diff options
author | Yves Senn <yves.senn@gmail.com> | 2013-11-05 17:29:52 +0100 |
---|---|---|
committer | Yves Senn <yves.senn@gmail.com> | 2013-11-05 17:44:08 +0100 |
commit | 44406d1e77061ce22effaae4698918c1f9f6271a (patch) | |
tree | 2b6864e46ed700719a81bf79c233bfa626a4fafd | |
parent | 6c720d18a2770299433fae82c1cab25d0bd4033e (diff) | |
download | rails-44406d1e77061ce22effaae4698918c1f9f6271a.tar.gz rails-44406d1e77061ce22effaae4698918c1f9f6271a.tar.bz2 rails-44406d1e77061ce22effaae4698918c1f9f6271a.zip |
store enum mapping using `Strings` instead of `Symbols`.
This allows to assign both `String` and `Symbol` values to the enum
without having to call `to_sym`, which is a security problem.
-rw-r--r-- | activerecord/lib/active_record/enum.rb | 3 | ||||
-rw-r--r-- | activerecord/test/cases/enum_test.rb | 9 |
2 files changed, 9 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/enum.rb b/activerecord/lib/active_record/enum.rb index 6bfdf75a2d..a70638f3df 100644 --- a/activerecord/lib/active_record/enum.rb +++ b/activerecord/lib/active_record/enum.rb @@ -43,6 +43,7 @@ module ActiveRecord _enum_methods_module.module_eval do # def direction=(value) self[:direction] = DIRECTION[value] end define_method("#{name}=") { |value| + value = value.to_s unless enum_values.has_key?(value) raise ArgumentError, "'#{value}' is not a valid #{name}" end @@ -54,7 +55,7 @@ module ActiveRecord pairs = values.respond_to?(:each_pair) ? values.each_pair : values.each_with_index pairs.each do |value, i| - enum_values[value] = i + enum_values[value.to_s] = i # scope :incoming, -> { where direction: 0 } klass.scope value, -> { klass.where name => i } diff --git a/activerecord/test/cases/enum_test.rb b/activerecord/test/cases/enum_test.rb index 087db4c32c..54cc60913a 100644 --- a/activerecord/test/cases/enum_test.rb +++ b/activerecord/test/cases/enum_test.rb @@ -17,8 +17,8 @@ class EnumTest < ActiveRecord::TestCase end test "query state with symbol" do - assert_equal :proposed, @book.status - assert_equal :unread, @book.read_status + assert_equal "proposed", @book.status + assert_equal "unread", @book.read_status end test "find via scope" do @@ -46,6 +46,11 @@ class EnumTest < ActiveRecord::TestCase assert @book.written? end + test "assign string value" do + @book.status = "written" + assert @book.written? + end + test "assign non existing value raises an error" do e = assert_raises(ArgumentError) do @book.status = :unknown |