Removed Rails patch.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.4-stable@11154 e93f8b46-1217-0410-a6f0-8f06a7374b81
2013-01-09 15:18:37 +00:00 · 2013-01-09 15:18:37 +00:00 · 284ee1080b
parent 190fc8d9db
commit 284ee1080b
1 changed files with 0 additions and 37 deletions
--- a/config/initializers/10-patches.rb
+++ b/config/initializers/10-patches.rb
@ -115,40 +115,3 @@ module ActionController
    end
  end
 end
-
-# CVE-2012-2695
-# https://groups.google.com/group/rubyonrails-security/browse_thread/thread/9782f44c4540cf59
-module ActiveRecord
-  class Base
-    class << self
-      def sanitize_sql_hash_for_conditions(attrs, default_table_name = quoted_table_name, top_level = true)
-        attrs = expand_hash_conditions_for_aggregates(attrs)
-
-        conditions = attrs.map do |attr, value|
-          table_name = default_table_name
-
-          if not value.is_a?(Hash)
-            attr = attr.to_s
-
-            # Extract table name from qualified attribute names.
-            if attr.include?('.') and top_level
-              attr_table_name, attr = attr.split('.', 2)
-              attr_table_name = connection.quote_table_name(attr_table_name)
-            else
-              attr_table_name = table_name
-            end
-
-            attribute_condition("#{attr_table_name}.#{connection.quote_column_name(attr)}", value)
-          elsif top_level
-            sanitize_sql_hash_for_conditions(value, connection.quote_table_name(attr.to_s), false)
-          else
-            raise ActiveRecord::StatementInvalid
-          end
-        end.join(' AND ')
-
-        replace_bind_variables(conditions, expand_range_bind_variables(attrs.values))
-      end
-      alias_method :sanitize_sql_hash, :sanitize_sql_hash_for_conditions
-    end
-  end
-end