From 13b1b381de048e00f06fbab410d9d3ecc26460b9 Mon Sep 17 00:00:00 2001
From: Tobias Kraze <tobias@kraze.eu>
Date: Fri, 8 Feb 2013 12:52:10 +0100
Subject: [PATCH] fix serialization vulnerability
---
.../lib/active_record/attribute_methods/write.rb | 9 ++++++++-
activerecord/test/cases/base_test.rb | 6 ++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/activerecord/lib/active_record/attribute_methods/write.rb b/activerecord/lib/active_record/attribute_methods/write.rb
index 3c4dab3..4684c4b 100644
--- a/activerecord/lib/active_record/attribute_methods/write.rb
+++ b/activerecord/lib/active_record/attribute_methods/write.rb
@@ -10,7 +10,14 @@ module ActiveRecord
module ClassMethods
protected
def define_method_attribute=(attr_name)
- if attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
+ if self.serialized_attributes[attr_name]
+ generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
+ if new_value.is_a?(String) and new_value =~ /^---/
+ raise ActiveRecordError, "You tried to assign already serialized content to #{attr_name}. This is disabled due to security issues."
+ end
+ write_attribute(attr_name, new_value)
+ end
+ elsif attr_name =~ /^[a-zA-Z_]\w*[!?=]?$/
generated_attribute_methods.module_eval("def #{attr_name}=(new_value); write_attribute('#{attr_name}', new_value); end", __FILE__, __LINE__)
else
generated_attribute_methods.send(:define_method, "#{attr_name}=") do |new_value|
--
1.7.9.5
distrib
>
Fedora
>
17
>
i386
>
media
>
updates-src
>
by-pkgid
>
159ba94d8f0826af9300ab18d2a9ef3e
>
files
>
11
