From d99e8c9e1618f509bb35f052d4bd0d1848bce771 Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Fri, 4 Jan 2013 12:02:22 -0800
Subject: * Strip nils from collections on JSON and XML posts. [CVE-2013-0155]
 * dealing with empty hashes. Thanks Damien Mathieu

Conflicts:
	actionpack/CHANGELOG.md
	actionpack/lib/action_dispatch/http/request.rb
	actionpack/lib/action_dispatch/middleware/params_parser.rb
	activerecord/CHANGELOG.md
	activerecord/lib/active_record/relation/predicate_builder.rb
	activerecord/test/cases/relation/where_test.rb
---
 activerecord/test/cases/relation/where_test.rb | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'activerecord/test')

diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb
index 297e865308..d1c3690478 100644
--- a/activerecord/test/cases/relation/where_test.rb
+++ b/activerecord/test/cases/relation/where_test.rb
@@ -90,6 +90,12 @@ module ActiveRecord
       [[], {}, nil, ""].each do |blank|
         assert_equal 4, Edge.where(blank).order("sink_id").to_a.size
       end
+    def test_where_with_table_name_and_empty_array
+      assert_equal 0, Post.where(:id => []).count
+    end
+
+    def test_where_with_empty_hash_and_no_foreign_key
+      assert_equal 0, Edge.where(:sink => {}).count
     end
   end
 end
-- 
cgit v1.2.3