diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2014-02-12 16:22:40 -0800 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-02-18 15:40:19 -0300 |
| commit | 6256b1de9a2d968b0d123ad6a09b33de01019ae6 (patch) | |
| tree | c3abe8762057450aec951a7f042820b87601cb4d /activerecord/lib | |
| parent | 08d0a11a3f62718d601d39e617c834759cf59bbb (diff) | |
| download | rails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.tar.gz rails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.tar.bz2 rails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.zip | |
Correctly escape PostgreSQL arrays.
Thanks Godfrey Chan for reporting this!
Fixes: CVE-2014-0080
Diffstat (limited to 'activerecord/lib')
| -rw-r--r-- | activerecord/lib/active_record/connection_adapters/postgresql/cast.rb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/cast.rb b/activerecord/lib/active_record/connection_adapters/postgresql/cast.rb index bf34f2bdae..bb6ea95bea 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql/cast.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql/cast.rb @@ -142,12 +142,16 @@ module ActiveRecord end end + ARRAY_ESCAPE = "\\" * 2 * 2 # escape the backslash twice for PG arrays + def quote_and_escape(value) case value when "NULL" value else - "\"#{value.gsub(/"/,"\\\"")}\"" + value = value.gsub(/\\/, ARRAY_ESCAPE) + value.gsub!(/"/,"\\\"") + "\"#{value}\"" end end |