mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Use whitelist to pass valid connection parameters to PGConn.
All the valids parameters for libpq are used. See http://www.postgresql.org/docs/9.1/static/libpq-connect.html for the full list Fixes #8784
This commit is contained in:
parent
cc24eba544
commit
19b52d3f81
1 changed files with 10 additions and 7 deletions
|
@ -17,22 +17,25 @@ require 'ipaddr'
|
||||||
|
|
||||||
module ActiveRecord
|
module ActiveRecord
|
||||||
module ConnectionHandling
|
module ConnectionHandling
|
||||||
|
VALID_CONN_PARAMS = [:host, :hostaddr, :port, :dbname, :user, :password, :connect_timeout,
|
||||||
|
:client_encoding, :options, :application_name, :fallback_application_name,
|
||||||
|
:keepalives, :keepalives_idle, :keepalives_interval, :keepalives_count,
|
||||||
|
:tty, :sslmode, :requiressl, :sslcert, :sslkey, :sslrootcert, :sslcrl,
|
||||||
|
:requirepeer, :krbsrvname, :gsslib, :service]
|
||||||
|
|
||||||
# Establishes a connection to the database that's used by all Active Record objects
|
# Establishes a connection to the database that's used by all Active Record objects
|
||||||
def postgresql_connection(config) # :nodoc:
|
def postgresql_connection(config) # :nodoc:
|
||||||
conn_params = config.symbolize_keys
|
conn_params = config.symbolize_keys
|
||||||
|
|
||||||
# Forward any unused config params to PGconn.connect.
|
conn_params.delete_if { |_, v| v.nil? }
|
||||||
[:statement_limit, :encoding, :min_messages, :schema_search_path,
|
|
||||||
:schema_order, :adapter, :pool, :checkout_timeout, :template,
|
|
||||||
:prepared_statements, :reaping_frequency, :insert_returning, :variables].each do |key|
|
|
||||||
conn_params.delete key
|
|
||||||
end
|
|
||||||
conn_params.delete_if { |k,v| v.nil? }
|
|
||||||
|
|
||||||
# Map ActiveRecords param names to PGs.
|
# Map ActiveRecords param names to PGs.
|
||||||
conn_params[:user] = conn_params.delete(:username) if conn_params[:username]
|
conn_params[:user] = conn_params.delete(:username) if conn_params[:username]
|
||||||
conn_params[:dbname] = conn_params.delete(:database) if conn_params[:database]
|
conn_params[:dbname] = conn_params.delete(:database) if conn_params[:database]
|
||||||
|
|
||||||
|
# Forward only valid config params to PGconn.connect.
|
||||||
|
conn_params.keep_if { |k, _| VALID_CONN_PARAMS.include?(k) }
|
||||||
|
|
||||||
# The postgres drivers don't allow the creation of an unconnected PGconn object,
|
# The postgres drivers don't allow the creation of an unconnected PGconn object,
|
||||||
# so just pass a nil connection object for the time being.
|
# so just pass a nil connection object for the time being.
|
||||||
ConnectionAdapters::PostgreSQLAdapter.new(nil, logger, conn_params, config)
|
ConnectionAdapters::PostgreSQLAdapter.new(nil, logger, conn_params, config)
|
||||||
|
|
Loading…
Reference in a new issue