diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-05 14:52:08 -0800 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2013-03-15 17:47:28 -0700 |
commit | f980289fd2c1b9073a94b5d49b780a49f5e2933c (patch) | |
tree | 13d708e3d92f2abdd877530239a1c1fc64408234 /activerecord/lib/active_record/relation.rb | |
parent | 488699166c3558963fa82d4689a35f8c3fd93f47 (diff) | |
download | rails-f980289fd2c1b9073a94b5d49b780a49f5e2933c.tar.gz rails-f980289fd2c1b9073a94b5d49b780a49f5e2933c.tar.bz2 rails-f980289fd2c1b9073a94b5d49b780a49f5e2933c.zip |
stop calling to_sym when building arel nodes [CVE-2013-1854]
Diffstat (limited to 'activerecord/lib/active_record/relation.rb')
-rw-r--r-- | activerecord/lib/active_record/relation.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/relation.rb b/activerecord/lib/active_record/relation.rb index 4b3b30d6ed..ae1a57545e 100644 --- a/activerecord/lib/active_record/relation.rb +++ b/activerecord/lib/active_record/relation.rb @@ -464,7 +464,7 @@ module ActiveRecord node.left.relation.name == table_name } - Hash[equalities.map { |where| [where.left.name, where.right] }] + Hash[equalities.map { |where| [where.left.name, where.right] }].with_indifferent_access end def scope_for_create |