|
 |
346541d |
From 99f030934eb8341db333cb6783d0f42bfa57358f Mon Sep 17 00:00:00 2001
|
|
|
346541d |
From: Aaron Patterson <aaron.patterson@gmail.com>
|
|
|
346541d |
Date: Wed, 30 May 2012 15:06:12 -0700
|
|
|
346541d |
Subject: [PATCH] predicate builder should not recurse for determining where
|
|
|
346541d |
columns. Thanks to Ben Murphy for reporting this
|
|
|
346541d |
|
|
|
346541d |
CVE-2012-2661
|
|
|
346541d |
---
|
|
|
346541d |
.../lib/active_record/relation/predicate_builder.rb | 6 +++---
|
|
|
346541d |
activerecord/test/cases/relation/where_test.rb | 19 +++++++++++++++++++
|
|
|
346541d |
2 files changed, 22 insertions(+), 3 deletions(-)
|
|
|
346541d |
create mode 100644 activerecord/test/cases/relation/where_test.rb
|
|
|
346541d |
|
|
|
346541d |
diff --git a/activerecord/lib/active_record/relation/predicate_builder.rb b/activerecord/lib/active_record/relation/predicate_builder.rb
|
|
|
346541d |
index 505c3f4..84e88cf 100644
|
|
|
346541d |
--- a/activerecord/lib/active_record/relation/predicate_builder.rb
|
|
|
346541d |
+++ b/activerecord/lib/active_record/relation/predicate_builder.rb
|
|
|
346541d |
@@ -5,17 +5,17 @@ module ActiveRecord
|
|
|
346541d |
@engine = engine
|
|
|
346541d |
end
|
|
|
346541d |
|
|
|
346541d |
- def build_from_hash(attributes, default_table)
|
|
|
346541d |
+ def build_from_hash(attributes, default_table, check_column = true)
|
|
|
346541d |
predicates = attributes.map do |column, value|
|
|
|
346541d |
table = default_table
|
|
|
346541d |
|
|
|
346541d |
if value.is_a?(Hash)
|
|
|
346541d |
table = Arel::Table.new(column, :engine => @engine)
|
|
|
346541d |
- build_from_hash(value, table)
|
|
|
346541d |
+ build_from_hash(value, table, false)
|
|
|
346541d |
else
|
|
|
346541d |
column = column.to_s
|
|
|
346541d |
|
|
|
346541d |
- if column.include?('.')
|
|
|
346541d |
+ if check_column && column.include?('.')
|
|
|
346541d |
table_name, column = column.split('.', 2)
|
|
|
346541d |
table = Arel::Table.new(table_name, :engine => @engine)
|
|
|
346541d |
end
|
|
|
346541d |
diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb
|
|
|
346541d |
new file mode 100644
|
|
|
346541d |
index 0000000..90c690e
|
|
|
346541d |
--- /dev/null
|
|
|
346541d |
+++ b/activerecord/test/cases/relation/where_test.rb
|
|
|
346541d |
@@ -0,0 +1,19 @@
|
|
|
346541d |
+require "cases/helper"
|
|
|
346541d |
+require 'models/post'
|
|
|
346541d |
+
|
|
|
346541d |
+module ActiveRecord
|
|
|
346541d |
+ class WhereTest < ActiveRecord::TestCase
|
|
|
346541d |
+ fixtures :posts
|
|
|
346541d |
+
|
|
|
346541d |
+ def test_where_error
|
|
|
346541d |
+ assert_raises(ActiveRecord::StatementInvalid) do
|
|
|
346541d |
+ Post.where(:id => { 'posts.author_id' => 10 }).first
|
|
|
346541d |
+ end
|
|
|
346541d |
+ end
|
|
|
346541d |
+
|
|
|
346541d |
+ def test_where_with_table_name
|
|
|
346541d |
+ post = Post.first
|
|
|
346541d |
+ assert_equal post, Post.where(:posts => { 'id' => post.id }).first
|
|
|
346541d |
+ end
|
|
|
346541d |
+ end
|
|
|
346541d |
+end
|
|
|
346541d |
--
|
|
|
346541d |
1.7.10.2
|
|
|
346541d |
|