aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model
diff options
context:
space:
mode:
authorBogdan Gusiev <agresso@gmail.com>2011-07-28 11:56:08 +0300
committerBogdan Gusiev <agresso@gmail.com>2011-07-28 11:56:08 +0300
commitb93a918337e99c3fe3ad059f093b1ee56b9e6a7d (patch)
tree9984f7c01953780f3e506bf1008665b3028ca00f /activemodel/lib/active_model
parent451f63b42e411a57796baccca7d27b5746bff49b (diff)
downloadrails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.gz
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.bz2
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.zip
MassAssignmentProtection: consider 'id' insensetive in StrictSanitizer
In order to use StrictSanitizer in test mode Consider :id as not sensetive attribute that can be filtered from mass assignement without exception.
Diffstat (limited to 'activemodel/lib/active_model')
-rw-r--r--activemodel/lib/active_model/mass_assignment_security/sanitizer.rb5
1 files changed, 5 insertions, 0 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index bb0526adc3..bbdddfb50d 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -44,8 +44,13 @@ module ActiveModel
class StrictSanitizer < Sanitizer
def process_removed_attributes(attrs)
+ return if (attrs - insensitive_attributes).empty?
raise ActiveModel::MassAssignmentSecurity::Error, "Can't mass-assign protected attributes: #{attrs.join(', ')}"
end
+
+ def insensitive_attributes
+ ['id']
+ end
end
class Error < StandardError