Permalink
Browse files

Fix for CVE-2013-0155

  • Loading branch information...
1 parent 709af05 commit c88bf6d5939ed40e780c1f65db65a69f21cc24c0 @ernie ernie committed with cjohansen Jan 8, 2013
Showing with 2 additions and 0 deletions.
  1. +2 −0 activerecord/lib/active_record/base.rb
View
2 activerecord/lib/active_record/base.rb
@@ -2340,6 +2340,8 @@ def expand_hash_conditions_for_aggregates(attrs)
def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
attrs = expand_hash_conditions_for_aggregates(attrs)
+ return '1 = 2' if !top_level && attrs.is_a?(Hash) && attrs.empty?
+
conditions = attrs.map do |attr, value|
table_name = default_table_name

0 comments on commit c88bf6d

Please sign in to comment.