Additional fix for CVE-2012-2661

While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well.
author: Ernie Miller <ernie@erniemiller.org> 2012-06-08 16:32:08 -0400
committer: Aaron Patterson <aaron.patterson@gmail.com> 2012-06-11 14:00:05 -0700
commit: cc2903da9f13c26ba3d94c149f31d4c53b94b2ed (patch)
tree: 649f450b5d8660344cd31dbafa2f16336aba6a4d /activerecord/test/cases/relation/where_test.rb
parent: 0ccdeeb6b589b486f9ffdfb56cbbf901ec955d88 (diff)
download: rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.tar.gz
rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.tar.bz2
rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb
index 90c690e266..b9eef1d32f 100644
--- a/activerecord/test/cases/relation/where_test.rb
+++ b/activerecord/test/cases/relation/where_test.rb
@@ -11,6 +11,12 @@ module ActiveRecord
       end
     end
 
+    def test_where_error_with_hash
+      assert_raises(ActiveRecord::StatementInvalid) do
+        Post.where(:id => { :posts => {:author_id => 10} }).first
+      end
+    end
+
     def test_where_with_table_name
       post = Post.first
       assert_equal post, Post.where(:posts => { 'id' => post.id }).first
author	Ernie Miller <ernie@erniemiller.org>	2012-06-08 16:32:08 -0400
committer	Aaron Patterson <aaron.patterson@gmail.com>	2012-06-11 14:00:05 -0700
commit	cc2903da9f13c26ba3d94c149f31d4c53b94b2ed (patch)
tree	649f450b5d8660344cd31dbafa2f16336aba6a4d /activerecord/test/cases/relation/where_test.rb
parent	0ccdeeb6b589b486f9ffdfb56cbbf901ec955d88 (diff)
download	rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.tar.gz rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.tar.bz2 rails-cc2903da9f13c26ba3d94c149f31d4c53b94b2ed.zip