diff options
author | joernchen of Phenoelit <joernchen@phenoelit.de> | 2013-02-09 15:46:44 -0800 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-02-09 17:00:25 -0800 |
commit | 060bb7250b963609a0d8a5d0559e36b99d2402c6 (patch) | |
tree | 521f44df56732ad9eb01f4caea2e38823545cd72 /activemodel/lib/active_model/mass_assignment_security | |
parent | 2f0ff7554dfc7c8b025822e5212065f256926734 (diff) | |
download | rails-060bb7250b963609a0d8a5d0559e36b99d2402c6.tar.gz rails-060bb7250b963609a0d8a5d0559e36b99d2402c6.tar.bz2 rails-060bb7250b963609a0d8a5d0559e36b99d2402c6.zip |
Fix issue with attr_protected where malformed input could circumvent
protection
Fixes: CVE-2013-0276
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security')
-rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb index a1fcdf1a38..10faa29f31 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -19,7 +19,7 @@ module ActiveModel protected def remove_multiparameter_id(key) - key.to_s.gsub(/\(.+/, '') + key.to_s.gsub(/\(.+/m, '') end end |