Permalink
Browse files

Merge pull request #484 from slainer68/master

Puts ActiveRecord::SessionStore attributes in white list, fixes #483
  • Loading branch information...
josevalim committed May 10, 2011
2 parents 8c05293 + 95b4989 commit fa8b0f44bd7e0004de1b85f3eb35ad5c8e477c52
@@ -83,6 +83,8 @@ class Session < ActiveRecord::Base
cattr_accessor :data_column_name
self.data_column_name = 'data'
+ attr_accessible :session_id, :data, :marshaled_data
+
before_save :marshal_data!
before_save :raise_on_session_data_overflow!
@@ -21,6 +21,12 @@ def test_table_name
assert_equal 'sessions', Session.table_name
end
+ def test_accessible_attributes
+ assert Session.accessible_attributes.include?(:session_id)
+ assert Session.accessible_attributes.include?(:data)
+ assert Session.accessible_attributes.include?(:marshaled_data)
+ end
+
def test_create_table!
assert !Session.table_exists?
Session.create_table!

0 comments on commit fa8b0f4

Please sign in to comment.