Package: rails / 2.3.5-1.2+squeeze8

CVE-2013-1854.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -2268,7 +2268,7 @@ module ActiveRecord #:nodoc:
         def expand_hash_conditions_for_aggregates(attrs)
           expanded_attrs = {}
           attrs.each do |attr, value|
-            unless (aggregation = reflect_on_aggregation(attr.to_sym)).nil?
+            unless (aggregation = reflect_on_aggregation(attr)).nil?
               mapping = aggregate_mapping(aggregation)
               mapping.each do |field_attr, aggregate_attr|
                 if mapping.size == 1 && !value.respond_to?(aggregate_attr)
--- a/activerecord/lib/active_record/reflection.rb
+++ b/activerecord/lib/active_record/reflection.rb
@@ -18,7 +18,7 @@ module ActiveRecord
           when :composed_of
             reflection = AggregateReflection.new(macro, name, options, active_record)
         end
-        write_inheritable_hash :reflections, name => reflection
+        write_inheritable_hiwa :reflections, name => reflection
         reflection
       end
 
--- a/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
+++ b/activesupport/lib/active_support/core_ext/class/inheritable_attributes.rb
@@ -109,6 +109,11 @@ class Class # :nodoc:
     write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
   end
 
+  def write_inheritable_hiwa(key, hash)
+    write_inheritable_attribute(key, {}.with_indifferent_access) if read_inheritable_attribute(key).nil?
+    write_inheritable_attribute(key, read_inheritable_attribute(key).merge(hash))
+  end
+
   def read_inheritable_attribute(key)
     inheritable_attributes[key]
   end