Blame SOURCES/rubygem-activerecord-4.2.7.1-CVE-2016-6317-unsafe-query.patch

34ec44
diff --git a/activerecord/lib/active_record/relation/predicate_builder/array_handler.rb b/activerecord/lib/active_record/relation/predicate_builder/array_handler.rb
34ec44
index fb08326..d4e74eb 100644
34ec44
--- a/activerecord/lib/active_record/relation/predicate_builder/array_handler.rb
34ec44
+++ b/activerecord/lib/active_record/relation/predicate_builder/array_handler.rb
34ec44
@@ -14,7 +14,8 @@ def call(attribute, value)
34ec44
             it for 'IN' conditions.
34ec44
           MSG
34ec44
 
34ec44
-          values = values.flatten
34ec44
+          flat_values = values.flatten
34ec44
+          values = flat_values unless flat_values.include?(nil)
34ec44
         end
34ec44
 
34ec44
         return attribute.in([]) if values.empty? && nils.empty?