Description: Fixes unsafe query generation risk
Origin: upstream
Author: ckuerste@gmx.ch
Bug: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/c7jT-EeN9eI
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ruby-activerecord-3.2/+bug/1100188
--- a/lib/active_record/relation/predicate_builder.rb
+++ b/lib/active_record/relation/predicate_builder.rb
@@ -6,7 +6,12 @@
 
         if allow_table_name && value.is_a?(Hash)
           table = Arel::Table.new(column, engine)
-          build_from_hash(engine, value, table, false)
+          
+	  if value.empty?
+	    '1 = 2'
+	  else
+	    build_from_hash(engine, value, table, false)
+ 	  end
         else
           column = column.to_s
 
