From 44406d1e77061ce22effaae4698918c1f9f6271a Mon Sep 17 00:00:00 2001
From: Yves Senn <yves.senn@gmail.com>
Date: Tue, 5 Nov 2013 17:29:52 +0100
Subject: store enum mapping using `Strings` instead of `Symbols`.

This allows to assign both `String` and `Symbol` values to the enum
without having to call `to_sym`, which is a security problem.
---
 activerecord/lib/active_record/enum.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'activerecord/lib/active_record')

diff --git a/activerecord/lib/active_record/enum.rb b/activerecord/lib/active_record/enum.rb
index 6bfdf75a2d..a70638f3df 100644
--- a/activerecord/lib/active_record/enum.rb
+++ b/activerecord/lib/active_record/enum.rb
@@ -43,6 +43,7 @@ module ActiveRecord
         _enum_methods_module.module_eval do
           # def direction=(value) self[:direction] = DIRECTION[value] end
           define_method("#{name}=") { |value|
+            value = value.to_s
             unless enum_values.has_key?(value)
               raise ArgumentError, "'#{value}' is not a valid #{name}"
             end
@@ -54,7 +55,7 @@ module ActiveRecord
 
           pairs = values.respond_to?(:each_pair) ? values.each_pair : values.each_with_index
           pairs.each do |value, i|
-            enum_values[value] = i
+            enum_values[value.to_s] = i
 
             # scope :incoming, -> { where direction: 0 }
             klass.scope value, -> { klass.where name => i }
-- 
cgit v1.2.3