aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRick Olson <technoweenie@gmail.com>2007-01-28 01:31:31 +0000
committerRick Olson <technoweenie@gmail.com>2007-01-28 01:31:31 +0000
commit1a11bffde107bf5b2daa997a61133cc8a76445e0 (patch)
tree5f4571e9c4020654828df26174f23e11fcd8d934
parent5e85a1c7f835249d276d6868a9520f803be46159 (diff)
downloadrails-1a11bffde107bf5b2daa997a61133cc8a76445e0.tar.gz
rails-1a11bffde107bf5b2daa997a61133cc8a76445e0.tar.bz2
rails-1a11bffde107bf5b2daa997a61133cc8a76445e0.zip
Don't create instance writer methods for class attributes. Closes #7401 [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6051 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
-rw-r--r--activerecord/CHANGELOG2
-rwxr-xr-xactiverecord/lib/active_record/base.rb22
-rw-r--r--activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb2
-rw-r--r--activerecord/lib/active_record/locking/optimistic.rb2
-rw-r--r--activerecord/lib/active_record/timestamp.rb2
-rwxr-xr-xactiverecord/test/base_test.rb10
6 files changed, 26 insertions, 14 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG
index 8aa9ca213f..7eff9e9c93 100644
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Don't create instance writer methods for class attributes. Closes #7401 [Rick]
+
* Docs: validations examples. #7343 [zackchandler]
* Add missing tests ensuring callbacks work with class inheritance. Closes #7339 [sandofsky]
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 4686b583e8..0d8daecb69 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -265,7 +265,7 @@ module ActiveRecord #:nodoc:
class Base
# Accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed
# on to any new database connections made and which can be retrieved on both a class and instance level by calling +logger+.
- cattr_accessor :logger
+ cattr_accessor :logger, :instance_writer => false
include Reloadable::Deprecated
@@ -291,54 +291,54 @@ module ActiveRecord #:nodoc:
@@subclasses = {}
- cattr_accessor :configurations
+ cattr_accessor :configurations, :instance_writer => false
@@configurations = {}
# Accessor for the prefix type that will be prepended to every primary key column name. The options are :table_name and
# :table_name_with_underscore. If the first is specified, the Product class will look for "productid" instead of "id" as
# the primary column. If the latter is specified, the Product class will look for "product_id" instead of "id". Remember
# that this is a global setting for all Active Records.
- cattr_accessor :primary_key_prefix_type
+ cattr_accessor :primary_key_prefix_type, :instance_writer => false
@@primary_key_prefix_type = nil
# Accessor for the name of the prefix string to prepend to every table name. So if set to "basecamp_", all
# table names will be named like "basecamp_projects", "basecamp_people", etc. This is a convenient way of creating a namespace
# for tables in a shared database. By default, the prefix is the empty string.
- cattr_accessor :table_name_prefix
+ cattr_accessor :table_name_prefix, :instance_writer => false
@@table_name_prefix = ""
# Works like +table_name_prefix+, but appends instead of prepends (set to "_basecamp" gives "projects_basecamp",
# "people_basecamp"). By default, the suffix is the empty string.
- cattr_accessor :table_name_suffix
+ cattr_accessor :table_name_suffix, :instance_writer => false
@@table_name_suffix = ""
# Indicates whether or not table names should be the pluralized versions of the corresponding class names.
# If true, the default table name for a +Product+ class will be +products+. If false, it would just be +product+.
# See table_name for the full rules on table/class naming. This is true, by default.
- cattr_accessor :pluralize_table_names
+ cattr_accessor :pluralize_table_names, :instance_writer => false
@@pluralize_table_names = true
# Determines whether or not to use ANSI codes to colorize the logging statements committed by the connection adapter. These colors
# make it much easier to overview things during debugging (when used through a reader like +tail+ and on a black background), but
# may complicate matters if you use software like syslog. This is true, by default.
- cattr_accessor :colorize_logging
+ cattr_accessor :colorize_logging, :instance_writer => false
@@colorize_logging = true
# Determines whether to use Time.local (using :local) or Time.utc (using :utc) when pulling dates and times from the database.
