| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Additional fix for CVE-2012-2661 | Ernie Miller | 2012-06-11 | 1 | -0/+6 |
| | | | | | | | | | While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well. | ||||
| * | predicate builder should not recurse for determining where columns. | Aaron Patterson | 2012-05-30 | 1 | -0/+19 |
| Thanks to Ben Murphy for reporting this CVE-2012-2661 | |||||
 |
index : rails.git | |
| Mirror of official rails repo with custom fixes. | Harald Eilertsen |
| aboutsummaryrefslogtreecommitdiffstats |