Last active
December 12, 2015 10:09
-
-
Save bjhess/4756766 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .../lib/active_record/attribute_methods/write.rb | 9 ++++++++- | |
| activerecord/test/cases/base_test.rb | 6 ++++++ | |
| 2 files changed, 14 insertions(+), 1 deletion(-) | |
| diff --git a/activerecord/lib/active_record/attribute_methods/write.rb b/activerecord/lib/active_record/attribute_methods/write.rb | |
| index 3c4dab3..4684c4b 100644 | |
| --- a/activerecord/lib/active_record/attribute_methods/write.rb | |
| +++ b/activerecord/lib/active_record/attribute_methods/write.rb | |
| @@ -10,7 +10,14 @@ module ActiveRecord | |
| module ClassMethods | |
| protected | |
| def define_method_attribute=(attr_name) | |
| - if attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/ | |
| + if self.serialized_attributes[attr_name] | |
| + generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value| | |
| + if new_value.is_a?(String) and new_value =~ /^---/ | |
| + raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues." | |
| + end | |
| + write_attribute(attr_name, new_value) | |
| + end | |
| + elsif attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/ | |
| generated_attribute_methods.module_eval("def #{attr_name}=(new_value); write_attribute('#{attr_name}', new_value); end", __FILE__, __LINE__) | |
| else | |
| generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value| | |
| diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb | |
| index 0894c7d..eb39c10 100644 | |
| --- a/activerecord/test/cases/base_test.rb | |
| +++ b/activerecord/test/cases/base_test.rb | |
| @@ -1040,6 +1040,12 @@ class BasicsTest < ActiveRecord::TestCase | |
| assert_nil topic.content | |
| end | |
| + def test_should_raise_exception_on_assigning_already_serialized_content | |
| + topic = Topic.new | |
| + serialized_content = %w[foo bar].to_yaml | |
| + assert_raise(ActiveRecord::ActiveRecordError) { topic.content = serialized_content } | |
| + end | |
| + | |
| def test_should_raise_exception_on_serialized_attribute_with_type_mismatch | |
| myobj = MyObject.new('value1', 'value2') | |
| topic = Topic.new(:content => myobj) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment