diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-11-22 11:52:01 -0200 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-11-22 11:52:01 -0200 |
| commit | b313bcba07ea3c8b3dca3601bec23293f803efcc (patch) | |
| tree | 714c4f01c8457dd10945a7867fe78216945445f1 | |
| parent | 43dd9c87fd4c2054297a30b46e283ec69d17f30e (diff) | |
| parent | 053bfa2304517fd2eb4e8e7dcb4eb9897f121271 (diff) | |
| download | rails-b313bcba07ea3c8b3dca3601bec23293f803efcc.tar.gz rails-b313bcba07ea3c8b3dca3601bec23293f803efcc.tar.bz2 rails-b313bcba07ea3c8b3dca3601bec23293f803efcc.zip | |
Merge pull request #8291 from senny/8265_build_with_polymorphic_association
prevent mass assignment of polymorphic type when using `build`
Conflicts:
activerecord/CHANGELOG.md
| -rw-r--r-- | activerecord/CHANGELOG.md | 5 | ||||
| -rw-r--r-- | activerecord/lib/active_record/associations/association.rb | 3 | ||||
| -rw-r--r-- | activerecord/test/cases/associations/has_many_associations_test.rb | 8 |
3 files changed, 15 insertions, 1 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index e3ed3780db..1a34ed441f 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,5 +1,10 @@ ## Rails 4.0.0 (unreleased) ## +* Prevent mass assignment to the type column of polymorphic associations when using `build` + Fix #8265 + + *Yves Senn* + * Deprecate calling `Relation#sum` with a block. To perform a calculation over the array result of the relation, use `to_a.sum(&block)`. diff --git a/activerecord/lib/active_record/associations/association.rb b/activerecord/lib/active_record/associations/association.rb index 99e7383d42..3f0e4ca999 100644 --- a/activerecord/lib/active_record/associations/association.rb +++ b/activerecord/lib/active_record/associations/association.rb @@ -232,7 +232,8 @@ module ActiveRecord def build_record(attributes) reflection.build_association(attributes) do |record| - attributes = create_scope.except(*(record.changed - [reflection.foreign_key])) + skip_assign = [reflection.foreign_key, reflection.type].compact + attributes = create_scope.except(*(record.changed - skip_assign)) record.assign_attributes(attributes) end end diff --git a/activerecord/test/cases/associations/has_many_associations_test.rb b/activerecord/test/cases/associations/has_many_associations_test.rb index 6cdc166533..2ded97582d 100644 --- a/activerecord/test/cases/associations/has_many_associations_test.rb +++ b/activerecord/test/cases/associations/has_many_associations_test.rb @@ -1579,6 +1579,14 @@ class HasManyAssociationsTest < ActiveRecord::TestCase assert_equal [tagging], post.taggings end + def test_build_with_polymotphic_has_many_does_not_allow_to_override_type_and_id + welcome = posts(:welcome) + tagging = welcome.taggings.build(:taggable_id => 99, :taggable_type => 'ShouldNotChange') + + assert_equal welcome.id, tagging.taggable_id + assert_equal 'Post', tagging.taggable_type + end + def test_dont_call_save_callbacks_twice_on_has_many firm = companies(:first_firm) contract = firm.contracts.create! |