aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/test/cases/adapters/postgresql/datatype_test.rb
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2014-02-12 16:22:40 -0800
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 15:40:19 -0300
commit6256b1de9a2d968b0d123ad6a09b33de01019ae6 (patch)
treec3abe8762057450aec951a7f042820b87601cb4d /activerecord/test/cases/adapters/postgresql/datatype_test.rb
parent08d0a11a3f62718d601d39e617c834759cf59bbb (diff)
downloadrails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.tar.gz
rails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.tar.bz2
rails-6256b1de9a2d968b0d123ad6a09b33de01019ae6.zip
Correctly escape PostgreSQL arrays.
Thanks Godfrey Chan for reporting this! Fixes: CVE-2014-0080
Diffstat (limited to 'activerecord/test/cases/adapters/postgresql/datatype_test.rb')
-rw-r--r--activerecord/test/cases/adapters/postgresql/datatype_test.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/activerecord/test/cases/adapters/postgresql/datatype_test.rb b/activerecord/test/cases/adapters/postgresql/datatype_test.rb
index 04a458fbce..5c3a797c41 100644
--- a/activerecord/test/cases/adapters/postgresql/datatype_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/datatype_test.rb
@@ -78,6 +78,14 @@ class PostgresqlDataTypeTest < ActiveRecord::TestCase
PostgresqlBitString, PostgresqlOid, PostgresqlTimestampWithZone, PostgresqlUUID].each(&:delete_all)
end
+ def test_array_escaping
+ unknown = %(foo\\",bar,baz,\\)
+ nicknames = ["hello_#{unknown}"]
+ ar = PostgresqlArray.create!(nicknames: nicknames, id: 100)
+ ar.reload
+ assert_equal nicknames, ar.nicknames
+ end
+
def test_data_type_of_array_types
assert_equal :integer, @first_array.column_for_attribute(:commission_by_quarter).type
assert_equal :text, @first_array.column_for_attribute(:nicknames).type
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 21:50:51 +0000