From 325669f0795a9148fd31f7f496a40dc8e114ef52 Mon Sep 17 00:00:00 2001 From: Aaron Patterson <aaron.patterson@gmail.com> Date: Sun, 23 Dec 2012 11:07:07 -0800 Subject: [PATCH] CVE-2012-5664 options hashes should only be extracted if there are extra parameters --- activerecord/lib/active_record/dynamic_matchers.rb | 7 ++++++- activerecord/test/cases/finder_test.rb | 12 ++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/activerecord/lib/active_record/dynamic_matchers.rb b/activerecord/lib/active_record/dynamic_matchers.rb index b6b8e24..f15d0b7 100644 --- a/activerecord/lib/active_record/dynamic_matchers.rb +++ b/activerecord/lib/active_record/dynamic_matchers.rb @@ -40,7 +40,12 @@ module ActiveRecord METHOD send(method_id, *arguments) elsif match.finder? - options = arguments.extract_options! + options = if arguments.length > attribute_names.size + arguments.extract_options! + else + {} + end + relation = options.any? ? scoped(options) : scoped relation.send :find_by_attributes, match, attribute_names, *arguments, &block elsif match.instantiator? -- 1.7.10.2 (Apple Git-33)