diff options
author | Rick Olson <technoweenie@gmail.com> | 2007-01-28 01:31:31 +0000 |
---|---|---|
committer | Rick Olson <technoweenie@gmail.com> | 2007-01-28 01:31:31 +0000 |
commit | 1a11bffde107bf5b2daa997a61133cc8a76445e0 (patch) | |
tree | 5f4571e9c4020654828df26174f23e11fcd8d934 | |
parent | 5e85a1c7f835249d276d6868a9520f803be46159 (diff) | |
download | rails-1a11bffde107bf5b2daa997a61133cc8a76445e0.tar.gz rails-1a11bffde107bf5b2daa997a61133cc8a76445e0.tar.bz2 rails-1a11bffde107bf5b2daa997a61133cc8a76445e0.zip |
Don't create instance writer methods for class attributes. Closes #7401 [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6051 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-rw-r--r-- | activerecord/CHANGELOG | 2 | ||||
-rwxr-xr-x | activerecord/lib/active_record/base.rb | 22 | ||||
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb | 2 | ||||
-rw-r--r-- | activerecord/lib/active_record/locking/optimistic.rb | 2 | ||||
-rw-r--r-- | activerecord/lib/active_record/timestamp.rb | 2 | ||||
-rwxr-xr-x | activerecord/test/base_test.rb | 10 |
6 files changed, 26 insertions, 14 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG index 8aa9ca213f..7eff9e9c93 100644 --- a/activerecord/CHANGELOG +++ b/activerecord/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Don't create instance writer methods for class attributes. Closes #7401 [Rick] + * Docs: validations examples. #7343 [zackchandler] * Add missing tests ensuring callbacks work with class inheritance. Closes #7339 [sandofsky] diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4686b583e8..0d8daecb69 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -265,7 +265,7 @@ module ActiveRecord #:nodoc: class Base # Accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed # on to any new database connections made and which can be retrieved on both a class and instance level by calling +logger+. - cattr_accessor :logger + cattr_accessor :logger, :instance_writer => false include Reloadable::Deprecated @@ -291,54 +291,54 @@ module ActiveRecord #:nodoc: @@subclasses = {} - cattr_accessor :configurations + cattr_accessor :configurations, :instance_writer => false @@configurations = {} # Accessor for the prefix type that will be prepended to every primary key column name. The options are :table_name and # :table_name_with_underscore. If the first is specified, the Product class will look for "productid" instead of "id" as # the primary column. If the latter is specified, the Product class will look for "product_id" instead of "id". Remember # that this is a global setting for all Active Records. - cattr_accessor :primary_key_prefix_type + cattr_accessor :primary_key_prefix_type, :instance_writer => false @@primary_key_prefix_type = nil # Accessor for the name of the prefix string to prepend to every table name. So if set to "basecamp_", all # table names will be named like "basecamp_projects", "basecamp_people", etc. This is a convenient way of creating a namespace # for tables in a shared database. By default, the prefix is the empty string. - cattr_accessor :table_name_prefix + cattr_accessor :table_name_prefix, :instance_writer => false @@table_name_prefix = "" # Works like +table_name_prefix+, but appends instead of prepends (set to "_basecamp" gives "projects_basecamp", # "people_basecamp"). By default, the suffix is the empty string. - cattr_accessor :table_name_suffix + cattr_accessor :table_name_suffix, :instance_writer => false @@table_name_suffix = "" # Indicates whether or not table names should be the pluralized versions of the corresponding class names. # If true, the default table name for a +Product+ class will be +products+. If false, it would just be +product+. # See table_name for the full rules on table/class naming. This is true, by default. - cattr_accessor :pluralize_table_names + cattr_accessor :pluralize_table_names, :instance_writer => false @@pluralize_table_names = true # Determines whether or not to use ANSI codes to colorize the logging statements committed by the connection adapter. These colors # make it much easier to overview things during debugging (when used through a reader like +tail+ and on a black background), but # may complicate matters if you use software like syslog. This is true, by default. - cattr_accessor :colorize_logging + cattr_accessor :colorize_logging, :instance_writer => false @@colorize_logging = true # Determines whether to use Time.local (using :local) or Time.utc (using :utc) when pulling dates and times from the database. # This is set to :local by default. - cattr_accessor :default_timezone + cattr_accessor :default_timezone, :instance_writer => false @@default_timezone = :local # Determines whether or not to use a connection for each thread, or a single shared connection for all threads. # Defaults to false. Set to true if you're writing a threaded application. - cattr_accessor :allow_concurrency + cattr_accessor :allow_concurrency, :instance_writer => false @@allow_concurrency = false # Determines whether to speed up access by generating optimized reader # methods to avoid expensive calls to method_missing when accessing # attributes by name. You might want to set this to false in development # mode, because the methods would be regenerated on each request. - cattr_accessor :generate_read_methods + cattr_accessor :generate_read_methods, :instance_writer => false @@generate_read_methods = true # Specifies the format to use when dumping the database schema with Rails' @@ -347,7 +347,7 @@ module ActiveRecord #:nodoc: # ActiveRecord::Schema file which can be loaded into any database that # supports migrations. Use :ruby if you want to have different database # adapters for, e.g., your development and test environments. - cattr_accessor :schema_format + cattr_accessor :schema_format , :instance_writer => false @@schema_format = :ruby class << self # Class methods diff --git a/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb b/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb index fbdbea499b..1a76050872 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb @@ -11,7 +11,7 @@ module ActiveRecord # Check for activity after at least +verification_timeout+ seconds. # Defaults to 0 (always check.) - cattr_accessor :verification_timeout + cattr_accessor :verification_timeout, :instance_writer => false @@verification_timeout = 0 # The class -> [adapter_method, config] map diff --git a/activerecord/lib/active_record/locking/optimistic.rb b/activerecord/lib/active_record/locking/optimistic.rb index e9e8a44273..02cf565017 100644 --- a/activerecord/lib/active_record/locking/optimistic.rb +++ b/activerecord/lib/active_record/locking/optimistic.rb @@ -26,7 +26,7 @@ module ActiveRecord super base.extend ClassMethods - base.cattr_accessor :lock_optimistically + base.cattr_accessor :lock_optimistically, :instance_writer => false base.lock_optimistically = true base.alias_method_chain :update, :lock diff --git a/activerecord/lib/active_record/timestamp.rb b/activerecord/lib/active_record/timestamp.rb index e20882d867..9c7e798183 100644 --- a/activerecord/lib/active_record/timestamp.rb +++ b/activerecord/lib/active_record/timestamp.rb @@ -23,7 +23,7 @@ module ActiveRecord base.alias_method_chain :create, :timestamps base.alias_method_chain :update, :timestamps - base.cattr_accessor :record_timestamps + base.cattr_accessor :record_timestamps, :instance_writer => false base.record_timestamps = true end diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index e1dd5704db..95c758f805 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -748,6 +748,16 @@ class BasicsTest < Test::Unit::TestCase firm.attributes = { "name" => "Next Angle", "rating" => 5 } assert_equal 1, firm.rating end + + def test_mass_assignment_protection_against_class_attribute_writers + [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names, :colorize_logging, + :default_timezone, :allow_concurrency, :generate_read_methods, :schema_format, :verification_timeout, :lock_optimistically, :record_timestamps].each do |method| + assert Task.respond_to?(method) + assert Task.respond_to?("#{method}=") + assert Task.new.respond_to?(method) + assert !Task.new.respond_to?("#{method}=") + end + end def test_customized_primary_key_remains_protected subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try') |