mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #36350 from kamipo/fast_pluck
Allow symbol (i.e. quoted identifier) as safe SQL string
This commit is contained in:
commit
0a87d7c9dd
1 changed files with 5 additions and 3 deletions
|
@ -185,12 +185,14 @@ module ActiveRecord
|
|||
/ix
|
||||
|
||||
def disallow_raw_sql!(args, permit: COLUMN_NAME) # :nodoc:
|
||||
unexpected = args.reject do |arg|
|
||||
Arel.arel_node?(arg) ||
|
||||
unexpected = nil
|
||||
args.each do |arg|
|
||||
next if arg.is_a?(Symbol) || Arel.arel_node?(arg) ||
|
||||
arg.to_s.split(/\s*,\s*/).all? { |part| permit.match?(part) }
|
||||
(unexpected ||= []) << arg
|
||||
end
|
||||
|
||||
return if unexpected.none?
|
||||
return unless unexpected
|
||||
|
||||
if allow_unsafe_raw_sql == :deprecated
|
||||
ActiveSupport::Deprecation.warn(
|
||||
|
|
Loading…
Reference in a new issue