diff options
| author | Jean Boussier <jean.boussier@gmail.com> | 2012-03-04 14:20:13 +0100 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-05 10:08:09 -0800 |
| commit | c97a1666910aa82b9c4348402cc8f52492b58692 (patch) | |
| tree | eb64d635ab87efa2807182a026ec70738762c38f /activerecord/lib | |
| parent | c5a47b3207de8db12cfe956fd75933b6930395b2 (diff) | |
| download | rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.gz rails-c97a1666910aa82b9c4348402cc8f52492b58692.tar.bz2 rails-c97a1666910aa82b9c4348402cc8f52492b58692.zip | |
Fix #5069 - Protect foreign key from mass assignment throught association builder
Diffstat (limited to 'activerecord/lib')
| -rw-r--r-- | activerecord/lib/active_record/associations/association.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association.rb b/activerecord/lib/active_record/associations/association.rb index c971fbb393..512c52338e 100644 --- a/activerecord/lib/active_record/associations/association.rb +++ b/activerecord/lib/active_record/associations/association.rb @@ -232,7 +232,8 @@ module ActiveRecord def build_record(attributes, options) reflection.build_association(attributes, options) do |record| - record.assign_attributes(create_scope.except(*record.changed), :without_protection => true) + attributes = create_scope.except(*(record.changed - [reflection.foreign_key])) + record.assign_attributes(attributes, :without_protection => true) end end end |