diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:04:11 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-30 15:04:11 -0700 |
commit | 71f7917c553cdc9a0ee49e87af0efb7429759718 (patch) | |
tree | bc5c3b2a01128c1a08bd4bf5e7b0c5dd59a81e8b /activerecord/lib/active_record/relation | |
parent | fe4dfdd64450662d882b47bf519d885edee453df (diff) | |
download | rails-71f7917c553cdc9a0ee49e87af0efb7429759718.tar.gz rails-71f7917c553cdc9a0ee49e87af0efb7429759718.tar.bz2 rails-71f7917c553cdc9a0ee49e87af0efb7429759718.zip |
predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this
CVE-2012-2661
Diffstat (limited to 'activerecord/lib/active_record/relation')
-rw-r--r-- | activerecord/lib/active_record/relation/predicate_builder.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/relation/predicate_builder.rb b/activerecord/lib/active_record/relation/predicate_builder.rb index a789f48725..9c84d8a6d5 100644 --- a/activerecord/lib/active_record/relation/predicate_builder.rb +++ b/activerecord/lib/active_record/relation/predicate_builder.rb @@ -1,16 +1,16 @@ module ActiveRecord class PredicateBuilder # :nodoc: - def self.build_from_hash(engine, attributes, default_table) + def self.build_from_hash(engine, attributes, default_table, check_column = true) predicates = attributes.map do |column, value| table = default_table if value.is_a?(Hash) table = Arel::Table.new(column, engine) - build_from_hash(engine, value, table) + build_from_hash(engine, value, table, false) else column = column.to_s - if column.include?('.') + if check_column && column.include?('.') table_name, column = column.split('.', 2) table = Arel::Table.new(table_name, engine) end |