aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRyuta Kamizono <kamipo@gmail.com>2019-05-28 19:30:57 +0900
committerGitHub <noreply@github.com>2019-05-28 19:30:57 +0900
commit0a87d7c9ddb95cf7568baf889ff4091469ba9af4 (patch)
tree3d9735bbd00c1788de68c1449e756f16f6abf07c
parent93e640735e9363672b770b8d1c5a35f9e464f806 (diff)
parentbc837892e6b17ed9e8aa58c6de539af8fa4f1526 (diff)
downloadrails-0a87d7c9ddb95cf7568baf889ff4091469ba9af4.tar.gz
rails-0a87d7c9ddb95cf7568baf889ff4091469ba9af4.tar.bz2
rails-0a87d7c9ddb95cf7568baf889ff4091469ba9af4.zip
Merge pull request #36350 from kamipo/fast_pluck
Allow symbol (i.e. quoted identifier) as safe SQL string
Diffstat
-rw-r--r--activerecord/lib/active_record/attribute_methods.rb8
1 files changed, 5 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb
index 6e4f76aa73..fd32eaaf3a 100644
--- a/activerecord/lib/active_record/attribute_methods.rb
+++ b/activerecord/lib/active_record/attribute_methods.rb
@@ -185,12 +185,14 @@ module ActiveRecord
/ix
def disallow_raw_sql!(args, permit: COLUMN_NAME) # :nodoc:
- unexpected = args.reject do |arg|
- Arel.arel_node?(arg) ||
+ unexpected = nil
+ args.each do |arg|
+ next if arg.is_a?(Symbol) || Arel.arel_node?(arg) ||
arg.to_s.split(/\s*,\s*/).all? { |part| permit.match?(part) }
+ (unexpected ||= []) << arg
end
- return if unexpected.none?
+ return unless unexpected
if allow_unsafe_raw_sql == :deprecated
ActiveSupport::Deprecation.warn(
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 05:12:20 +0000