diff options
| author | Yves Senn <yves.senn@gmail.com> | 2013-11-05 17:29:52 +0100 |
|---|---|---|
| committer | Yves Senn <yves.senn@gmail.com> | 2013-11-05 17:44:08 +0100 |
| commit | 44406d1e77061ce22effaae4698918c1f9f6271a (patch) | |
| tree | 2b6864e46ed700719a81bf79c233bfa626a4fafd /activerecord/lib/active_record | |
| parent | 6c720d18a2770299433fae82c1cab25d0bd4033e (diff) | |
| download | rails-44406d1e77061ce22effaae4698918c1f9f6271a.tar.gz rails-44406d1e77061ce22effaae4698918c1f9f6271a.tar.bz2 rails-44406d1e77061ce22effaae4698918c1f9f6271a.zip | |
store enum mapping using `Strings` instead of `Symbols`.
This allows to assign both `String` and `Symbol` values to the enum
without having to call `to_sym`, which is a security problem.
Diffstat (limited to 'activerecord/lib/active_record')
| -rw-r--r-- | activerecord/lib/active_record/enum.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/enum.rb b/activerecord/lib/active_record/enum.rb index 6bfdf75a2d..a70638f3df 100644 --- a/activerecord/lib/active_record/enum.rb +++ b/activerecord/lib/active_record/enum.rb @@ -43,6 +43,7 @@ module ActiveRecord _enum_methods_module.module_eval do # def direction=(value) self[:direction] = DIRECTION[value] end define_method("#{name}=") { |value| + value = value.to_s unless enum_values.has_key?(value) raise ArgumentError, "'#{value}' is not a valid #{name}" end @@ -54,7 +55,7 @@ module ActiveRecord pairs = values.respond_to?(:each_pair) ? values.each_pair : values.each_with_index pairs.each do |value, i| - enum_values[value] = i + enum_values[value.to_s] = i # scope :incoming, -> { where direction: 0 } klass.scope value, -> { klass.where name => i } |