mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #13008 from ktheory/sanitize_order
Support SQL sanitization in AR::QueryMethods#order
This commit is contained in:
commit
6a6dbb4c51
2 changed files with 12 additions and 0 deletions
|
@ -1045,6 +1045,13 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def preprocess_order_args(order_args)
|
||||
order_args.map! do |arg|
|
||||
if arg.is_a?(Array) && arg.first.to_s.include?('?')
|
||||
klass.send(:sanitize_sql, arg)
|
||||
else
|
||||
arg
|
||||
end
|
||||
end
|
||||
order_args.flatten!
|
||||
validate_order_args(order_args)
|
||||
|
||||
|
|
|
@ -297,6 +297,11 @@ class RelationTest < ActiveRecord::TestCase
|
|||
assert_equal 3, tags.length
|
||||
end
|
||||
|
||||
def test_finding_with_sanitized_order
|
||||
query = Tag.order(["field(id, ?)", [1,3,2]]).to_sql
|
||||
assert_match(/field\(id, 1,3,2\)/, query)
|
||||
end
|
||||
|
||||
def test_finding_with_order_limit_and_offset
|
||||
entrants = Entrant.order("id ASC").limit(2).offset(1)
|
||||
|
||||
|
|
Loading…
Reference in a new issue