diff options
author | Michael Koziarski <michael@koziarski.com> | 2009-06-10 12:10:13 +1200 |
---|---|---|
committer | Michael Koziarski <michael@koziarski.com> | 2009-06-10 12:12:21 +1200 |
commit | c014c3e5c14beb71fa7c67f15448386d0ffaba28 (patch) | |
tree | 6463fc9f189332286f0516b2b1d11d5084b61818 /activesupport/lib/active_support/mini.rb | |
parent | b6fde6b4801fae26cdd0e790f6bfd06e7afe9941 (diff) | |
download | rails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.tar.gz rails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.tar.bz2 rails-c014c3e5c14beb71fa7c67f15448386d0ffaba28.zip |
Whitelist the methods which are called by multiparameter attribute assignment.
This prevents users from causing NoMethodErrors and the like by editing the parameter names, and closes a potential exploit of CVE-2009-1904.
Diffstat (limited to 'activesupport/lib/active_support/mini.rb')
0 files changed, 0 insertions, 0 deletions