diff options
| author | Jamis Buck <jamis@37signals.com> | 2006-07-27 18:29:49 +0000 |
|---|---|---|
| committer | Jamis Buck <jamis@37signals.com> | 2006-07-27 18:29:49 +0000 |
| commit | 99e9faeda8f039d34e9eeab319e8adc13cb9bc86 (patch) | |
| tree | 318d2714fedd28cd90efc91c1b859286317e5241 /activerecord/test/base_test.rb | |
| parent | d70d5219554b55b24586d559bd39d829317d523d (diff) | |
| download | rails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.tar.gz rails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.tar.bz2 rails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.zip | |
Patch sql injection vulnerability when using integer or float columns.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4626 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/test/base_test.rb')
| -rwxr-xr-x | activerecord/test/base_test.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index b07ec3eacd..a2652b04b6 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -961,6 +961,12 @@ class BasicsTest < Test::Unit::TestCase assert_equal("<baz>", inverted["quux"]) end + def test_sql_injection_via_find + assert_raises(ActiveRecord::RecordNotFound) do + Topic.find("123456 OR id > 0") + end + end + def test_column_name_properly_quoted col_record = ColumnName.new col_record.references = 40 |