aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2012-05-30 15:09:13 -0700
committerAaron Patterson <aaron.patterson@gmail.com>2012-05-30 15:09:13 -0700
commit9340f89849606dba02f44038171f3837f883fd4e (patch)
tree1c60619cf2a565ce998beb81c91457999b69dd45 /activerecord/lib
parent344ea048659f2ba47012f0330183ea4a96752732 (diff)
downloadrails-9340f89849606dba02f44038171f3837f883fd4e.tar.gz
rails-9340f89849606dba02f44038171f3837f883fd4e.tar.bz2
rails-9340f89849606dba02f44038171f3837f883fd4e.zip
predicate builder should not recurse for determining where columns.
Thanks to Ben Murphy for reporting this CVE-2012-2661
Diffstat (limited to 'activerecord/lib')
-rw-r--r--activerecord/lib/active_record/associations/association_scope.rb19
-rw-r--r--activerecord/lib/active_record/relation/predicate_builder.rb2
2 files changed, 18 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/associations/association_scope.rb b/activerecord/lib/active_record/associations/association_scope.rb
index 5a44d3a156..89a626693d 100644
--- a/activerecord/lib/active_record/associations/association_scope.rb
+++ b/activerecord/lib/active_record/associations/association_scope.rb
@@ -96,7 +96,7 @@ module ActiveRecord
conditions.each do |condition|
if options[:through] && condition.is_a?(Hash)
- condition = { table.name => condition }
+ condition = disambiguate_condition(table, condition)
end
scope = scope.where(interpolate(condition))
@@ -113,7 +113,7 @@ module ActiveRecord
conditions.each do |condition|
condition = interpolate(condition)
- condition = { (table.table_alias || table.name) => condition } unless i == 0
+ condition = disambiguate_condition(table, condition) unless i == 0
scope = scope.where(condition)
end
@@ -138,6 +138,21 @@ module ActiveRecord
end
end
+ def disambiguate_condition(table, condition)
+ if condition.is_a?(Hash)
+ Hash[
+ condition.map do |k, v|
+ if v.is_a?(Hash)
+ [k, v]
+ else
+ [table.table_alias || table.name, { k => v }]
+ end
+ end
+ ]
+ else
+ condition
+ end
+ end
end
end
end
diff --git a/activerecord/lib/active_record/relation/predicate_builder.rb b/activerecord/lib/active_record/relation/predicate_builder.rb
index 6a0cdd5917..cb8f903474 100644
--- a/activerecord/lib/active_record/relation/predicate_builder.rb
+++ b/activerecord/lib/active_record/relation/predicate_builder.rb
@@ -6,7 +6,7 @@ module ActiveRecord
if value.is_a?(Hash)
table = Arel::Table.new(column, engine)
- build_from_hash(engine, value, table)
+ value.map { |k,v| build(table[k.to_sym], v) }
else
column = column.to_s
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-28 17:21:58 +0000