diff options
| author | Aliaksandr Buhayeu <aliaksandr.buhayeu@gmail.com> | 2015-06-17 14:58:36 +0300 |
|---|---|---|
| committer | Aliaksandr Buhayeu <aliaksandr.buhayeu@gmail.com> | 2015-10-01 21:27:58 +0300 |
| commit | 3005c25a36bcf30e08940a6cd0414752b35ba971 (patch) | |
| tree | 702e6dc3bade409740989a49dde4ced2677ffbd9 /activesupport/lib | |
| parent | f78650d56e75ee266a17e12cd97a136d10484a67 (diff) | |
| download | rails-3005c25a36bcf30e08940a6cd0414752b35ba971.tar.gz rails-3005c25a36bcf30e08940a6cd0414752b35ba971.tar.bz2 rails-3005c25a36bcf30e08940a6cd0414752b35ba971.zip | |
Regex fix for mattr_accessor validation
Change ^ and $ operators to \A and \z to prevent
code injection after the line breaks
Diffstat (limited to 'activesupport/lib')
| -rw-r--r-- | activesupport/lib/active_support/core_ext/module/attribute_accessors.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb b/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb index a084177b9f..bf175a8a70 100644 --- a/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb +++ b/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb @@ -53,7 +53,7 @@ class Module def mattr_reader(*syms) options = syms.extract_options! syms.each do |sym| - raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /^[_A-Za-z]\w*$/ + raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /\A[_A-Za-z]\w*\z/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) @@#{sym} = nil unless defined? @@#{sym} @@ -119,7 +119,7 @@ class Module def mattr_writer(*syms) options = syms.extract_options! syms.each do |sym| - raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /^[_A-Za-z]\w*$/ + raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /\A[_A-Za-z]\w*\z/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) @@#{sym} = nil unless defined? @@#{sym} |