From c92ecb82b816df530b43f7334e1ad80beeac3f4c Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Tue, 28 Jun 2005 17:15:01 +0000 Subject: Fixed that multiparameter posts ignored attr_protected #1532 [alec+rails@veryclever.net] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1550 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- activerecord/CHANGELOG | 2 ++ activerecord/lib/active_record/base.rb | 6 +++--- activerecord/test/base_test.rb | 13 +++++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG index 1f30b978ba..cbbf33318a 100644 --- a/activerecord/CHANGELOG +++ b/activerecord/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Fixed that multiparameter posts ignored attr_protected #1532 [alec+rails@veryclever.net] + * Fixed problem with eager loading when using a has_and_belongs_to_many association using :association_foreign_key #1504 [flash@vanklinkenbergsoftware.nl] * Fixed Base#find to honor the documentation on how :joins work and make them consistent with Base#count #1405 [pritchie@gmail.com]. What used to be: diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 7e2acb5acf..0060f694a2 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1279,11 +1279,11 @@ module ActiveRecord #:nodoc: def remove_attributes_protected_from_mass_assignment(attributes) if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil? - attributes.reject { |key, value| attributes_protected_by_default.include?(key) } + attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } elsif self.class.protected_attributes.nil? - attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.intern) || attributes_protected_by_default.include?(key) } + attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } elsif self.class.accessible_attributes.nil? - attributes.reject { |key, value| self.class.protected_attributes.include?(key.intern) || attributes_protected_by_default.include?(key) } + attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } end end diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index b2df346dec..1c5702741e 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -33,6 +33,10 @@ end class Booleantest < ActiveRecord::Base; end +class Task < ActiveRecord::Base + attr_protected :starting +end + class BasicsTest < Test::Unit::TestCase fixtures :topics, :companies, :developers, :projects, :computers @@ -542,6 +546,15 @@ class BasicsTest < Test::Unit::TestCase assert_equal Time.local(2004, 6, 24, 16, 24, 0), topic.written_on end + def test_multiparameter_mass_assignment_protector + task = Task.new + time = Time.mktime(0) + task.starting = time + attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" } + task.attributes = attributes + assert_equal time, task.starting + end + def test_attributes_on_dummy_time # Oracle does not have a TIME datatype. if ActiveRecord::ConnectionAdapters.const_defined? :OracleAdapter -- cgit v1.2.3