aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/test/dependencies_test.rb
diff options
context:
space:
mode:
authorAndrew White <andyw@pixeltrix.co.uk>2015-11-27 13:46:46 +0000
committerAaron Patterson <aaron.patterson@gmail.com>2016-01-22 15:00:50 -0800
commit0fde6f554b75b13b0435dd70f1c3ec02bc209e0d (patch)
tree5fe0ba60d184911371863d299da9ba19149936dd /activesupport/test/dependencies_test.rb
parent51313c21a63c3ed47ba20df3ad7f26a45d5bf684 (diff)
downloadrails-0fde6f554b75b13b0435dd70f1c3ec02bc209e0d.tar.gz
rails-0fde6f554b75b13b0435dd70f1c3ec02bc209e0d.tar.bz2
rails-0fde6f554b75b13b0435dd70f1c3ec02bc209e0d.zip
Don't short-circuit reject_if proc
When updating an associated record via nested attribute hashes the reject_if proc could be bypassed if the _destroy flag was set in the attribute hash and allow_destroy was set to false. The fix is to only short-circuit if the _destroy flag is set and the option allow_destroy is set to true. It also fixes an issue where a new record wasn't created if _destroy was set and the option allow_destroy was set to false. CVE-2015-7577
Diffstat (limited to 'activesupport/test/dependencies_test.rb')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 03:44:11 +0000