Add documentation for AbstractAdapter#sanitize_limit, and make its code more readable.

Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1068 status:committed]
2008-09-18 13:27:39 +02:00 · 2008-09-18 13:27:39 +02:00 · 28393e6e9c
parent aa4a7c3530
commit 28393e6e9c
1 changed files with 15 additions and 4 deletions
--- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
@ -120,10 +120,6 @@ module ActiveRecord
        sql
      end

-      def sanitize_limit(limit)
-        limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i
-      end
-
      # Appends a locking clause to an SQL statement.
      # This method *modifies* the +sql+ parameter.
      #   # SELECT * FROM suppliers FOR UPDATE
@ -185,6 +181,21 @@ module ActiveRecord
        def delete_sql(sql, name = nil)
          update_sql(sql, name)
        end
+
+        # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
+        #
+        # +limit+ may be anything that can evaluate to a string via #to_s. It
+        # should look like an integer, or a comma-delimited list of integers.
+        #
+        # Returns the sanitized limit parameter, either as an integer, or as a
+        # string which contains a comma-delimited list of integers.
+        def sanitize_limit(limit)
+          if limit.to_s =~ /,/
+            limit.to_s.split(',').map{ |i| i.to_i }.join(',')
+          else
+            limit.to_i
+          end
+        end
    end
  end
 end