Working around CVE-2012-5664

2013-01-03 13:16:30 +01:00
parent 3f4ee12025
commit d5123e0eb3
3 changed files with 36 additions and 16 deletions
--- a/lib/cancan/controller_resource.rb
+++ b/lib/cancan/controller_resource.rb
@@ -129,7 +129,7 @@ module CanCan
        @params[@options[:id_param]]
      else
        @params[parent? ? :"#{name}_id" : :id]
-      end
+      end.to_s
    end

    def member_action?