kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
62840 commits 72 branches 493 tags 355 MiB
Commit graph

9 commits

Author SHA1 Message Date
Akira Matsuda
cdb9d7f481 Privatize unneededly protected methods in Active Model 2016-12-24 12:18:16 +09:00
Guo Xiang Tan
7d0b1e4847 Fix AC::Parameters not being sanitized for query methods. 2015-10-02 16:26:16 +08:00
Rafael Mendonça França
306dc1a499 Check attributes passed to create_with and where 
If the request parameters are passed to create_with and where they can
be used to do mass assignment when used in combination with
Relation#create.

Fixes CVE-2014-3514

Conflicts:
	activerecord/lib/active_record/relation/query_methods.rb
 2014-08-18 14:07:37 -03:00
Aaron Patterson
72f5085404 rm dead code 2012-11-09 10:31:23 +09:00
Francesco Rodriguez
6783c3f449 change AMo::ForbiddenAttributesProtection#sanitize_for_mass_assignment to protected 2012-09-20 12:18:59 -05:00
Francesco Rodriguez
1e56f1f14c update AMo::ForbiddenAttributesError documentation [ci skip] 2012-09-20 12:18:59 -05:00
Guillermo Iguaran
1fa4f9243d Rename ForbiddenAttributes exception to ForbiddenAttributesError 2012-09-16 23:58:21 -05:00
Guillermo Iguaran
f8c9a4d3e8 Remove MassAssignmentSecurity from ActiveModel 
This will be moved out to protected_attributes gem
 2012-09-16 23:58:19 -05:00
Guillermo Iguaran
a8f6d5c645 Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gem 2012-09-16 23:58:19 -05:00