Fix #5069 - Protect foreign key from mass assignment throught association builder

author: Jean Boussier <jean.boussier@gmail.com> 2012-03-04 14:20:13 +0100
committer: Aaron Patterson <aaron.patterson@gmail.com> 2012-03-05 10:33:47 -0800
commit: e1a882a15b71435ec82a596978429b34d4c73ac5 (patch)
tree: bad788c4a574c9b3b1886fd279a0e0347dbc7494 /activerecord/lib/active_record/associations/association.rb
parent: ebc5a19ba2b9befecdcd01393e990b678588ee66 (diff)
download: rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.gz
rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.bz2
rails-e1a882a15b71435ec82a596978429b34d4c73ac5.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association.rb b/activerecord/lib/active_record/associations/association.rb
index 7887d59aad..59c1bad559 100644
--- a/activerecord/lib/active_record/associations/association.rb
+++ b/activerecord/lib/active_record/associations/association.rb
@@ -231,7 +231,8 @@ module ActiveRecord
 
         def build_record(attributes, options)
           reflection.build_association(attributes, options) do |record|
-            record.assign_attributes(create_scope.except(*record.changed), :without_protection => true)
+            attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
+            record.assign_attributes(attributes, :without_protection => true)
           end
         end
     end
author	Jean Boussier <jean.boussier@gmail.com>	2012-03-04 14:20:13 +0100
committer	Aaron Patterson <aaron.patterson@gmail.com>	2012-03-05 10:33:47 -0800
commit	e1a882a15b71435ec82a596978429b34d4c73ac5 (patch)
tree	bad788c4a574c9b3b1886fd279a0e0347dbc7494 /activerecord/lib/active_record/associations/association.rb
parent	ebc5a19ba2b9befecdcd01393e990b678588ee66 (diff)
download	rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.gz rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.bz2 rails-e1a882a15b71435ec82a596978429b34d4c73ac5.zip