Merge pull request #484 from slainer68/master

Puts ActiveRecord::SessionStore attributes in white list, fixes #483
2026-04-26 03:00:59 -04:00 · 2011-05-10 07:23:26 -07:00
parent 8c05293b69 95b4989559
commit fa8b0f44bd
2 changed files with 8 additions and 0 deletions
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -83,6 +83,8 @@ module ActiveRecord
      cattr_accessor :data_column_name
      self.data_column_name = 'data'

+      attr_accessible :session_id, :data, :marshaled_data
+
      before_save :marshal_data!
      before_save :raise_on_session_data_overflow!

--- a/activerecord/test/cases/session_store/session_test.rb
+++ b/activerecord/test/cases/session_store/session_test.rb
@@ -21,6 +21,12 @@ module ActiveRecord
        assert_equal 'sessions', Session.table_name
      end

+      def test_accessible_attributes
+        assert Session.accessible_attributes.include?(:session_id)
+        assert Session.accessible_attributes.include?(:data)
+        assert Session.accessible_attributes.include?(:marshaled_data)
+      end
+
      def test_create_table!
        assert !Session.table_exists?
        Session.create_table!