bjhess · December 12, 2015 10:09
diff --git a/CVE-2013-0276_Rails-3_0.diff b/CVE-2013-0276_Rails-3_0.diff
 Fixes: CVE-2013-0276

 Conflicts:
  activemodel/lib/active_model/attribute_methods.rb
 	activerecord/test/cases/mass_assignment_security_test.rb
 ---
 activemodel/lib/active_model/attribute_methods.rb                       | 2 +-
 activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

 diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/attribute_methods.rb
 index ba1b3ba..af6d27c 100644
 --- a/activemodel/lib/active_model/attribute_methods.rb
 +++ b/activemodel/lib/active_model/attribute_methods.rb
 @@ -347,7 +347,7 @@ module ActiveModel
           def initialize(options = {})
             options.symbolize_keys!
             @prefix, @suffix = options[:prefix] || '', options[:suffix] || ''
 -            @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/
 +            @regex = /\A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})\z/
           end
 
           def match(method_name)
 diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
 index 9fcb94d..7c7e5df 100644
 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
 +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
 @@ -17,7 +17,7 @@ module ActiveModel
     protected
 
       def remove_multiparameter_id(key)
 -        key.to_s.gsub(/\(.+/, '')
 +        key.to_s.gsub(/\(.+/m, '')
       end
     end
 
 --
	Fixes: CVE-2013-0276

	Conflicts:
	activemodel/lib/active_model/attribute_methods.rb
	activerecord/test/cases/mass_assignment_security_test.rb
	---
	activemodel/lib/active_model/attribute_methods.rb \| 2 +-
	activemodel/lib/active_model/mass_assignment_security/permission_set.rb \| 2 +-
	2 files changed, 2 insertions(+), 2 deletions(-)

	diff --git a/activemodel/lib/active_model/attribute_methods.rb b/activemodel/lib/active_model/attribute_methods.rb
	index ba1b3ba..af6d27c 100644
	--- a/activemodel/lib/active_model/attribute_methods.rb
	+++ b/activemodel/lib/active_model/attribute_methods.rb
	@@ -347,7 +347,7 @@ module ActiveModel
	def initialize(options = {})
	options.symbolize_keys!
	@prefix, @suffix = options[:prefix] \|\| '', options[:suffix] \|\| ''
	- @regex = /^(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})$/
	+ @regex = /\A(#{Regexp.escape(@prefix)})(.+?)(#{Regexp.escape(@suffix)})\z/
	end

	def match(method_name)
	diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
	index 9fcb94d..7c7e5df 100644
	--- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
	+++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
	@@ -17,7 +17,7 @@ module ActiveModel
	protected

	def remove_multiparameter_id(key)
	- key.to_s.gsub(/\(.+/, '')
	+ key.to_s.gsub(/\(.+/m, '')
	end
	end

	--