# This is set to :local by default.
- cattr_accessor :default_timezone
+ cattr_accessor :default_timezone, :instance_writer => false
@@default_timezone = :local
# Determines whether or not to use a connection for each thread, or a single shared connection for all threads.
# Defaults to false. Set to true if you're writing a threaded application.
- cattr_accessor :allow_concurrency
+ cattr_accessor :allow_concurrency, :instance_writer => false
@@allow_concurrency = false
# Determines whether to speed up access by generating optimized reader
# methods to avoid expensive calls to method_missing when accessing
# attributes by name. You might want to set this to false in development
# mode, because the methods would be regenerated on each request.
- cattr_accessor :generate_read_methods
+ cattr_accessor :generate_read_methods, :instance_writer => false
@@generate_read_methods = true
# Specifies the format to use when dumping the database schema with Rails'
@@ -347,7 +347,7 @@ module ActiveRecord #:nodoc:
# ActiveRecord::Schema file which can be loaded into any database that
# supports migrations. Use :ruby if you want to have different database
# adapters for, e.g., your development and test environments.
- cattr_accessor :schema_format
+ cattr_accessor :schema_format , :instance_writer => false
@@schema_format = :ruby
class << self # Class methods
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb b/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb
index fbdbea499b..1a76050872 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/connection_specification.rb
@@ -11,7 +11,7 @@ module ActiveRecord
# Check for activity after at least +verification_timeout+ seconds.
# Defaults to 0 (always check.)
- cattr_accessor :verification_timeout
+ cattr_accessor :verification_timeout, :instance_writer => false
@@verification_timeout = 0
# The class -> [adapter_method, config] map
diff --git a/activerecord/lib/active_record/locking/optimistic.rb b/activerecord/lib/active_record/locking/optimistic.rb
index e9e8a44273..02cf565017 100644
--- a/activerecord/lib/active_record/locking/optimistic.rb
+++ b/activerecord/lib/active_record/locking/optimistic.rb
@@ -26,7 +26,7 @@ module ActiveRecord
super
base.extend ClassMethods
- base.cattr_accessor :lock_optimistically
+ base.cattr_accessor :lock_optimistically, :instance_writer => false
base.lock_optimistically = true
base.alias_method_chain :update, :lock
diff --git a/activerecord/lib/active_record/timestamp.rb b/activerecord/lib/active_record/timestamp.rb
index e20882d867..9c7e798183 100644
--- a/activerecord/lib/active_record/timestamp.rb
+++ b/activerecord/lib/active_record/timestamp.rb
@@ -23,7 +23,7 @@ module ActiveRecord
base.alias_method_chain :create, :timestamps
base.alias_method_chain :update, :timestamps
- base.cattr_accessor :record_timestamps
+ base.cattr_accessor :record_timestamps, :instance_writer => false
base.record_timestamps = true
end
diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb
index e1dd5704db..95c758f805 100755
--- a/activerecord/test/base_test.rb
+++ b/activerecord/test/base_test.rb
@@ -748,6 +748,16 @@ class BasicsTest < Test::Unit::TestCase
firm.attributes = { "name" => "Next Angle", "rating" => 5 }
assert_equal 1, firm.rating
end
+
+ def test_mass_assignment_protection_against_class_attribute_writers
+ [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names, :colorize_logging,
+ :default_timezone, :allow_concurrency, :generate_read_methods, :schema_format, :verification_timeout, :lock_optimistically, :record_timestamps].each do |method|
+ assert Task.respond_to?(method)
+ assert Task.respond_to?("#{method}=")
+ assert Task.new.respond_to?(method)
+ assert !Task.new.respond_to?("#{method}=")
+ end
+ end
def test_customized_primary_key_remains_protected
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')