From 108db00aa90fe266564483ab301cf0669cae600f Mon Sep 17 00:00:00 2001
From: Pratik Naik <pratiknaik@gmail.com>
Date: Thu, 31 Jul 2008 15:56:46 +0100
Subject: Raise UnknownAttributeError when unknown attributes are supplied via
 mass assignment

---
 activerecord/lib/active_record/base.rb | 10 +++++++++-
 activerecord/test/cases/base_test.rb   |  8 ++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

(limited to 'activerecord')

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 9cb64223e2..29c2995334 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -122,6 +122,10 @@ module ActiveRecord #:nodoc:
   class MissingAttributeError < NoMethodError
   end
 
+  # Raised when unknown attributes are supplied via mass assignment.
+  class UnknownAttributeError < NoMethodError
+  end
+
   # Raised when an error occurred while doing a mass assignment to an attribute through the
   # <tt>attributes=</tt> method. The exception has an +attribute+ property that is the name of the
   # offending attribute.
@@ -2400,7 +2404,11 @@ module ActiveRecord #:nodoc:
         attributes = remove_attributes_protected_from_mass_assignment(attributes) if guard_protected_attributes
 
         attributes.each do |k, v|
-          k.include?("(") ? multi_parameter_attributes << [ k, v ] : send(k + "=", v)
+          if k.include?("(")
+            multi_parameter_attributes << [ k, v ]
+          else
+            respond_to?(:"#{k}=") ? send(:"#{k}=", v) : raise(UnknownAttributeError, "unknown attribute: #{k}")
+          end
         end
 
         assign_multiparameter_attributes(multi_parameter_attributes)
diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
index 9e4f268db7..e6d1b5ddfd 100755
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -904,6 +904,14 @@ class BasicsTest < ActiveRecord::TestCase
     assert_nil keyboard.id
   end
 
+  def test_mass_assigning_invalid_attribute
+    firm = Firm.new
+
+    assert_raises(ActiveRecord::UnknownAttributeError) do
+      firm.attributes = { "id" => 5, "type" => "Client", "i_dont_even_exist" => 20 }
+    end
+  end
+
   def test_mass_assignment_protection_on_defaults
     firm = Firm.new
     firm.attributes = { "id" => 5, "type" => "Client" }
-- 
cgit v1.2.3