From 9ebe582830fd0386e09a917d81eb6cff494cd590 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Fri, 15 Oct 2010 10:25:49 +1300 Subject: Revert 0c0b0aa0f223523331afdc157fb3992a121bf497 which introduced a security vulnerability. This addresses CVE-2010-3933 Conflicts: activerecord/lib/active_record/nested_attributes.rb --- activerecord/test/cases/nested_attributes_test.rb | 26 +++++++++++------------ 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'activerecord/test/cases') diff --git a/activerecord/test/cases/nested_attributes_test.rb b/activerecord/test/cases/nested_attributes_test.rb index 8382ca048b..60f89da95e 100644 --- a/activerecord/test/cases/nested_attributes_test.rb +++ b/activerecord/test/cases/nested_attributes_test.rb @@ -203,6 +203,12 @@ class TestNestedAttributesOnAHasOneAssociation < ActiveRecord::TestCase assert_equal 'Davy Jones Gold Dagger', @pirate.ship.name end + def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record + assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find Ship with ID=1234567890 for Pirate with ID=#{@pirate.id}" do + @pirate.ship_attributes = { :id => 1234567890 } + end + end + def test_should_take_a_hash_with_string_keys_and_update_the_associated_model @pirate.reload.ship_attributes = { 'id' => @ship.id, 'name' => 'Davy Jones Gold Dagger' } @@ -382,13 +388,10 @@ class TestNestedAttributesOnABelongsToAssociation < ActiveRecord::TestCase assert_equal 'Arr', @ship.pirate.catchphrase end - def test_should_associate_with_record_if_parent_record_is_not_saved - @ship.destroy - @pirate = Pirate.create(:catchphrase => 'Arr') - @ship = Ship.new(:name => 'Nights Dirty Lightning', :pirate_attributes => { :id => @pirate.id, :catchphrase => @pirate.catchphrase}) - - assert_equal @ship.name, 'Nights Dirty Lightning' - assert_equal @pirate, @ship.pirate + def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record + assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find Pirate with ID=1234567890 for Ship with ID=#{@ship.id}" do + @ship.pirate_attributes = { :id => 1234567890 } + end end def test_should_take_a_hash_with_string_keys_and_update_the_associated_model @@ -518,11 +521,6 @@ module NestedAttributesOnACollectionAssociationTests assert_equal ['Grace OMalley', 'Privateers Greed'], [@child_1.reload.name, @child_2.reload.name] end - def test_should_assign_existing_children_if_parent_is_new - @pirate = Pirate.new({:catchphrase => "Don' botharr talkin' like one, savvy?"}.merge(@alternate_params)) - assert_equal ['Grace OMalley', 'Privateers Greed'], [@pirate.send(@association_name)[0].name, @pirate.send(@association_name)[1].name] - end - def test_should_also_work_with_a_HashWithIndifferentAccess @pirate.send(association_setter, HashWithIndifferentAccess.new('foo' => HashWithIndifferentAccess.new(:id => @child_1.id, :name => 'Grace OMalley'))) @pirate.save @@ -586,8 +584,8 @@ module NestedAttributesOnACollectionAssociationTests assert_equal ['Grace OMalley', 'Privateers Greed'], [@child_1.name, @child_2.name] end - def test_should_not_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record - assert_nothing_raised ActiveRecord::RecordNotFound do + def test_should_raise_RecordNotFound_if_an_id_is_given_but_doesnt_return_a_record + assert_raise_with_message ActiveRecord::RecordNotFound, "Couldn't find #{@child_1.class.name} with ID=1234567890 for Pirate with ID=#{@pirate.id}" do @pirate.attributes = { association_getter => [{ :id => 1234567890 }] } end end -- cgit v1.2.3 From 69789c3b29b9ee0b89928f4211060f470d0e0c44 Mon Sep 17 00:00:00 2001 From: Carl Lerche Date: Thu, 14 Oct 2010 21:27:40 -0700 Subject: #transaction on the instance level should take options as well --- activerecord/test/cases/transactions_test.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'activerecord/test/cases') diff --git a/activerecord/test/cases/transactions_test.rb b/activerecord/test/cases/transactions_test.rb index 8385286fd0..44af54b143 100644 --- a/activerecord/test/cases/transactions_test.rb +++ b/activerecord/test/cases/transactions_test.rb @@ -263,6 +263,27 @@ class TransactionTest < ActiveRecord::TestCase assert !@second.reload.approved? end if Topic.connection.supports_savepoints? + def test_force_savepoint_on_instance + @first.transaction do + @first.approved = true + @second.approved = false + @first.save! + @second.save! + + begin + @second.transaction :requires_new => true do + @first.happy = false + @first.save! + raise + end + rescue + end + end + + assert @first.reload.approved? + assert !@second.reload.approved? + end if Topic.connection.supports_savepoints? + def test_no_savepoint_in_nested_transaction_without_force Topic.transaction do @first.approved = true -- cgit v1.2.3 From 552636c65240c7104054d0a4ef63cde9622d838d Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Fri, 15 Oct 2010 15:46:13 -0700 Subject: testing that symbols work as sql literals --- activerecord/test/cases/base_test.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'activerecord/test/cases') diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index 16fd9a7465..d9c7aa16c1 100644 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -48,6 +48,11 @@ class Boolean < ActiveRecord::Base; end class BasicsTest < ActiveRecord::TestCase fixtures :topics, :companies, :developers, :projects, :computers, :accounts, :minimalistics, 'warehouse-things', :authors, :categorizations, :categories, :posts + def test_select_symbol + topic_ids = Topic.select(:id).map(&:id).sort + assert_equal Topic.find(:all).map(&:id), topic_ids + end + def test_table_exists assert !NonExistentTable.table_exists? assert Topic.table_exists? -- cgit v1.2.3 From dc76e3c38f8c58c492fa69ccaca43a9499f95588 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Fri, 15 Oct 2010 15:47:09 -0700 Subject: should sort these ids before asserting they are equal! --- activerecord/test/cases/base_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'activerecord/test/cases') diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index d9c7aa16c1..8acee9ac71 100644 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -50,7 +50,7 @@ class BasicsTest < ActiveRecord::TestCase def test_select_symbol topic_ids = Topic.select(:id).map(&:id).sort - assert_equal Topic.find(:all).map(&:id), topic_ids + assert_equal Topic.find(:all).map(&:id).sort, topic_ids end def test_table_exists -- cgit v1.2.3