Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
56fb3b15
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
56fb3b15
编写于
2月 09, 2011
作者:
K
Ken Collins
提交者:
Aaron Patterson
2月 09, 2011
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Allow limit values to accept an ARel SQL literal.
上级
c6b4ef08
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
15 addition
and
5 deletion
+15
-5
activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
...ecord/connection_adapters/abstract/database_statements.rb
+7
-3
activerecord/test/cases/base_test.rb
activerecord/test/cases/base_test.rb
+8
-2
未找到文件。
activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
浏览文件 @
56fb3b15
...
...
@@ -278,13 +278,17 @@ def limited_update_conditions(where_sql, quoted_table_name, quoted_primary_key)
# Sanitizes the given LIMIT parameter in order to prevent SQL injection.
#
# +limit+ may be anything that can evaluate to a string via #to_s. It
# should look like an integer, or a comma-delimited list of integers.
# The +limit+ may be anything that can evaluate to a string via #to_s. It
# should look like an integer, or a comma-delimited list of integers, or
# an Arel SQL literal.
#
# Returns Integer and Arel::Nodes::SqlLiteral limits as is.
# Returns the sanitized limit parameter, either as an integer, or as a
# string which contains a comma-delimited list of integers.
def
sanitize_limit
(
limit
)
if
limit
.
to_s
=~
/,/
if
limit
.
is_a?
(
Integer
)
||
limit
.
is_a?
(
Arel
::
Nodes
::
SqlLiteral
)
limit
elsif
limit
.
to_s
=~
/,/
Arel
.
sql
limit
.
to_s
.
split
(
','
).
map
{
|
i
|
Integer
(
i
)
}.
join
(
','
)
else
Integer
(
limit
)
...
...
activerecord/test/cases/base_test.rb
浏览文件 @
56fb3b15
...
...
@@ -59,7 +59,7 @@ def test_primary_key_with_no_id
assert_nil
Edge
.
primary_key
end
unless
current_adapter?
(
:PostgreSQLAdapter
)
||
current_adapter?
(
:Oracle
Adapter
)
unless
current_adapter?
(
:PostgreSQLAdapter
,
:OracleAdapter
,
:SQLServer
Adapter
)
def
test_limit_with_comma
assert_nothing_raised
do
Topic
.
limit
(
"1,2"
).
all
...
...
@@ -94,7 +94,13 @@ def test_limit_should_sanitize_sql_injection_for_limit_with_comas
Topic
.
limit
(
"1, 7 procedure help()"
).
all
end
end
unless
current_adapter?
(
:MysqlAdapter
)
def
test_limit_should_allow_sql_literal
assert_equal
1
,
Topic
.
limit
(
Arel
.
sql
(
'2-1'
)).
all
.
length
end
end
def
test_select_symbol
topic_ids
=
Topic
.
select
(
:id
).
map
(
&
:id
).
sort
assert_equal
Topic
.
find
(
:all
).
map
(
&
:id
).
sort
,
topic_ids
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录