kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge pull request #13008 from ktheory/sanitize_order

Browse source 
Support SQL sanitization in AR::QueryMethods#order
This commit is contained in:
Sean Griffin 2015-10-29 14:38:42 -06:00
commit 6a6dbb4c51
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
activerecord/lib/active_record/relation/query_methods.rb
View file

@ -1045,6 +1045,13 @@ module ActiveRecord
end end
def preprocess_order_args(order_args) def preprocess_order_args(order_args)
order_args.map! do |arg|
if arg.is_a?(Array) && arg.first.to_s.include?('?')
klass.send(:sanitize_sql, arg)
else
arg
end
end
order_args.flatten! order_args.flatten!
validate_order_args(order_args) validate_order_args(order_args)

5
activerecord/test/cases/relations_test.rb
View file

@ -297,6 +297,11 @@ class RelationTest < ActiveRecord::TestCase
assert_equal 3, tags.length assert_equal 3, tags.length
end end
def test_finding_with_sanitized_order
query = Tag.order(["field(id, ?)", [1,3,2]]).to_sql
assert_match(/field\(id, 1,3,2\)/, query)
end
def test_finding_with_order_limit_and_offset def test_finding_with_order_limit_and_offset
entrants = Entrant.order("id ASC").limit(2).offset(1) entrants = Entrant.order("id ASC").limit(2).offset(1)