From 1f2192e46d78ee0ba2b06373f2c24caf8440ff5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Thu, 5 Jun 2014 12:34:07 -0300
Subject: Check against bit string values using multiline regexp

Fix CVE-2014-3482.
---
 activerecord/test/cases/adapters/postgresql/quoting_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'activerecord/test/cases')

diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 172055f15c..cfdf16d48d 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
           assert_equal 'f', @conn.type_cast(false, nil)
           assert_equal 'f', @conn.type_cast(false, c)
         end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end
-- 
cgit v1.2.3