kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Regex fix for mattr_accessor validation

Browse source 
Change ^ and $ operators to \A and \z to prevent
code injection after the line breaks
This commit is contained in:
Aliaksandr Buhayeu 2015-06-17 14:58:36 +03:00
parent f78650d56e
commit 3005c25a36
2 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
activesupport/lib/active_support/core_ext/module/attribute_accessors.rb
View file

@ -53,7 +53,7 @@ class Module
def mattr_reader(*syms)
options = syms.extract_options!
syms.each do |sym|
raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /^[_A-Za-z]\w*$/
raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /\A[_A-Za-z]\w*\z/
class_eval(<<-EOS, __FILE__, __LINE__ + 1)
@@#{sym} = nil unless defined? @@#{sym}
@ -119,7 +119,7 @@ class Module
def mattr_writer(*syms)
options = syms.extract_options!
syms.each do |sym|
raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /^[_A-Za-z]\w*$/
raise NameError.new("invalid attribute name: #{sym}") unless sym =~ /\A[_A-Za-z]\w*\z/
class_eval(<<-EOS, __FILE__, __LINE__ + 1)
@@#{sym} = nil unless defined? @@#{sym}

14
activesupport/test/core_ext/module/attribute_accessor_test.rb
View file

@ -69,6 +69,20 @@ class ModuleAttributeAccessorTest < ActiveSupport::TestCase
end
end
assert_equal "invalid attribute name: 1nvalid", exception.message
exception = assert_raises NameError do
Class.new do
mattr_reader "valid_part\ninvalid_part"
end
end
assert_equal "invalid attribute name: valid_part\ninvalid_part", exception.message
exception = assert_raises NameError do
Class.new do
mattr_writer "valid_part\ninvalid_part"
end
end
assert_equal "invalid attribute name: valid_part\ninvalid_part", exception.message
end
def test_should_use_default_value_if_block_passed