diff options
| author | Jean Boussier <jean.boussier@gmail.com> | 2012-03-04 14:20:13 +0100 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-05 10:33:47 -0800 |
| commit | e1a882a15b71435ec82a596978429b34d4c73ac5 (patch) | |
| tree | bad788c4a574c9b3b1886fd279a0e0347dbc7494 /activerecord/lib/active_record | |
| parent | ebc5a19ba2b9befecdcd01393e990b678588ee66 (diff) | |
| download | rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.gz rails-e1a882a15b71435ec82a596978429b34d4c73ac5.tar.bz2 rails-e1a882a15b71435ec82a596978429b34d4c73ac5.zip | |
Fix #5069 - Protect foreign key from mass assignment throught association builder
Diffstat (limited to 'activerecord/lib/active_record')
| -rw-r--r-- | activerecord/lib/active_record/associations/association.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association.rb b/activerecord/lib/active_record/associations/association.rb index 7887d59aad..59c1bad559 100644 --- a/activerecord/lib/active_record/associations/association.rb +++ b/activerecord/lib/active_record/associations/association.rb @@ -231,7 +231,8 @@ module ActiveRecord def build_record(attributes, options) reflection.build_association(attributes, options) do |record| - record.assign_attributes(create_scope.except(*record.changed), :without_protection => true) + attributes = create_scope.except(*(record.changed - [reflection.foreign_key])) + record.assign_attributes(attributes, :without_protection => true) end end end |