Fix #5069 - Protect foreign key from mass assignment throught association builder

author: Jean Boussier <jean.boussier@gmail.com> 2012-03-04 14:20:13 +0100
committer: Aaron Patterson <aaron.patterson@gmail.com> 2012-03-05 10:08:09 -0800
commit: c97a1666910aa82b9c4348402cc8f52492b58692 (patch)
tree: eb64d635ab87efa2807182a026ec70738762c38f /activerecord/lib/active_record/associations/association.rb
parent: c5a47b3207de8db12cfe956fd75933b6930395b2 (diff)
download: rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.gz
rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.bz2
rails-c97a1666910aa82b9c4348402cc8f52492b58692.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association.rb b/activerecord/lib/active_record/associations/association.rb
index c971fbb393..512c52338e 100644
--- a/activerecord/lib/active_record/associations/association.rb
+++ b/activerecord/lib/active_record/associations/association.rb
@@ -232,7 +232,8 @@ module ActiveRecord
 
         def build_record(attributes, options)
           reflection.build_association(attributes, options) do |record|
-            record.assign_attributes(create_scope.except(*record.changed), :without_protection => true)
+            attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
+            record.assign_attributes(attributes, :without_protection => true)
           end
         end
     end
author	Jean Boussier <jean.boussier@gmail.com>	2012-03-04 14:20:13 +0100
committer	Aaron Patterson <aaron.patterson@gmail.com>	2012-03-05 10:08:09 -0800
commit	c97a1666910aa82b9c4348402cc8f52492b58692 (patch)
tree	eb64d635ab87efa2807182a026ec70738762c38f /activerecord/lib/active_record/associations/association.rb
parent	c5a47b3207de8db12cfe956fd75933b6930395b2 (diff)
download	rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.gz rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.bz2 rails-c97a1666910aa82b9c4348402cc8f52492b58692.zip