
   end