From 95b49895593124d9be37ccfbee0f06229e7f4a5b Mon Sep 17 00:00:00 2001
From: slainer68 <slainer68@gmail.com>
Date: Tue, 10 May 2011 16:11:28 +0200
Subject: Puts ActiveRecord::SessionStore attributes in white list, fixes #483

---
 activerecord/lib/active_record/session_store.rb       | 2 ++
 activerecord/test/cases/session_store/session_test.rb | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/activerecord/lib/active_record/session_store.rb b/activerecord/lib/active_record/session_store.rb
index 7e77aefb21..98e21db908 100644
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -83,6 +83,8 @@ module ActiveRecord
       cattr_accessor :data_column_name
       self.data_column_name = 'data'
 
+      attr_accessible :session_id, :data, :marshaled_data
+
       before_save :marshal_data!
       before_save :raise_on_session_data_overflow!
 
diff --git a/activerecord/test/cases/session_store/session_test.rb b/activerecord/test/cases/session_store/session_test.rb
index cee5ddd003..669c0b7b4d 100644
--- a/activerecord/test/cases/session_store/session_test.rb
+++ b/activerecord/test/cases/session_store/session_test.rb
@@ -21,6 +21,12 @@ module ActiveRecord
         assert_equal 'sessions', Session.table_name
       end
 
+      def test_accessible_attributes
+        assert Session.accessible_attributes.include?(:session_id)
+        assert Session.accessible_attributes.include?(:data)
+        assert Session.accessible_attributes.include?(:marshaled_data)
+      end
+
       def test_create_table!
         assert !Session.table_exists?
         Session.create_table!
-- 
cgit v1.2.3