module ActiveRecord::CVE20130276::Base
Public Instance Methods
remove_attributes_protected_from_mass_assignment(attributes)
click to toggle source
# File lib/rails-security-backports/rails-cve-backports/cve-2013-0276.rb, line 13 def remove_attributes_protected_from_mass_assignment(attributes) if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil? attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } elsif self.class.protected_attributes.nil? attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } elsif self.class.accessible_attributes.nil? attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) } end end