From 44930b2def7fe9a6f3bc199bb3cd86c35ffbaba3 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Sun, 23 Dec 2012 11:07:07 -0800
Subject: CVE-2012-5664 options hashes should only be extracted if there are
 extra parameters

Conflicts:
	activerecord/lib/active_record/dynamic_matchers.rb
---
 activerecord/test/cases/finder_test.rb | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'activerecord/test/cases')

diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb
index 7db7953313..a9fa107749 100644
--- a/activerecord/test/cases/finder_test.rb
+++ b/activerecord/test/cases/finder_test.rb
@@ -15,6 +15,18 @@ require 'models/toy'
 class FinderTest < ActiveRecord::TestCase
   fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :customers, :categories, :categorizations
 
+  def test_find_by_id_with_hash
+    assert_raises(ActiveRecord::StatementInvalid) do
+      Post.find_by_id(:limit => 1)
+    end
+  end
+
+  def test_find_by_title_and_id_with_hash
+    assert_raises(ActiveRecord::StatementInvalid) do
+      Post.find_by_title_and_id('foo', :limit => 1)
+    end
+  end
+
   def test_find
     assert_equal(topics(:first).title, Topic.find(1).title)
   end
-- 
cgit v1.2.3