aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2013-01-06 23:01:28 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2013-01-06 23:01:28 -0300
commit19b52d3f81080d8eacb78c94bd5957ef7c637d07 (patch)
tree511e980fdaf0dc7907eba740008d884ba48424e8
parentcc24eba5441d80b9e398eeee96c6f1f5647fa85b (diff)
downloadrails-19b52d3f81080d8eacb78c94bd5957ef7c637d07.tar.gz
rails-19b52d3f81080d8eacb78c94bd5957ef7c637d07.tar.bz2
rails-19b52d3f81080d8eacb78c94bd5957ef7c637d07.zip
Use whitelist to pass valid connection parameters to PGConn.
All the valids parameters for libpq are used. See http://www.postgresql.org/docs/9.1/static/libpq-connect.html for the full list Fixes #8784
-rw-r--r--activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb17
1 files changed, 10 insertions, 7 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index 8f7f12ab81..b1b0467379 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -17,22 +17,25 @@ require 'ipaddr'
module ActiveRecord
module ConnectionHandling
+ VALID_CONN_PARAMS = [:host, :hostaddr, :port, :dbname, :user, :password, :connect_timeout,
+ :client_encoding, :options, :application_name, :fallback_application_name,
+ :keepalives, :keepalives_idle, :keepalives_interval, :keepalives_count,
+ :tty, :sslmode, :requiressl, :sslcert, :sslkey, :sslrootcert, :sslcrl,
+ :requirepeer, :krbsrvname, :gsslib, :service]
+
# Establishes a connection to the database that's used by all Active Record objects
def postgresql_connection(config) # :nodoc:
conn_params = config.symbolize_keys
- # Forward any unused config params to PGconn.connect.
- [:statement_limit, :encoding, :min_messages, :schema_search_path,
- :schema_order, :adapter, :pool, :checkout_timeout, :template,
- :prepared_statements, :reaping_frequency, :insert_returning, :variables].each do |key|
- conn_params.delete key
- end
- conn_params.delete_if { |k,v| v.nil? }
+ conn_params.delete_if { |_, v| v.nil? }
# Map ActiveRecords param names to PGs.
conn_params[:user] = conn_params.delete(:username) if conn_params[:username]
conn_params[:dbname] = conn_params.delete(:database) if conn_params[:database]
+ # Forward only valid config params to PGconn.connect.
+ conn_params.keep_if { |k, _| VALID_CONN_PARAMS.include?(k) }
+
# The postgres drivers don't allow the creation of an unconnected PGconn object,
# so just pass a nil connection object for the time being.
ConnectionAdapters::PostgreSQLAdapter.new(nil, logger, conn_params, config)