Contents

module ActiveRecord
  module CVE20130276
    module ClassMethods
      private
      # Suffixes a, ?, c become regexp /(a|\?|c)$/
      def rebuild_attribute_method_regexp
        suffixes = attribute_method_suffixes.map { |s| Regexp.escape(s) }
        @@attribute_method_regexp = /(#{suffixes.join('|')})\z/.freeze
      end
    end

    module Base
      def remove_attributes_protected_from_mass_assignment(attributes)
        if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
          attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
        elsif self.class.protected_attributes.nil?
          attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
        elsif self.class.accessible_attributes.nil?
          attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
        end
      end
    end
  end
end
ActiveRecord::Base.extend(        ActiveRecord::CVE20130276::ClassMethods)
ActiveRecord::Base.send(:include, ActiveRecord::CVE20130276::Base)

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
rails-security-backports-0.0.3	lib/rails-security-backports/rails-cve-backports/cve-2013-0276.rb
rails-security-backports-0.0.2	lib/rails-security-backports/rails-cve-backports/cve-2013-0276.rb
rails-security-backports-0.0.1	lib/rails-security-backports/rails-cve-backports/cve-2013-0276.rb