From d5cd97baa44fa66dc681041a213092b45c57c32f Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Fri, 4 Jan 2013 12:02:22 -0800
Subject: * Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
 * dealing with empty hashes. Thanks Damien Mathieu

---
 activerecord/test/cases/relation/where_test.rb | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'activerecord/test')

diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb
index b9eef1d32f..80158332f9 100644
--- a/activerecord/test/cases/relation/where_test.rb
+++ b/activerecord/test/cases/relation/where_test.rb
@@ -1,9 +1,11 @@
 require "cases/helper"
 require 'models/post'
+require 'models/comment'
+require 'models/edge'
 
 module ActiveRecord
   class WhereTest < ActiveRecord::TestCase
-    fixtures :posts
+    fixtures :posts, :edges
 
     def test_where_error
       assert_raises(ActiveRecord::StatementInvalid) do
@@ -21,5 +23,17 @@ module ActiveRecord
       post = Post.first
       assert_equal post, Post.where(:posts => { 'id' => post.id }).first
     end
+
+    def test_where_with_table_name_and_empty_hash
+      assert_equal 0, Post.where(:posts => {}).count
+    end
+
+    def test_where_with_table_name_and_empty_array
+      assert_equal 0, Post.where(:id => []).count
+    end
+
+    def test_where_with_empty_hash_and_no_foreign_key
+      assert_equal 0, Edge.where(:sink => {}).count
+    end
   end
 end
-- 
cgit v1.2.3