diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-06-05 12:34:07 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-07-02 12:49:01 -0300 |
| commit | 1f2192e46d78ee0ba2b06373f2c24caf8440ff5b (patch) | |
| tree | dbd23e6da3667fedaf5ccedb1f268a1470fc75c3 /activerecord/test/cases/adapters/postgresql/quoting_test.rb | |
| parent | 297bff7f8f01fbda2a6bacaed4afb3d060292b9f (diff) | |
| download | rails-1f2192e46d78ee0ba2b06373f2c24caf8440ff5b.tar.gz rails-1f2192e46d78ee0ba2b06373f2c24caf8440ff5b.tar.bz2 rails-1f2192e46d78ee0ba2b06373f2c24caf8440ff5b.zip | |
Check against bit string values using multiline regexp
Fix CVE-2014-3482.
Diffstat (limited to 'activerecord/test/cases/adapters/postgresql/quoting_test.rb')
| -rw-r--r-- | activerecord/test/cases/adapters/postgresql/quoting_test.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb index 172055f15c..cfdf16d48d 100644 --- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb +++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb @@ -19,6 +19,11 @@ module ActiveRecord assert_equal 'f', @conn.type_cast(false, nil) assert_equal 'f', @conn.type_cast(false, c) end + + def test_quote_bit_string + c = PostgreSQLColumn.new(nil, 1, 'bit') + assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c) + end end end end |