1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Fix edge case with colons in times interpreted as bind variables by requiring that bind vars start with a letter. Closes #10519 [matrix9180]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8936 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
Jeremy Kemper 2008-02-27 23:05:59 +00:00
parent 33736bc18a
commit 8352287c72
2 changed files with 3 additions and 1 deletions

View file

@ -1924,7 +1924,7 @@ module ActiveRecord #:nodoc:
end end
def replace_named_bind_variables(statement, bind_vars) #:nodoc: def replace_named_bind_variables(statement, bind_vars) #:nodoc:
statement.gsub(/:(\w+)/) do statement.gsub(/:([a-zA-Z]\w*)/) do
match = $1.to_sym match = $1.to_sym
if bind_vars.include?(match) if bind_vars.include?(match)
quote_bound_value(bind_vars[match]) quote_bound_value(bind_vars[match])

View file

@ -340,6 +340,8 @@ class FinderTest < ActiveRecord::TestCase
assert_equal '1', bind(':a', :a => 1) # ' ruby-mode assert_equal '1', bind(':a', :a => 1) # ' ruby-mode
assert_equal '1 1', bind(':a :a', :a => 1) # ' ruby-mode assert_equal '1 1', bind(':a :a', :a => 1) # ' ruby-mode
assert_nothing_raised { bind("'+00:00'", :foo => "bar") }
assert_kind_of Firm, Company.find(:first, :conditions => ["name = :name", { :name => "37signals" }]) assert_kind_of Firm, Company.find(:first, :conditions => ["name = :name", { :name => "37signals" }])
assert_nil Company.find(:first, :conditions => ["name = :name", { :name => "37signals!" }]) assert_nil Company.find(:first, :conditions => ["name = :name", { :name => "37signals!" }])
assert_nil Company.find(:first, :conditions => ["name = :name", { :name => "37signals!' OR 1=1" }]) assert_nil Company.find(:first, :conditions => ["name = :name", { :name => "37signals!' OR 1=1" }])