aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model/mass_assignment_security
diff options
context:
space:
mode:
authorjoernchen of Phenoelit <joernchen@phenoelit.de>2013-02-09 15:46:44 -0800
committerAaron Patterson <aaron.patterson@gmail.com>2013-02-09 17:00:25 -0800
commit060bb7250b963609a0d8a5d0559e36b99d2402c6 (patch)
tree521f44df56732ad9eb01f4caea2e38823545cd72 /activemodel/lib/active_model/mass_assignment_security
parent2f0ff7554dfc7c8b025822e5212065f256926734 (diff)
downloadrails-060bb7250b963609a0d8a5d0559e36b99d2402c6.tar.gz
rails-060bb7250b963609a0d8a5d0559e36b99d2402c6.tar.bz2
rails-060bb7250b963609a0d8a5d0559e36b99d2402c6.zip
Fix issue with attr_protected where malformed input could circumvent
protection Fixes: CVE-2013-0276
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security')
-rw-r--r--activemodel/lib/active_model/mass_assignment_security/permission_set.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
index a1fcdf1a38..10faa29f31 100644
--- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
@@ -19,7 +19,7 @@ module ActiveModel
protected
def remove_multiparameter_id(key)
- key.to_s.gsub(/\(.+/, '')
+ key.to_s.gsub(/\(.+/m, '')
end
end