aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/test/cases/relation
Commit message (Collapse)AuthorAgeFilesLines
* Additional fix for CVE-2012-2661Ernie Miller2012-06-111-0/+6
| | | | | | | | While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well.
* predicate builder should not recurse for determining where columns.Aaron Patterson2012-05-301-0/+19
Thanks to Ben Murphy for reporting this CVE-2012-2661