Merge branch '2-3-later' into 2-3-stable

* 2-3-later: adding test for CVE

Merge branch '2-3-later' into 2-3-stable
* 2-3-later: adding test for CVE
4d478857 · Aaron Patterson · 08d83a9b · f8a2ec2b · 4d478857
隐藏空白更改
内联并排

Showing with 12 addition and 0 deletion

activerecord/test/cases/base_test.rb activerecord/test/cases/base_test.rb +12 -0

未找到文件。
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -920,6 +920,18 @@ def test_mass_assignment_protection_against_class_attribute_writers
    end
  end

+  def test_firm_safe_assign
+    firm = Company.new
+
+    assert_raise(ActiveRecord::UnknownAttributeError) do
+      firm.attributes = { "rating=\n" => 5 }
+    end
+    assert_equal 1, firm.rating
+
+    firm.attributes = { "rating(1)\n" => 5 }
+    assert_equal 1, firm.rating
+  end
+
  def test_customized_primary_key_remains_protected
    subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
    assert_nil subscriber.id