From 3005c25a36bcf30e08940a6cd0414752b35ba971 Mon Sep 17 00:00:00 2001
From: Aliaksandr Buhayeu <aliaksandr.buhayeu@gmail.com>
Date: Wed, 17 Jun 2015 14:58:36 +0300
Subject: Regex fix for mattr_accessor validation

Change ^ and $ operators to \A and \z to prevent
code injection after the line breaks
---
 .../test/core_ext/module/attribute_accessor_test.rb        | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'activesupport/test/core_ext/module/attribute_accessor_test.rb')

diff --git a/activesupport/test/core_ext/module/attribute_accessor_test.rb b/activesupport/test/core_ext/module/attribute_accessor_test.rb
index 128c5e3d1a..0b0f3a2808 100644
--- a/activesupport/test/core_ext/module/attribute_accessor_test.rb
+++ b/activesupport/test/core_ext/module/attribute_accessor_test.rb
@@ -69,6 +69,20 @@ class ModuleAttributeAccessorTest < ActiveSupport::TestCase
       end
     end
     assert_equal "invalid attribute name: 1nvalid", exception.message
+
+    exception = assert_raises NameError do
+      Class.new do
+        mattr_reader "valid_part\ninvalid_part"
+      end
+    end
+    assert_equal "invalid attribute name: valid_part\ninvalid_part", exception.message
+
+    exception = assert_raises NameError do
+      Class.new do
+        mattr_writer "valid_part\ninvalid_part"
+      end
+    end
+    assert_equal "invalid attribute name: valid_part\ninvalid_part", exception.message
   end
 
   def test_should_use_default_value_if_block_passed
-- 
cgit v1.2.3