Puts ActiveRecord::SessionStore attributes in white list, fixes #483

95b49895 · slainer68 · 8c05293b · 95b49895 · 95b49895
Showing with 8 addition and 0 deletion

activerecord/lib/active_record/session_store.rb activerecord/lib/active_record/session_store.rb +2 -0

activerecord/test/cases/session_store/session_test.rb activerecord/test/cases/session_store/session_test.rb +6 -0

未找到文件。
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -83,6 +83,8 @@ class Session < ActiveRecord::Base
      cattr_accessor :data_column_name
      self.data_column_name = 'data'
+      attr_accessible :session_id, :data, :marshaled_data
      before_save :marshal_data!
      before_save :raise_on_session_data_overflow!

--- a/activerecord/test/cases/session_store/session_test.rb
+++ b/activerecord/test/cases/session_store/session_test.rb
@@ -21,6 +21,12 @@ def test_table_name
        assert_equal 'sessions', Session.table_name
      end
+      def test_accessible_attributes
+        assert Session.accessible_attributes.include?(:session_id)
+        assert Session.accessible_attributes.include?(:data)
+        assert Session.accessible_attributes.include?(:marshaled_data)
+      end
      def test_create_table!
        assert !Session.table_exists?
        Session.create_table!