diff options
author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2010-07-07 17:05:42 +0200 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2010-07-08 18:28:38 +0200 |
commit | 7c86e8e21ba6a1f88226ddd0cf012a563f234d06 (patch) | |
tree | ba1ebdeaed80dc86211c1bce56919c0d39a0bea2 /activerecord/lib/active_record/mass_assignment_security | |
parent | 606088df3f10dd8daec8ccc97d8279c119a503b5 (diff) | |
download | rails-7c86e8e21ba6a1f88226ddd0cf012a563f234d06.tar.gz rails-7c86e8e21ba6a1f88226ddd0cf012a563f234d06.tar.bz2 rails-7c86e8e21ba6a1f88226ddd0cf012a563f234d06.zip |
minor changes to mass assignment security patch to bring it in line with rails standards
Signed-off-by: José Valim <jose.valim@gmail.com>
Diffstat (limited to 'activerecord/lib/active_record/mass_assignment_security')
-rw-r--r-- | activerecord/lib/active_record/mass_assignment_security/permission_set.rb | 7 | ||||
-rw-r--r-- | activerecord/lib/active_record/mass_assignment_security/sanitizer.rb | 8 |
2 files changed, 7 insertions, 8 deletions
diff --git a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb index 1d34dce02e..8446a4103b 100644 --- a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb +++ b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb @@ -2,11 +2,11 @@ require 'active_record/mass_assignment_security/sanitizer' module ActiveRecord module MassAssignmentSecurity - class PermissionSet < Set + class PermissionSet < Set attr_accessor :logger - def merge(values) + def +(values) super(values.map(&:to_s)) end @@ -19,7 +19,6 @@ module ActiveRecord def remove_multiparameter_id(key) key.gsub(/\(.+/, '') end - end class WhiteList < PermissionSet @@ -28,7 +27,6 @@ module ActiveRecord def deny?(key) !include?(key) end - end class BlackList < PermissionSet @@ -37,7 +35,6 @@ module ActiveRecord def deny?(key) include?(key) end - end end diff --git a/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb b/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb index 4a099a147c..11de35f9d6 100644 --- a/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb +++ b/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb @@ -13,15 +13,17 @@ module ActiveRecord def debug_protected_attribute_removal(attributes, sanitized_attributes) removed_keys = attributes.keys - sanitized_attributes.keys - if removed_keys.any? - logger.debug "WARNING: Can't mass-assign protected attributes: #{removed_keys.join(', ')}" - end + warn!(removed_keys) if removed_keys.any? end def debug? logger.present? end + def warn!(attrs) + logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" + end + end end end |