diff options
-rw-r--r-- | activerecord/CHANGELOG | 2 | ||||
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/quoting.rb | 3 | ||||
-rwxr-xr-x | activerecord/test/base_test.rb | 6 |
3 files changed, 10 insertions, 1 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG index df012b91ca..10387d04ef 100644 --- a/activerecord/CHANGELOG +++ b/activerecord/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Patch sql injection vulnerability when using integer or float columns. [Jamis Buck] + * Allow #count through a has_many association to accept :include. [Dan Peterson] * create_table rdoc: suggest :id => false for habtm join tables. [Zed Shaw] diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb index 1c1b00252c..94d1d9c43f 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb @@ -11,7 +11,8 @@ module ActiveRecord when String if column && column.type == :binary && column.class.respond_to?(:string_to_binary) "'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode) - elsif column && [:integer, :float].include?(column.type) + elsif column && [:integer, :float].include?(column.type) + value = column.type == :integer ? value.to_i : value.to_f value.to_s else "'#{quote_string(value)}'" # ' (for ruby-mode) diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index b07ec3eacd..a2652b04b6 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -961,6 +961,12 @@ class BasicsTest < Test::Unit::TestCase assert_equal("<baz>", inverted["quux"]) end + def test_sql_injection_via_find + assert_raises(ActiveRecord::RecordNotFound) do + Topic.find("123456 OR id > 0") + end + end + def test_column_name_properly_quoted col_record = ColumnName.new col_record.references = 40 |