From f980289fd2c1b9073a94b5d49b780a49f5e2933c Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Tue, 5 Mar 2013 14:52:08 -0800 Subject: stop calling to_sym when building arel nodes [CVE-2013-1854] --- activerecord/test/cases/method_scoping_test.rb | 10 +++++----- activerecord/test/cases/relation_test.rb | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'activerecord/test') diff --git a/activerecord/test/cases/method_scoping_test.rb b/activerecord/test/cases/method_scoping_test.rb index 0ab4f30363..ac84306eae 100644 --- a/activerecord/test/cases/method_scoping_test.rb +++ b/activerecord/test/cases/method_scoping_test.rb @@ -212,14 +212,14 @@ class MethodScopingTest < ActiveRecord::TestCase table = VerySpecialComment.arel_table relation = VerySpecialComment.scoped relation.where_values << table[:id].not_eq(1) - assert_equal({:type => "VerySpecialComment"}, relation.send(:scope_for_create)) + assert_equal({'type' => "VerySpecialComment"}, relation.send(:scope_for_create)) end def test_scoped_create new_comment = nil VerySpecialComment.send(:with_scope, :create => { :post_id => 1 }) do - assert_equal({:post_id => 1, :type => 'VerySpecialComment' }, VerySpecialComment.scoped.send(:scope_for_create)) + assert_equal({'post_id' => 1, 'type' => 'VerySpecialComment' }, VerySpecialComment.scoped.send(:scope_for_create)) new_comment = VerySpecialComment.create :body => "Wonderful world" end @@ -228,7 +228,7 @@ class MethodScopingTest < ActiveRecord::TestCase def test_scoped_create_with_join_and_merge Comment.where(:body => "but Who's Buying?").joins(:post).merge(Post.where(:body => 'Peace Sells...')).with_scope do - assert_equal({:body => "but Who's Buying?"}, Comment.scoped.scope_for_create) + assert_equal({'body' => "but Who's Buying?"}, Comment.scoped.scope_for_create) end end @@ -441,7 +441,7 @@ class NestedScopingTest < ActiveRecord::TestCase comment = nil Comment.send(:with_scope, :create => { :post_id => 1}) do Comment.send(:with_scope, :create => { :post_id => 2}) do - assert_equal({:post_id => 2}, Comment.scoped.send(:scope_for_create)) + assert_equal({'post_id' => 2}, Comment.scoped.send(:scope_for_create)) comment = Comment.create :body => "Hey guys, nested scopes are broken. Please fix!" end end @@ -453,7 +453,7 @@ class NestedScopingTest < ActiveRecord::TestCase Comment.send(:with_scope, :create => { :body => "Hey guys, nested scopes are broken. Please fix!" }) do Comment.send(:with_exclusive_scope, :create => { :post_id => 1 }) do - assert_equal({:post_id => 1}, Comment.scoped.send(:scope_for_create)) + assert_equal({'post_id' => 1}, Comment.scoped.send(:scope_for_create)) assert_blank Comment.new.body comment = Comment.create :body => "Hey guys" end diff --git a/activerecord/test/cases/relation_test.rb b/activerecord/test/cases/relation_test.rb index 7a75a8436b..6efdeac3d9 100644 --- a/activerecord/test/cases/relation_test.rb +++ b/activerecord/test/cases/relation_test.rb @@ -71,7 +71,7 @@ module ActiveRecord def test_has_values relation = Relation.new Post, Post.arel_table relation.where_values << relation.table[:id].eq(10) - assert_equal({:id => 10}, relation.where_values_hash) + assert_equal({'id' => 10}, relation.where_values_hash) end def test_values_wrong_table @@ -101,7 +101,7 @@ module ActiveRecord def test_create_with_value relation = Relation.new Post, Post.arel_table - hash = { :hello => 'world' } + hash = { 'hello' => 'world' } relation.create_with_value = hash assert_equal hash, relation.scope_for_create end @@ -110,7 +110,7 @@ module ActiveRecord relation = Relation.new Post, Post.arel_table relation.where_values << relation.table[:id].eq(10) relation.create_with_value = {:hello => 'world'} - assert_equal({:hello => 'world', :id => 10}, relation.scope_for_create) + assert_equal({'hello' => 'world', 'id' => 10}, relation.scope_for_create) end # FIXME: is this really wanted or expected behavior? -- cgit v1.2.3