Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix for CVE-2013-0155

  • Loading branch information...
commit c88bf6d5939ed40e780c1f65db65a69f21cc24c0 1 parent 709af05
@ernie ernie authored cjohansen committed
Showing with 2 additions and 0 deletions.
  1. +2 −0  activerecord/lib/active_record/base.rb
View
2  activerecord/lib/active_record/base.rb
@@ -2340,6 +2340,8 @@ def expand_hash_conditions_for_aggregates(attrs)
def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
attrs = expand_hash_conditions_for_aggregates(attrs)
+ return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty?
+
conditions = attrs.map do |attr, value|
table_name = default_table_name
Please sign in to comment.
Something went wrong with that request. Please try again.