diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-12-23 11:52:05 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-12-23 11:52:05 -0800 |
| commit | 2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69 (patch) | |
| tree | e9b8178d3b0fb6236601526bcde3f6628ef74940 /activerecord | |
| parent | 885f59f6852cce670b48680fa0a1b6a4b0998291 (diff) | |
| parent | 325669f0795a9148fd31f7f496a40dc8e114ef52 (diff) | |
| download | rails-2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69.tar.gz rails-2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69.tar.bz2 rails-2aa70bd61a5c4a55dffa79fb6da9b8c8d6dd8b69.zip | |
Merge branch '3-2-sec' into 3-2-secmerge
* 3-2-sec:
CVE-2012-5664 options hashes should only be extracted if there are extra parameters
updating changelog
updating the changelogs
updating the changelog for the CVE
Add release date of Rails 3.2.9 to documentation
Conflicts:
actionmailer/CHANGELOG.md
actionpack/CHANGELOG.md
activemodel/CHANGELOG.md
activerecord/CHANGELOG.md
activeresource/CHANGELOG.md
activesupport/CHANGELOG.md
railties/CHANGELOG.md
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/CHANGELOG.md | 9 | ||||
| -rw-r--r-- | activerecord/lib/active_record/dynamic_matchers.rb | 7 | ||||
| -rw-r--r-- | activerecord/test/cases/finder_test.rb | 12 |
3 files changed, 26 insertions, 2 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 083474eed0..1d682e03bf 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,4 +1,4 @@ -## Rails 3.2.10 (unreleased) +## Rails 3.2.11 (unreleased) * Serialized attributes can be serialized in integer columns. Fix #8575. @@ -180,6 +180,13 @@ *Alexis Bernard* +## Rails 3.2.10 ## + +* CVE-2012-5664 options hashes should only be extracted if there are extra + parameters + +## Rails 3.2.9 (Nov 12, 2012) ## + * Fix issue with collection associations calling first(n)/last(n) and attempting to set the inverse association when `:inverse_of` was used. Fixes #8087. diff --git a/activerecord/lib/active_record/dynamic_matchers.rb b/activerecord/lib/active_record/dynamic_matchers.rb index b6b8e24436..f15d0b7611 100644 --- a/activerecord/lib/active_record/dynamic_matchers.rb +++ b/activerecord/lib/active_record/dynamic_matchers.rb @@ -40,7 +40,12 @@ module ActiveRecord METHOD send(method_id, *arguments) elsif match.finder? - options = arguments.extract_options! + options = if arguments.length > attribute_names.size + arguments.extract_options! + else + {} + end + relation = options.any? ? scoped(options) : scoped relation.send :find_by_attributes, match, attribute_names, *arguments, &block elsif match.instantiator? diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb index e50a334958..7d63d76c34 100644 --- a/activerecord/test/cases/finder_test.rb +++ b/activerecord/test/cases/finder_test.rb @@ -15,6 +15,18 @@ require 'models/toy' class FinderTest < ActiveRecord::TestCase fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations + def test_find_by_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_id(:limit => 1) + end + end + + def test_find_by_title_and_id_with_hash + assert_raises(ActiveRecord::StatementInvalid) do + Post.find_by_title_and_id('foo', :limit => 1) + end + end + def test_find assert_equal(topics(:first).title, Topic.find(1).title) end |