diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:04:11 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:04:11 -0700 |
commit | 71f7917c553cdc9a0ee49e87af0efb7429759718 (patch) | |
tree | bc5c3b2a01128c1a08bd4bf5e7b0c5dd59a81e8b /activerecord/lib/active_record/associations | |
parent | fe4dfdd64450662d882b47bf519d885edee453df (diff) | |
download | rails-71f7917c553cdc9a0ee49e87af0efb7429759718.tar.gz rails-71f7917c553cdc9a0ee49e87af0efb7429759718.tar.bz2 rails-71f7917c553cdc9a0ee49e87af0efb7429759718.zip |
predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this
CVE-2012-2661
Diffstat (limited to 'activerecord/lib/active_record/associations')
-rw-r--r-- | activerecord/lib/active_record/associations/association_scope.rb | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association_scope.rb b/activerecord/lib/active_record/associations/association_scope.rb index b3819e3661..f9cffa40c8 100644 --- a/activerecord/lib/active_record/associations/association_scope.rb +++ b/activerecord/lib/active_record/associations/association_scope.rb @@ -75,7 +75,7 @@ module ActiveRecord conditions.each do |condition| if options[:through] && condition.is_a?(Hash) - condition = { table.name => condition } + condition = disambiguate_condition(table, condition) end scope = scope.where(interpolate(condition)) @@ -114,6 +114,21 @@ module ActiveRecord end end + def disambiguate_condition(table, condition) + if condition.is_a?(Hash) + Hash[ + condition.map do |k, v| + if v.is_a?(Hash) + [k, v] + else + [table.table_alias || table.name, { k => v }] + end + end + ] + else + condition + end + end end end end |