Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #9294 (new defect)

Opened 9 months ago

Last modified 6 months ago

[PATCH] Field named 'open' in a model causes a crash when calling 'to_xml'

Reported by: drudru Assigned to: core
Priority: high Milestone: 1.2.7
Component: ActiveRecord Version: edge
Severity: major Keywords:
Cc:

Description

Create a model for a table that has a field named 'open'. Save and instance of that model to the database (create a record). Go into script/console and retrieve that record. Call the 'to_xml' method on that instance. You will get a crash in the XMLBuilder class.

I've checked this in a few of my other projects.

Attachments

to_xml_attribute_names_conflict.diff (5.5 kB) - added by juanjo.bazan on 08/24/07 11:00:38.
code to solve the problem and tests included

Change History

08/19/07 18:11:21 changed by juanjo.bazan

Bug localized. Expect a patch soon ;)

08/19/07 18:31:42 changed by juanjo.bazan

  • summary changed from Create a model with a database field named 'open' - call 'to_xml' on that instance == crash to [PATCH] Field named 'open' in a model causes a crash when calling 'to_xml'.

When using send with some attributes names like 'open' or 'notify', it does not reach method_missing as expected. The patch avoids that situation in XmlBase (adding a prefix) and in xml_serializarion when initializing instances of the Attribute class(calling 'attributtebefore_type_cast' method instead of 'attributte' method directly)

08/24/07 11:00:38 changed by juanjo.bazan

  • attachment to_xml_attribute_names_conflict.diff added.

code to solve the problem and tests included

08/24/07 11:05:19 changed by juanjo.bazan

  • priority changed from normal to high.
  • severity changed from minor to major.

Same problem may cause other security problems as reported also in #8776.

11/29/07 21:36:19 changed by david.calavera

+1