From 96b951ce24651aa1527b16f4ec293c716757e8b0 Mon Sep 17 00:00:00 2001 From: Dmitry Plashchynski Date: Fri, 30 Mar 2012 15:35:35 +0300 Subject: validate attribute names in class and module attribute accessors --- .../active_support/core_ext/class/attribute_accessors.rb | 2 ++ .../active_support/core_ext/module/attribute_accessors.rb | 2 ++ .../test/core_ext/class/attribute_accessor_test.rb | 14 ++++++++++++++ .../test/core_ext/module/attribute_accessor_test.rb | 14 ++++++++++++++ 4 files changed, 32 insertions(+) diff --git a/activesupport/lib/active_support/core_ext/class/attribute_accessors.rb b/activesupport/lib/active_support/core_ext/class/attribute_accessors.rb index 268303aaf2..95eb94fdf6 100644 --- a/activesupport/lib/active_support/core_ext/class/attribute_accessors.rb +++ b/activesupport/lib/active_support/core_ext/class/attribute_accessors.rb @@ -29,6 +29,7 @@ class Class def cattr_reader(*syms) options = syms.extract_options! syms.each do |sym| + raise NameError.new("invalid attribute name") unless sym =~ /^[_A-Za-z]\w*$/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) unless defined? @@#{sym} @@#{sym} = nil @@ -52,6 +53,7 @@ class Class def cattr_writer(*syms) options = syms.extract_options! syms.each do |sym| + raise NameError.new("invalid attribute name") unless sym =~ /^[_A-Za-z]\w*$/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) unless defined? @@#{sym} @@#{sym} = nil diff --git a/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb b/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb index be94ae1565..84acb629ad 100644 --- a/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb +++ b/activesupport/lib/active_support/core_ext/module/attribute_accessors.rb @@ -4,6 +4,7 @@ class Module def mattr_reader(*syms) options = syms.extract_options! syms.each do |sym| + raise NameError.new("invalid attribute name") unless sym =~ /^[_A-Za-z]\w*$/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) @@#{sym} = nil unless defined? @@#{sym} @@ -25,6 +26,7 @@ class Module def mattr_writer(*syms) options = syms.extract_options! syms.each do |sym| + raise NameError.new("invalid attribute name") unless sym =~ /^[_A-Za-z]\w*$/ class_eval(<<-EOS, __FILE__, __LINE__ + 1) def self.#{sym}=(obj) @@#{sym} = obj diff --git a/activesupport/test/core_ext/class/attribute_accessor_test.rb b/activesupport/test/core_ext/class/attribute_accessor_test.rb index 3822e7af66..8d827f054e 100644 --- a/activesupport/test/core_ext/class/attribute_accessor_test.rb +++ b/activesupport/test/core_ext/class/attribute_accessor_test.rb @@ -42,4 +42,18 @@ class ClassAttributeAccessorTest < ActiveSupport::TestCase assert !@object.respond_to?(:camp) assert !@object.respond_to?(:camp=) end + + def test_should_raise_name_error_if_attribute_name_is_invalid + assert_raises NameError do + Class.new do + cattr_reader "invalid attribute name" + end + end + + assert_raises NameError do + Class.new do + cattr_writer "invalid attribute name" + end + end + end end diff --git a/activesupport/test/core_ext/module/attribute_accessor_test.rb b/activesupport/test/core_ext/module/attribute_accessor_test.rb index 6a2ad2f241..a577f90bdd 100644 --- a/activesupport/test/core_ext/module/attribute_accessor_test.rb +++ b/activesupport/test/core_ext/module/attribute_accessor_test.rb @@ -44,4 +44,18 @@ class ModuleAttributeAccessorTest < ActiveSupport::TestCase assert !@object.respond_to?(:camp) assert !@object.respond_to?(:camp=) end + + def test_should_raise_name_error_if_attribute_name_is_invalid + assert_raises NameError do + Class.new do + mattr_reader "invalid attribute name" + end + end + + assert_raises NameError do + Class.new do + mattr_writer "invalid attribute name" + end + end + end end -- cgit v1.2.3