|
 |
5e1e531 |
From 5aa44e2ffacf85e6efc0e8eb706bc1a3b6492aec Mon Sep 17 00:00:00 2001
|
|
|
5e1e531 |
From: Andrew White <andyw@pixeltrix.co.uk>
|
|
|
5e1e531 |
Date: Fri, 27 Nov 2015 13:46:46 +0000
|
|
|
5e1e531 |
Subject: [PATCH] Don't short-circuit reject_if proc
|
|
|
5e1e531 |
|
|
|
5e1e531 |
When updating an associated record via nested attribute hashes the
|
|
|
5e1e531 |
reject_if proc could be bypassed if the _destroy flag was set in the
|
|
|
5e1e531 |
attribute hash and allow_destroy was set to false.
|
|
|
5e1e531 |
|
|
|
5e1e531 |
The fix is to only short-circuit if the _destroy flag is set and the
|
|
|
5e1e531 |
option allow_destroy is set to true. It also fixes an issue where
|
|
|
5e1e531 |
a new record wasn't created if _destroy was set and the option
|
|
|
5e1e531 |
allow_destroy was set to false.
|
|
|
5e1e531 |
|
|
|
5e1e531 |
CVE-2015-7577
|
|
|
5e1e531 |
---
|
|
|
5e1e531 |
activerecord/lib/active_record/nested_attributes.rb | 14 ++++++++++++--
|
|
|
5e1e531 |
1 files changed, 12 insertions(+), 2 deletions(-)
|
|
|
5e1e531 |
|
|
|
5e1e531 |
diff --git a/activerecord/lib/active_record/nested_attributes.rb b/activerecord/lib/active_record/nested_attributes.rb
|
|
|
5e1e531 |
index 04b6182..a8ee082 100644
|
|
|
5e1e531 |
--- a/activerecord/lib/active_record/nested_attributes.rb
|
|
|
5e1e531 |
+++ b/activerecord/lib/active_record/nested_attributes.rb
|
|
|
5e1e531 |
@@ -523,7 +523,7 @@ module ActiveRecord
|
|
|
5e1e531 |
# has_destroy_flag? or if a <tt>:reject_if</tt> proc exists for this
|
|
|
5e1e531 |
# association and evaluates to +true+.
|
|
|
5e1e531 |
def reject_new_record?(association_name, attributes)
|
|
|
5e1e531 |
- has_destroy_flag?(attributes) || call_reject_if(association_name, attributes)
|
|
|
5e1e531 |
+ will_be_destroyed?(association_name, attributes) || call_reject_if(association_name, attributes)
|
|
|
5e1e531 |
end
|
|
|
5e1e531 |
|
|
|
5e1e531 |
# Determines if a record with the particular +attributes+ should be
|
|
|
5e1e531 |
@@ -532,7 +532,8 @@ module ActiveRecord
|
|
|
5e1e531 |
#
|
|
|
5e1e531 |
# Returns false if there is a +destroy_flag+ on the attributes.
|
|
|
5e1e531 |
def call_reject_if(association_name, attributes)
|
|
|
5e1e531 |
- return false if has_destroy_flag?(attributes)
|
|
|
5e1e531 |
+ return false if will_be_destroyed?(association_name, attributes)
|
|
|
5e1e531 |
+
|
|
|
5e1e531 |
case callback = self.nested_attributes_options[association_name][:reject_if]
|
|
|
5e1e531 |
when Symbol
|
|
|
5e1e531 |
method(callback).arity == 0 ? send(callback) : send(callback, attributes)
|
|
|
5e1e531 |
@@ -541,6 +542,15 @@ module ActiveRecord
|
|
|
5e1e531 |
end
|
|
|
5e1e531 |
end
|
|
|
5e1e531 |
|
|
|
5e1e531 |
+ # Only take into account the destroy flag if <tt>:allow_destroy</tt> is true
|
|
|
5e1e531 |
+ def will_be_destroyed?(association_name, attributes)
|
|
|
5e1e531 |
+ allow_destroy?(association_name) && has_destroy_flag?(attributes)
|
|
|
5e1e531 |
+ end
|
|
|
5e1e531 |
+
|
|
|
5e1e531 |
+ def allow_destroy?(association_name)
|
|
|
5e1e531 |
+ self.nested_attributes_options[association_name][:allow_destroy]
|
|
|
5e1e531 |
+ end
|
|
|
5e1e531 |
+
|
|
|
5e1e531 |
def raise_nested_attributes_record_not_found!(association_name, record_id)
|
|
|
5e1e531 |
raise RecordNotFound, "Couldn't find #{self.class._reflect_on_association(association_name).klass.name} with ID=#{record_id} for #{self.class.name} with ID=#{id}"
|
|
|
5e1e531 |
end
|
|
|
5e1e531 |
--
|
|
|
5e1e531 |
2.4.9 (Apple Git-60)
|