kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Fix #5069 - Protect foreign key from mass assignment throught association builder

Browse source
This commit is contained in:
Jean Boussier 2012-03-04 14:20:13 +01:00 committed by Aaron Patterson
parent c5a47b3207
commit c97a166691
3 changed files with 40 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
activerecord/lib/active_record/associations/association.rb
View file

@ -232,7 +232,8 @@ module ActiveRecord
def build_record(attributes, options)
reflection.build_association(attributes, options) do |record|
record.assign_attributes(create_scope.except(*record.changed), :without_protection => true)
attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
record.assign_attributes(attributes, :without_protection => true)
end
end
end

22
activerecord/test/cases/associations/has_many_associations_test.rb
View file

@ -130,6 +130,28 @@ class HasManyAssociationsTest < ActiveRecord::TestCase
assert_equal car.id, bulb.car_id
end
def test_association_protect_foreign_key
invoice = Invoice.create
line_item = invoice.line_items.new
assert_equal invoice.id, line_item.invoice_id
line_item = invoice.line_items.new :invoice_id => invoice.id + 1
assert_equal invoice.id, line_item.invoice_id
line_item = invoice.line_items.build
assert_equal invoice.id, line_item.invoice_id
line_item = invoice.line_items.build :invoice_id => invoice.id + 1
assert_equal invoice.id, line_item.invoice_id
line_item = invoice.line_items.create
assert_equal invoice.id, line_item.invoice_id
line_item = invoice.line_items.create :invoice_id => invoice.id + 1
assert_equal invoice.id, line_item.invoice_id
end
def test_association_conditions_bypass_attribute_protection
car = Car.create(:name => 'honda')

16
activerecord/test/cases/associations/has_one_associations_test.rb
View file

@ -448,6 +448,22 @@ class HasOneAssociationsTest < ActiveRecord::TestCase
assert_equal car.id, bulb.car_id
end
def test_association_protect_foreign_key
pirate = Pirate.create!(:catchphrase => "Don' botharrr talkin' like one, savvy?")
ship = pirate.build_ship
assert_equal pirate.id, ship.pirate_id
ship = pirate.build_ship :pirate_id => pirate.id + 1
assert_equal pirate.id, ship.pirate_id
ship = pirate.create_ship
assert_equal pirate.id, ship.pirate_id
ship = pirate.create_ship :pirate_id => pirate.id + 1
assert_equal pirate.id, ship.pirate_id
end
def test_association_conditions_bypass_attribute_protection
car = Car.create(:name => 'honda')