Serialized attribute values "Yes" or "No" get coerced into booleans
Reported by Andreas Korth | August 19th, 2008 @ 01:12 AM | in 2.x
When setting a serialized attribute to "Yes" or "No" will set the attribute to true or false, respectively.
Test case:
class Thing < ActiveRecord::Base
serialize :name, String
end
class ThingTest < ActiveSupport::TestCase
def test_name_serialization
thing = Thing.new
thing.name = "Yes"
assert thing.name == "Yes"
end
end
The test case will fail with: ActiveRecord::SerializationTypeMismatch: name was supposed to be a String, but was a TrueClass
I'd love to create a patch, but after digging through the code for a while, I still have no clue where things go wrong. Sorry.
Comments and changes to this ticket
-
Chris Barnett August 19th, 2008 @ 05:09 AM
- → Tag changed from “2.1 activerecord bug serialize” to “2.1 activerecord bug edge serialize”
I can confirm this test fails for both 2.1 and edge.
The reason it fails is that attribute serialization was not written to support serialization of Strings.
activerecord/lib/active_record/base.rb: (edge line 2769)
def object_from_yaml(string) return string unless string.is_a?(String) YAML::load(string) rescue string endDespite the name, this method is passed whatever you assign to a serialized attribute, in it's unserialized form. So in the test above, object_from_yaml("Yes") is called, which returns true because "Yes" is a String, and YAML::load translates "Yes" to true.
My guess would be that to fix this, somewhere further up the method call chain, there needs to be a decision to not try to unserialize values that haven't been serialized yet.
I can try to write a patch, but I'm a rails hacking n00b, and I'm not sure if it's really, really worth supporting the use case of serializing a String.
On the other hand, it might be worth fixing because the problem also affects serialization of String subclasses.
-
Andreas Korth August 19th, 2008 @ 09:54 AM
Thanks, Chris.
Now that I know where things go wrong, I can probably create a patch.
It might not make a whole lot of sense to serialize a String, but in my case the attribute value can be either a String, or an Array, or a Hash.
This is definitely a Rails bug, since YAML::load(YAML::dump("Yes")) == "Yes".
I'll work around this for now, hoping that someone from core will pick it up. If not, I'll schedule it as a task for our next iteration.
Thanks again for figuring this out.
-
Peter Wagenet August 23rd, 2008 @ 08:02 PM
I think I have a pretty simple fix for this. I'll post it as soon as I get a couple things sorted out.
-
Peter Wagenet August 23rd, 2008 @ 08:52 PM
- no changes were found...
-
Peter Wagenet August 23rd, 2008 @ 08:52 PM
- → Tag changed from “2.1 activerecord bug edge serialize” to “2.1 activerecord bug edge patch serialize tested”
Here we go.
-
-
Tarmo Tänav September 10th, 2008 @ 06:53 AM
For me the case is to have an answer attribute that can hold any type of value for dynamically built forms. So depending on the field type it may contain, a string, a datetime, an array of selected options, a ranking order... And this means that string too must be serialized for there to not be any unintended unserializings of certain string values.
-
Andreas Korth September 10th, 2008 @ 08:18 AM
My use case is the same as Tarmo's. Serializing a string alone doesn't make sense, but whenever the attribute value can be of variable type, the bug might hit you.
-
-
Repository October 27th, 2008 @ 04:17 PM
- → State changed from “new” to “committed”
(from [c94ba8150a726da4a894cd8325ee682a3286ec9f]) Fixed that serialized strings should never be type-casted (i.e. turning "Yes" to a boolean)(Andreas Korth) [#857 state:committed] http://github.com/rails/rails/co...
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Source available from github
Repository is at http://github.com/rails/rails
Check out the development master (Edge Rails):
git clone git://github.com/rails/rails.git
Creating or reviewing a patch
See the contributor guide.
Creating a feature request
Please don't. If you want a new feature in Rails, you'll have to pull up your sleeves and get busy yourself. Or convince someone else to do it. See the contributor guide on how to get going. But posting them here is just going to lead to ticket root.
Creating a bug report
When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.
Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.
Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too"..
